Credential collection in an authentication server employing diverse authentication schemes
First Claim
1. An authentication server comprising:
- an access manager to receive an authentication request for a user seeking access to a resource, and to identify that a first authentication scheme is to be used for authenticating said user before allowing access to said resource,wherein said first authentication scheme specifies that all of a first set of credentials, and a second set of credentials and a third set of credentials are to be collected and checked for processing said authentication request; and
a custom module to send to said access manager a first command indicating said first set of credentials to be collected, wherein said custom module implements said first authentication scheme,said access manager, in response to receiving of said first command collecting said first set of credentials from said user, and checking, in combination with said custom module, whether said first set of credentials authenticates said user,said custom module to send to said access manager a second command after said checking, said second command indicating said second set of credentials to be collected,said access manager, in response to receiving of said second command, collecting said second set of credentials from said user and checking, in combination with said custom module, whether said second set of credentials authenticates said user,wherein said access manager is designed to perform said collecting and said checking in response to receiving only of a specific set of commands, wherein commands that are not included in said specific set are unknown commands, said specific set of commands including said first command and said second command,said custom module to send to said access manager a third command,said access manager to determine that said third command received from said custom module is not included in said specific set of commands and is accordingly an unknown command, wherein said access manager forwards unknown commands including said third command to a credential collection module and receives said third set of credentials from said credential collection module in response to forwarding said third command,wherein said access manager sends said third set of credentials to said custom module,wherein said authentication server operates to support unknown commands, including said third command, without having to modify a program logic of said access manager,wherein, in response to said first authentication scheme specifying that said first set of credentials, said second set of credentials, and said third set of credentials are to be collected and checked for processing said authentication request, said custom module sends said first command, said second command, and said third command, andsaid access manager, in combination with said custom module, collects and checks all of said first set of credentials, said second set of credentials, and said third set of credentials to process said authentication request.
1 Assignment
0 Petitions
Accused Products
Abstract
An aspect of the present invention facilitates flexible credential collection in an authentication server employing diverse authentication schemes. In an embodiment, an access manager in the authentication server determines that an authentication scheme is to be used for allowing access to a resource requested by a user. A custom module (implementing the authentication scheme) in the authentication server then sends to the access manager commands indicating corresponding sets of credentials to be collected. The access manager, in response to receiving each command, collects the corresponding credentials from the user and checks whether the collected credentials authenticates the user. The custom module sends each command after the checking of the previously collected credentials. Accordingly, a developer of the custom module is enabled to request for and to perform the authentication of the user based on different sets of credentials.
21 Citations
17 Claims
-
1. An authentication server comprising:
-
an access manager to receive an authentication request for a user seeking access to a resource, and to identify that a first authentication scheme is to be used for authenticating said user before allowing access to said resource, wherein said first authentication scheme specifies that all of a first set of credentials, and a second set of credentials and a third set of credentials are to be collected and checked for processing said authentication request; and a custom module to send to said access manager a first command indicating said first set of credentials to be collected, wherein said custom module implements said first authentication scheme, said access manager, in response to receiving of said first command collecting said first set of credentials from said user, and checking, in combination with said custom module, whether said first set of credentials authenticates said user, said custom module to send to said access manager a second command after said checking, said second command indicating said second set of credentials to be collected, said access manager, in response to receiving of said second command, collecting said second set of credentials from said user and checking, in combination with said custom module, whether said second set of credentials authenticates said user, wherein said access manager is designed to perform said collecting and said checking in response to receiving only of a specific set of commands, wherein commands that are not included in said specific set are unknown commands, said specific set of commands including said first command and said second command, said custom module to send to said access manager a third command, said access manager to determine that said third command received from said custom module is not included in said specific set of commands and is accordingly an unknown command, wherein said access manager forwards unknown commands including said third command to a credential collection module and receives said third set of credentials from said credential collection module in response to forwarding said third command, wherein said access manager sends said third set of credentials to said custom module, wherein said authentication server operates to support unknown commands, including said third command, without having to modify a program logic of said access manager, wherein, in response to said first authentication scheme specifying that said first set of credentials, said second set of credentials, and said third set of credentials are to be collected and checked for processing said authentication request, said custom module sends said first command, said second command, and said third command, and said access manager, in combination with said custom module, collects and checks all of said first set of credentials, said second set of credentials, and said third set of credentials to process said authentication request. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A non-transitory machine readable medium storing one or more sequences of instructions for causing an authentication server to authenticate users, said one of more sequences of instructions comprising:
-
a first set of instructions representing an access manager to receive an authentication request for a user seeking access to a resource, and to identify that a first authentication scheme is to be used for authenticating said user before allowing access to said resource, wherein said first authentication scheme specifies that all of a first set of credentials, a second set of credentials and a third set of credentials are to be collected and checked for processing said authentication request; and a second set of instructions representing a custom module implementing said first authentication scheme, said custom module to send to said access manager a first command and a second command, wherein said first command indicates that said first set of credentials is to be collected and said second command indicates that said second set of credentials is to be collected, said access manager, in response to receiving of said first command, to collect said first set of credentials from said user and to check, in combination with said custom module, whether said first set of credentials authenticates said user, said access manager, in response to receiving of said second command, to collect said second set of credentials from said user and to check, in combination with said custom module, whether said second set of credentials authenticates said user, wherein said custom module sends to said access manager said second command after said checking of said first set of credentials collected from said user, wherein said access manager is designed to perform said collecting and said checking in response to receiving only of a specific set of commands, wherein commands that are not included in said specific set are unknown commands, said specific set of commands including said first command and said second command, said custom module to send to said access manager a third command, said access manager to determine that said third command received from said custom module is not included in said specific set of commands and is accordingly an unknown command, wherein said access manager forwards unknown commands including said third command to a credential collection module and receives said third set of credentials from said credential collection module in response to forwarding said third command, wherein said access manager sends said third set of credentials to said custom module, wherein said authentication server operates to support unknown commands, including said third command, without having to modify a program logic of said access manager wherein, in response to said first authentication scheme specifying that said first set of credentials, said second set of credentials and said third set of credentials are to be collected and checked for processing said authentication request, said custom module sends said first command, said second command and said third command and said access manager collects and checks all of said first set of credentials, said second set of credentials and said third set of credentials to process said authentication request. - View Dependent Claims (8, 9, 10, 11)
-
-
12. A method of authenticating users, said method being performed by an access manager in an authentication server, said method comprising:
-
receiving an authentication request for a user seeking access to a resource; identifying a first authentication scheme to be used for authenticating said user before allowing access to said resource, wherein said first authentication scheme specifies that all of a first set of credentials, a second set of credentials and a third set of credentials are to be collected and checked for processing said authentication request; notifying a custom module implementing said first authentication scheme; receiving from said custom module, a first command indicating that said first set of credentials is to be collected; in response to said receiving of said first command, collecting said first set of credentials from said user and checking, in combination with said custom module, whether said first set of credentials authenticates said user; after said checking, receiving from said custom module, a second command indicating that said second set of credentials is to be collected; in response to said receiving of said second command, collecting said second set of credentials from said user and checking, in combination with said custom module, whether said second set of credentials authenticates said user, wherein said access manager is designed to perform said collecting and said checking in response to receiving only of a specific set of commands, wherein commands that are not included in said specific set are unknown commands, said specific set of commands including said first command and said second command; receiving from said custom module, a third command indicating that said third set of credentials is to be collected; determining that said third command is not contained in said specific set of commands and is accordingly an unknown command; forwarding unknown commands including said third command to a credential collection module, wherein said credential collection module is designed to collect said third set of credentials in response to said third command; and interfacing with said credential collection module for collecting said third set of credentials from said user and checking whether said third set of credentials authenticates said user by sending said third set of credentials to said custom module, wherein said authentication server operates to support unknown commands including said third command, without having to modify a program logic of said access manager, wherein, in response to said first authentication scheme specifying that said first set of credentials, said second set of credentials and said third set of credentials are to be collected and checked for processing said authentication request, said custom module sends said first command, said second command and said third command and said access manager collects and checks all of said first set of credentials, said second set of credentials and said third set of credentials to process said authentication request. - View Dependent Claims (13, 14, 15, 16, 17)
-
Specification