Methods of authenticating users to a site
First Claim
1. A method for authenticating within a single sign-on federated authentication system, the method comprising:
- enrolling a user, including creating a record for the user, the record storing a user ID for the user and storing an association between a site identifier for a first server and a first authentication method, and storing a further association between a site identifier of a second server and each of a second authentication method and a third authentication method;
after enrolling the user, receiving, with the first server, a first claimant target for the user;
authenticating the user to the first server according to the first authentication method;
after authenticating the user to the first server, receiving with the first server from a second server an authentication request including the second site identifier and a second claimant target, wherein the first and second claimant targets each consist of one of the user ID, a username, or a biometric;
again authenticating the user according to a second authentication method including using the second claimant target to locate the record for the user, thenselecting the second authentication method from between the second and third a plurality of authentication methods associated with the second site identifier in the record for the user, thenauthenticating the user according to the selected second authentication method including receiving a response from the user; and
sending to the second server an indication of successful authentication.
5 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for user authentication within federated computing systems are provided. In a session, a user can be authenticated multiple times by different authentication methods for different servers of the federated system, however, once the user has been authenticated by any given authentication method, the user need not repeat that method. Systems of the present invention comprise a plurality of servers including an authentication server. The authentication server maintains authentication records for users, where each record includes which authentication methods apply to which servers. When a user first seeks access to a particular server, the server identifies the user and the server to the authentication server. If the user has already been authenticated elsewhere according to the authentication method required by the new server, the authentication server indicates to the new server that the user is authenticated, else the authentication server invokes the necessary authentication method.
-
Citations
8 Claims
-
1. A method for authenticating within a single sign-on federated authentication system, the method comprising:
-
enrolling a user, including creating a record for the user, the record storing a user ID for the user and storing an association between a site identifier for a first server and a first authentication method, and storing a further association between a site identifier of a second server and each of a second authentication method and a third authentication method; after enrolling the user, receiving, with the first server, a first claimant target for the user; authenticating the user to the first server according to the first authentication method; after authenticating the user to the first server, receiving with the first server from a second server an authentication request including the second site identifier and a second claimant target, wherein the first and second claimant targets each consist of one of the user ID, a username, or a biometric; again authenticating the user according to a second authentication method including using the second claimant target to locate the record for the user, then selecting the second authentication method from between the second and third a plurality of authentication methods associated with the second site identifier in the record for the user, then authenticating the user according to the selected second authentication method including receiving a response from the user; and sending to the second server an indication of successful authentication. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system for authenticating within a single sign-on federated authentication system, the system comprising:
-
an enrollment server configured to enroll a user, wherein enrolling the user includes creating a record for the user, and storing in the record a user ID for the user, and storing in the record an association between a site identifier for a first server and a first authentication method, and storing in the record a further association between a site identifier of a second server and each of a second authentication method and a third authentication method; a database, stored on a non-transitory storage medium, the database including the record for the user; an authentication server configured to; after enrolling the user, receive a first claimant target for the user, authenticate the user according to the first authentication method, after authenticating the user to the authentication server, receive an authentication request including the second site identifier and a second claimant target, wherein the first and second claimant targets each consist of one of the user ID, a username, or a biometric, authenticate the user again according to a second authentication method including using the second claimant target to locate the record for the user in the database, then selecting the second authentication method from between the second and third a plurality of authentication methods associated with the second site identifier in the record, then authenticating the user according to the selected second authentication method, including receiving a response from the user; and
a relying party server in communication with the authentication server across a network, the relying party server configured to send the authentication request to the authentication server and to receive an indication of authentication from the authentication server.- View Dependent Claims (7, 8)
-
Specification