System, method and program for user authentication, and recording medium on which the program is recorded
First Claim
1. A method for authenticating a user, comprising:
- a first server of a plurality of servers generating an authentication policy table, said generating the authentication policy table comprising (i) inserting into the authentication policy table an authentication policy of each server and a server address of each server and (ii) setting a relative priority of each server in the authentication policy table of the first server in order of decreasing number of users registered in an authentication system of each server, wherein the authentication policy of each server is at least one rule of each server for authenticating users of a federated computing environment that comprises the plurality of servers, and wherein each rule for each server specifies a format to which input user authentication information subsequently received from the user must conform;
said first server storing the generated authentication policy table within the first server;
after said generating and storing the authentication policy table, said first server receiving an access request from the user to access the federated computing environment;
after said receiving the access request, said first server receiving the input authentication information from the user;
said first server ascertaining that the received input authentication information conforms to the format specified in the at least one rule, in the authentication policy table of the first server, of the authentication policy of a second server of the plurality of servers;
after said ascertaining, said first server obtaining from the authentication policy table of the first server the server address of the second server;
said first server transmitting the input authentication information to the second server via the obtained server address of the second server;
after said transmitting the input authentication information to the second server, said first server receiving from the second server a notification that the second server has successfully authorized the user; and
after said receiving the notification that the second server has successfully authorized the user, said first server permitting the user to access the federated computing environment.
1 Assignment
0 Petitions
Accused Products
Abstract
A method, and system, and computer program product for authenticating a user. A first server of a plurality of servers receives an access request from the user to access a federated computing environment that comprises multiple servers. After receiving the access request, the first server: receives input authentication information from the user, obtains a server address of a second server having an authentication policy that matches an authentication policy of the first server, transmits the input authentication information to the second server via the server address of the second server, receives from the second server a notification that the second server has successfully authorized the user, and permits the user to access the federated computing environment.
36 Citations
17 Claims
-
1. A method for authenticating a user, comprising:
-
a first server of a plurality of servers generating an authentication policy table, said generating the authentication policy table comprising (i) inserting into the authentication policy table an authentication policy of each server and a server address of each server and (ii) setting a relative priority of each server in the authentication policy table of the first server in order of decreasing number of users registered in an authentication system of each server, wherein the authentication policy of each server is at least one rule of each server for authenticating users of a federated computing environment that comprises the plurality of servers, and wherein each rule for each server specifies a format to which input user authentication information subsequently received from the user must conform; said first server storing the generated authentication policy table within the first server; after said generating and storing the authentication policy table, said first server receiving an access request from the user to access the federated computing environment; after said receiving the access request, said first server receiving the input authentication information from the user; said first server ascertaining that the received input authentication information conforms to the format specified in the at least one rule, in the authentication policy table of the first server, of the authentication policy of a second server of the plurality of servers; after said ascertaining, said first server obtaining from the authentication policy table of the first server the server address of the second server; said first server transmitting the input authentication information to the second server via the obtained server address of the second server; after said transmitting the input authentication information to the second server, said first server receiving from the second server a notification that the second server has successfully authorized the user; and after said receiving the notification that the second server has successfully authorized the user, said first server permitting the user to access the federated computing environment. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer system comprising a processor, a storage device coupled to the processor, and a computer readable memory unit coupled to the processor, said storage device containing program code configured to be executed by the processor via the memory unit to implement a method for authenticating a user, said method comprising:
-
a first server of a plurality of servers generating an authentication policy table, said generating the authentication policy table comprising (i) inserting into the authentication policy table an authentication policy of each server and a server address of each server and (ii) setting a relative priority of each server in the authentication policy table of the first server in order of decreasing number of users registered in an authentication system of each server, wherein the authentication policy of each server is at least one rule of each server for authenticating users of a federated computing environment that comprises the plurality of servers, and wherein each rule for each server specifies a format to which input user authentication information subsequently received from the user must conform; said first server storing the generated authentication policy table within the first server; after said generating and storing the authentication policy table, said first server receiving an access request from the user to access the federated computing environment; after said receiving the access request, said first server receiving the input authentication information from the user; said first server ascertaining that the received input authentication information conforms to the format specified in the at least one rule, in the authentication policy table of the first server, of the authentication policy of a second server of the plurality of servers; after said ascertaining, said first server obtaining from the authentication policy table of the first server the server address of the second server; said first server transmitting the input authentication information to the second server via the obtained server address of the second server; after said transmitting the input authentication information to the second server, said first server receiving from the second server a notification that the second server has successfully authorized the user; and after said receiving the notification that the second server has successfully authorized the user, said first server permitting the user to access the federated computing environment. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A computer program product, comprising a computer readable storage device having program code stored therein, said program code configured to be executed by a computer processor to perform a method for authenticating a user, said method comprising:
-
a first server of a plurality of servers generating an authentication policy table, said generating the authentication policy table comprising inserting (i) into the authentication policy table an authentication policy of each server and a server address of each server and (ii) setting a relative priority of each server in the authentication policy table of the first server in order of decreasing number of users registered in an authentication system of each server, wherein the authentication policy of each server is at least one rule of each server for authenticating users of a federated computing environment that comprises the plurality of servers, and wherein each rule for each server specifies a format to which input user authentication information subsequently received from the user must conform; said first server storing the generated authentication policy table within the first server; after said generating and storing the authentication policy table, said first server receiving an access request from the user to access the federated computing environment; after said receiving the access request, said first server receiving the input authentication information from the user; said first server ascertaining that the received input authentication information conforms to the format specified in the at least one rule, in the authentication policy table of the first server, of the authentication policy of a second server of the plurality of servers; after said ascertaining, said first server obtaining from the authentication policy table of the first server the server address of the second server; said first server transmitting the input authentication information to the second server via the obtained server address of the second server; after said transmitting the input authentication information to the second server, said first server receiving from the second server a notification that the second server has successfully authorized the user; and after said receiving the notification that the second server has successfully authorized the user, said first server permitting the user to access the federated computing environment. - View Dependent Claims (14, 15, 16, 17)
-
Specification