System and method for proxying federated authentication protocols
First Claim
Patent Images
1. A method comprising:
- receiving a service provider identity request through a federated authentication protocol, which comprises emulating an identity provider in a first instance of a federated authentication protocol;
transmitting a proxy identity request to a configured identity provider;
receiving an identity assertion, wherein transmitting a proxy identity request to the configured identity provider and receiving an identity assertion comprises emulating a service provider in a second instance of a federated authentication protocol when transmitting to and receiving from the identity provider;
facilitating execution of a second layer of authentication;
determining a proxy identity assertion based on the identity assertion and the second layer of authentication; and
transmitting the proxy identity assertion to the service provider.
3 Assignments
0 Petitions
Accused Products
Abstract
A system and method that include receiving a service provider identity request through a federated authentication protocol; transmitting a proxy identity request to a configured identity provider; receiving an identity assertion; facilitating execution of a second layer of authentication; determining a proxy identity assertion based on the identity assertion and the second layer of authentication; and transmitting the proxy identity assertion to the service provider.
-
Citations
25 Claims
-
1. A method comprising:
-
receiving a service provider identity request through a federated authentication protocol, which comprises emulating an identity provider in a first instance of a federated authentication protocol; transmitting a proxy identity request to a configured identity provider; receiving an identity assertion, wherein transmitting a proxy identity request to the configured identity provider and receiving an identity assertion comprises emulating a service provider in a second instance of a federated authentication protocol when transmitting to and receiving from the identity provider; facilitating execution of a second layer of authentication; determining a proxy identity assertion based on the identity assertion and the second layer of authentication; and transmitting the proxy identity assertion to the service provider. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 16)
-
-
10. A method comprising:
-
receiving a service provider identity request through a federated authentication protocol; transmitting a proxy identity request to a configured identity provider; receiving an identity assertion; facilitating execution of a second layer of authentication; determining a proxy identity assertion based on the identity assertion and the second layer of authentication; transmitting the proxy identity assertion to the service provider; and wherein receiving a service provider identity request through a federated authentication protocol, transmitting a proxy identity request to a configured identity provider, receiving an identity assertion, and facilitating execution of a second layer of authentication are performed at a proxy server of a of a multi-tenant service of second layer authentication service. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
17. A method for single sign-on comprising:
-
in association with a managing account instance, configuring a first instance of a federated authentication protocol and a second instance of a federated authentication protocol; receiving an identity assertion of an identity provider through the first federated identity protocol; facilitating execution of a second layer of authentication; transmitting a proxy identity assertion to a service provider through the second instance of a federated authentication protocol comprising emulating an identity provider in the second instance of a federated authentication protocol, which comprises, prior to transmitting the proxy identity assertion selecting the second instance according to an identifier of the managing account from the first instance. - View Dependent Claims (18, 19, 20)
-
-
21. A system comprising:
a federated authentication proxy server that comprises; an identity provider interface that emulates an identity provider in a first instance of a federated authentication protocol with a service provider, a service provider emulator that emulates a service provider in a second instance of a federated authentication protocol during communication of a proxy identity request with an identity provider, a second layer authentication engine, and an account system with stored configuration of at least one managing account that includes configuration of a first instance of a federated authentication protocol with the identity provider interface, a second instance of a federated authentication protocol with the service provider emulator; and
second layer of authentication settings of at least one identity associated with the managing account.- View Dependent Claims (22, 23, 24, 25)
Specification