Systems and methods for policy based triggering of client-authentication at directory level granularity
First Claim
1. A method for an appliance to authenticate access of a client to a protected resource on a server via the appliance, the method comprising the steps of:
- (a) receiving, by an appliance, a client request to access a protected directory of a server, the appliance providing access to the server via a transport layer connection;
(b) determining, by the appliance, that the protected directory matches a predetermined directory specified in a client authentication policy of the appliance, the client authentication policy applied on a per-directory and per-request basis and identifying an action for the appliance to request a client authentication certificate from the client responsive to matching the predetermined directory;
(c) queuing, by the appliance in response to matching the predetermined directory, the client request to prevent access to the protected resource at the server via the transport layer connection until an authentication certificate of the client is validated in accordance with the client authentication policy; and
(d) transmitting, by the appliance in response to the action identified by the client authentication policy, a request to the client for the authentication certificate.
7 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods are disclosed for an appliance to authenticate access of a client to a protected directory on a server via a connection, such as a secure SSL connection, established by the appliance. A method comprises the steps of: receiving, by an appliance, a first request from a client on a first network to access a server on a second network, the appliance providing the client a virtual private network connection from the first network to the second network; determining, by the appliance, the first request comprises access to a protected directory of the server; associating, by the appliance, an authentication policy with the protected directory, the authentication policy specifying an action to authenticate the client'"'"'s access to the protected directory; and transmitting, by the appliance in response to the authentication policy, a second request to the client for an authentication certificate. Corresponding systems are also disclosed.
29 Citations
25 Claims
-
1. A method for an appliance to authenticate access of a client to a protected resource on a server via the appliance, the method comprising the steps of:
-
(a) receiving, by an appliance, a client request to access a protected directory of a server, the appliance providing access to the server via a transport layer connection; (b) determining, by the appliance, that the protected directory matches a predetermined directory specified in a client authentication policy of the appliance, the client authentication policy applied on a per-directory and per-request basis and identifying an action for the appliance to request a client authentication certificate from the client responsive to matching the predetermined directory; (c) queuing, by the appliance in response to matching the predetermined directory, the client request to prevent access to the protected resource at the server via the transport layer connection until an authentication certificate of the client is validated in accordance with the client authentication policy; and (d) transmitting, by the appliance in response to the action identified by the client authentication policy, a request to the client for the authentication certificate. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. An appliance for providing finer control for authenticating access of a client to a protected resource on a server, the appliance comprising:
-
means for receiving a client request to access a protected directory of a server, the appliance providing access to the server via a transport layer connection; means for determining that the protected directory matches a predetermined directory specified in of a client authentication policy of the appliance, the client authentication policy applied on a per-directory and per-request basis and identifying an action for the appliance to request a client authentication certificate from the client responsive to matching the predetermined directory; means for queuing in response to matching the predetermined director, the client request to prevent access to the protected resource at the server via the transport layer connection until an authentication certificate of the client is validated in accordance with the client authentication policy; and means for transmitting, in response to the action identified by the client authentication policy, a request to the client for the authentication certificate. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A method for an appliance to control access of a client to a protected directory on a server via the appliance, the method comprising:
-
(a) receiving, by an appliance, a request from a client to access a first protected directory of a server via the appliance; (b) determining, by the appliance, that the first protected directory matches a predetermined directory specified in a client authentication policy of the appliance; (c) determining, by the appliance, based on the first protected directory matching the predetermined directory specified in the client authentication policy, that the client authentication policy identifies an action for the appliance to request the authentication certificate from the client; (d) transmitting, by the appliance in response to the action identified by the client authentication policy, a request to the client for the authentication certificate; (e) receiving, by an appliance, a request from a client to access a second protected directory of the server via the appliance; and (f) determining, by the appliance, that the second protected directory is not specified in the client authentication policy of the appliance, and that a request for the authentication certificate is not required by the client authentication policy.
-
Specification