Please download the dossier by clicking on the dossier button x
×

Home realm discovery in mixed-mode federated realms

  • US 8,978,115 B2
  • Filed: 11/15/2013
  • Issued: 03/10/2015
  • Est. Priority Date: 11/09/2011
  • Status: Active Grant
First Claim
Patent Images

1. A computer program product comprising one or more hardware storage devices having thereon computer-executable instructions that are structured such that, when executed by one or more processors of a computing system, cause the computer system to perform a method for authenticating identities within a mixed realm in which some identities are authenticated using direct authentication, and some identities are authenticated using federated authentication, the method comprising acts of:

  • receiving at a service a request to access one or more services provided by the service, the request issuing from an identity within a mixed authentication realm that includes one or both of direct authentication identities and federated authentication identities;

    determining whether the identity that issued the request is a direct authentication identity or a federated authentication identity;

    upon determining the identity that issued the request is a direct authentication identity, then the service responding to the request for service with a direct authentication interface enabling entry of a direct authentication credential at the service for the identity that issued the request;

    upon determining the identity that issued the request is determined to be a federated authentication identity, then the service responding to the request for service with a federated authentication interface, the federated authentication interface providing a redirection instruction to authenticate with a third party identity provider in order to receive authentication credentials for use at the service;

    when the identity is determined to be invalid, then performing further acts of;

    pseudo-randomly choosing either the direct authentication interface or the federated authentication interface; and

    responding to the request for service with the pseudo-randomly chosen direct authentication interface or federated authentication interface, the pseudo-randomly chosen direct authentication interface or federated authentication interface enabling entry of a credential for the identity.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×