Authentication of a principal in a federation
First Claim
1. A method of authentication of a principal in a federation, the method implemented by an identity provider, the identity provider comprising a module of automated computing machinery that includes a computer processor and a computer memory operatively coupled to the computer processor, the method comprising:
- receiving, at the identity provider, an authentication request specifying a service provider'"'"'s authentication policy, the authentication request having been generated at the service provider in response to receipt at the service provider of a request of the principal for access to a resource of the service provider and a determination by the service provider that an authentication credential of the request does not satisfy the service provider'"'"'s authentication policy;
authenticating the principal by the identity provider according to the service provider'"'"'s authentication policy;
recording in session data of the identity provider an authentication credential satisfying the service provider'"'"'s authentication policy; and
sending an authentication response from the identity provider to the service provider, the authentication response including the authentication credential satisfying the service provider'"'"'s authentication policy, the authentication credential adapted to be recordable in session data of the service provider.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods, systems, and computer program products are disclosed that give entities flexibility to implement custom authentication methods of other entities for authentication of a principal in a federation by authenticating the principal by an identity provider according to a service provider'"'"'s authentication policy and recording in session data of the identity provider an authentication credential satisfying the service provider'"'"'s authentication policy. Authentication of a principal in a federation is also carried out by authenticating the principal by the identity provider according to an identity provider'"'"'s authentication policy. Authentication of a principal in a federation is further carried out by receiving in the identity provider an authentication request from the service provider, the authentication request specifying the service provider'"'"'s authentication policy.
24 Citations
12 Claims
-
1. A method of authentication of a principal in a federation, the method implemented by an identity provider, the identity provider comprising a module of automated computing machinery that includes a computer processor and a computer memory operatively coupled to the computer processor, the method comprising:
-
receiving, at the identity provider, an authentication request specifying a service provider'"'"'s authentication policy, the authentication request having been generated at the service provider in response to receipt at the service provider of a request of the principal for access to a resource of the service provider and a determination by the service provider that an authentication credential of the request does not satisfy the service provider'"'"'s authentication policy; authenticating the principal by the identity provider according to the service provider'"'"'s authentication policy; recording in session data of the identity provider an authentication credential satisfying the service provider'"'"'s authentication policy; and sending an authentication response from the identity provider to the service provider, the authentication response including the authentication credential satisfying the service provider'"'"'s authentication policy, the authentication credential adapted to be recordable in session data of the service provider. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system for authentication of a principal in a federation, the system comprising an identity provider including a computer processor and a computer memory operatively coupled to the computer processor, the computer memory having disposed within it computer program instructions capable of:
-
receiving, at the identity provider, an authentication request specifying a service provider'"'"'s authentication policy, the authentication request having been generated at the service provider in response to receipt at the service provider of a request of the principal for access to a resource of the service provider and a determination by the service provider that an authentication credential of the request does not satisfy the service provider'"'"'s authentication policy; authenticating the principal by the identity provider according to the service provider'"'"'s authentication policy; recording in session data of the identity provider an authentication credential satisfying the service provider'"'"'s authentication policy; and sending an authentication response from the identity provider to the service provider, the authentication response including the authentication credential satisfying the service provider'"'"'s authentication policy, the authentication credential adapted to be recordable in session data of the service provider. - View Dependent Claims (7)
-
-
8. A computer program product for authentication of a principal in a federation, the computer program product including computer program instructions disposed upon a non-transitory computer readable storage medium, the computer program instructions, when executed in an identity provider, capable of:
-
receiving, at the identity provider, an authentication request specifying a service provider'"'"'s authentication policy, the authentication request having been generated at the service provider in response to receipt at the service provider of a request of the principal for access to a resource of the service provider and a determination by the service provider that an authentication credential of the request does not satisfy the service provider'"'"'s authentication policy; authenticating the principal by the identity provider according to the service provider'"'"'s authentication policy; recording in session data of the identity provider an authentication credential satisfying the service provider'"'"'s authentication policy; and sending an authentication response from the identity provider to the service provider, the authentication response including the authentication credential satisfying the service provider'"'"'s authentication policy, the authentication credential adapted to be recordable in session data of the service provider. - View Dependent Claims (9, 10, 11, 12)
-
Specification