Multiple authentication support in a shared environment
First Claim
1. A method for authentication of customers, the method comprising the steps of:
- receiving an identity of a new user, and determining, by one or more processors, whether the new user will be a member of a Lightweight Directory Access Protocol (LDAP) security group with authentication by an LDAP authentication server, or a native security group with authentication by a native authentication server, each member of native authentication group having a privilege not provided to the LDAP security group and that the new user is a member of the LDAP security group with authentication by the LDAP authentication server;
receiving an address for a second LDAP authentication server having authentication data for a user other than the new user and adding the LDAP authentication server to the second LDAP authentication server to form a LDAP chain having the URL addressing the LDAP authentication server and an URL addressing the second LDAP authentication server; and
the new user selecting, via the LDAP chain, the URL addressing the LDAP authentication server to successively attempt logins;
if the new user will be a member of the LDAP security group, adding a user ID for the new user to the LDAP security group so that the new user will be authenticated by the LDAP authentication server, and sending to the new user a Uniform Resource Locator (URL) addressing the LDAP authentication server; and
if the new user will be a member of the native security group, adding a user ID for the new user to the native security group so the new user will be authenticated by the native authentication server, and sending to the new user a URL addressing the native authentication server.
1 Assignment
0 Petitions
Accused Products
Abstract
An authentication configurator may define a LDAP security group for LDAP authentication, wherein the LDAP security group is associated with rights. It may define a native security group for native authentication users, wherein the native authentication group has at least one right not present in the LDAP security group, and define customer-specified LDAP chains. It may configure an LDAP authentication web application and a native authentication web application, wherein the LDAP authentication web application and the native authentication web application each connect to a service management database, and the LDAP authentication web application uses the customer-specified LDAP chains. A first Uniform Resource Locator (URL) for LDAP authentication to access the LDAP authentication web application and a second URL for native authentication to access the native authentication web application may also be configured. It may assess the authentication requirements of a customer and create a user identifier, responsive to assessing.
35 Citations
4 Claims
-
1. A method for authentication of customers, the method comprising the steps of:
-
receiving an identity of a new user, and determining, by one or more processors, whether the new user will be a member of a Lightweight Directory Access Protocol (LDAP) security group with authentication by an LDAP authentication server, or a native security group with authentication by a native authentication server, each member of native authentication group having a privilege not provided to the LDAP security group and that the new user is a member of the LDAP security group with authentication by the LDAP authentication server; receiving an address for a second LDAP authentication server having authentication data for a user other than the new user and adding the LDAP authentication server to the second LDAP authentication server to form a LDAP chain having the URL addressing the LDAP authentication server and an URL addressing the second LDAP authentication server; and the new user selecting, via the LDAP chain, the URL addressing the LDAP authentication server to successively attempt logins; if the new user will be a member of the LDAP security group, adding a user ID for the new user to the LDAP security group so that the new user will be authenticated by the LDAP authentication server, and sending to the new user a Uniform Resource Locator (URL) addressing the LDAP authentication server; and if the new user will be a member of the native security group, adding a user ID for the new user to the native security group so the new user will be authenticated by the native authentication server, and sending to the new user a URL addressing the native authentication server. - View Dependent Claims (2, 3, 4)
-
Specification
-
- Resources
-
Current AssigneeInternational Business Machines Corporation
-
Original AssigneeInternational Business Machines Corporation
-
InventorsKuritzky, Matt R., Morgan, Fabian F., Schlosser, Sandra J., White Eagle, Sarah V.
-
Primary Examiner(s)WON, MICHAEL YOUNG
-
Application NumberUS13/941,852Publication NumberTime in Patent Office722 DaysField of Search709/225, 709/229US Class Current1/1CPC Class CodesH04L 63/08 for authentication of entit...H04L 63/083 using passwords cryptograph...H04L 63/168 above the transport layer
