Apparatus, systems and methods to provide authentication services to a legacy application
First Claim
1. A system to provide authentication services to legacy applications, the system comprising:
- one or more legacy applications executing on an application server and configured to authenticate a user based on one or more user credentials received from a client using a legacy authentication protocol, wherein the one or more legacy applications are not configured to authenticate using a Kerberos authentication protocol;
an authentication proxy module executing on a computing device and configured to receive legacy authentication credentials from the one or more legacy applications corresponding to the legacy authentication protocol, wherein the legacy authentication credentials are associated with the one or more user credentials; and
a credential binding module in communication with the authentication proxy module and configured to associate the legacy authentication credentials with a cached Kerberos credential,and wherein the authentication proxy module is further configured to;
(i) authenticate the user corresponding to the legacy authentication credentials using a Kerberos authentication protocol by invoking a Kerberos authentication request to a Kerberos server, and (ii) use the cached Kerberos credential received from the credential binding module to authenticate the user when the Kerberos server is temporarily unavailable.
25 Assignments
0 Petitions
Reexamination
Accused Products
Abstract
Authentication credentials from legacy applications are translated to Kerberos authentication requests. Authentication credentials from the legacy application are directed to an authentication proxy module. The authentication proxy module acts as a credential translator for the application by receiving a set of credentials such as a user name and password, then managing the process of authenticating to a Kerberos server and obtaining services from one or more Kerberized applications, including Kerberos session encryption. A credential binding module associates a user corresponding to authentication credentials from a legacy authentication protocol with one or more Kerberos credentials. Anonymous authentication credentials may be translated to authentication requests for a network directory services object, such as a computer object or service object.
-
Citations
24 Claims
-
1. A system to provide authentication services to legacy applications, the system comprising:
-
one or more legacy applications executing on an application server and configured to authenticate a user based on one or more user credentials received from a client using a legacy authentication protocol, wherein the one or more legacy applications are not configured to authenticate using a Kerberos authentication protocol; an authentication proxy module executing on a computing device and configured to receive legacy authentication credentials from the one or more legacy applications corresponding to the legacy authentication protocol, wherein the legacy authentication credentials are associated with the one or more user credentials; and a credential binding module in communication with the authentication proxy module and configured to associate the legacy authentication credentials with a cached Kerberos credential, and wherein the authentication proxy module is further configured to;
(i) authenticate the user corresponding to the legacy authentication credentials using a Kerberos authentication protocol by invoking a Kerberos authentication request to a Kerberos server, and (ii) use the cached Kerberos credential received from the credential binding module to authenticate the user when the Kerberos server is temporarily unavailable. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An apparatus to provide authentication services to legacy applications, the apparatus comprising:
-
an authentication proxy module executing on a computing device and configured to receive from one or more legacy applications executing on an application server legacy authentication credentials corresponding to a legacy authentication protocol, wherein the one or more legacy applications are not configured to use a Kerberos authentication protocol to authenticate a user; and a credential binding module in communication with the authentication proxy module and configured to associate the legacy authentication credentials with a Kerberos credential, and wherein the authentication proxy module is further configured to;
(i) authenticate a user corresponding to the legacy authentication credentials using a Kerberos authentication protocol by invoking a Kerberos authentication request to a Kerberos server, and (ii) use the Kerberos credential received from the credential binding module to authenticate the user when the Kerberos server is temporarily unavailable. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A method of providing authentication services to legacy applications, the method comprising:
-
directing from one or more legacy applications executing on an application server legacy authentication credentials corresponding to a legacy authentication protocol to a local authentication process executing on a computing device, wherein the one or more legacy applications are not configured to use a Kerberos authentication protocol to authenticate a user; receiving the legacy authentication credentials with the local authentication process; associating with a binding module the legacy authentication credentials with a Kerberos credential; and with the local authorization process;
(i) when a Kerberos server coupled to the computing device is available, authenticating a user corresponding to the legacy authentication credentials using a Kerberos authentication protocol in response to receiving the authentication credentials by invoking a Kerberos authentication request to the Kerberos server, and (ii) using the Kerberos credential received from the binding module to authenticate the user when the Kerberos server is unavailable. - View Dependent Claims (17, 18, 19, 20, 21, 22)
-
-
23. A computer readable storage medium comprising computer readable program code configured to execute on a processor to carry out a method to providing authentication services to legacy applications, the method comprising:
-
directing from one or more legacy applications on an application server legacy authentication credentials corresponding to a legacy authentication protocol to a local authentication process executing on a computing device, wherein the one or more legacy applications are not configured to use a Kerberos authentication protocol to authenticate a user; receiving the legacy authentication credentials with the local authentication process; associating with a binding module the legacy authentication credentials with a Kerberos credential; and with the local authorization process;
(i) when a Kerberos server coupled to the computing device is available, authenticating a user corresponding to the legacy authentication credentials using a Kerberos authentication protocol in response to receiving the authentication credentials by invoking a Kerberos authentication request to the Kerberos server, and (ii) using the Kerberos credential received from the binding module to authenticate the user when the Kerberos server is unavailable. - View Dependent Claims (24)
-
Specification