System and method for pass-through authentication
First Claim
1. A gateway device comprising a processor and a memory, the processor is configured to:
- receive a login operation request from an external endpoint, the login operation request including a user identifier and user login credentials of a user;
construct an authentication request including the user identifier and the user login credentials;
transmit the authentication request to an internal directory service;
receive an authentication response from the internal directory service, the authentication response including an authentication identifier for the user;
store the authentication identifier in the memory without transmitting the authentication identifier to the external endpoint; and
initiate a resource operation with an internal resource, the resource operation including the gateway device authenticating as the user using the authentication identifier, the gateway device resides in an internal network, the endpoint resides in an external network separated from the internal network such that the endpoint is restricted from performing the authentication request directly with the directory service.
1 Assignment
0 Petitions
Accused Products
Abstract
A gateway device comprising a processor and a memory, the processor is configured to receive a login operation request from an external endpoint, the login operation request including a user identifier and user login credentials of a user. The processor is also configured to construct an authentication request including the user identifier and the user login credentials and transmit the authentication request to an internal directory service. The processor is further configured to receive an authentication response from the internal directory service, the authentication response including an authentication identifier for the user, and store the authentication identifier in the memory, the authentication identifier for use by the processor in pass-through impersonation of the user.
105 Citations
17 Claims
-
1. A gateway device comprising a processor and a memory, the processor is configured to:
-
receive a login operation request from an external endpoint, the login operation request including a user identifier and user login credentials of a user; construct an authentication request including the user identifier and the user login credentials; transmit the authentication request to an internal directory service; receive an authentication response from the internal directory service, the authentication response including an authentication identifier for the user; store the authentication identifier in the memory without transmitting the authentication identifier to the external endpoint; and initiate a resource operation with an internal resource, the resource operation including the gateway device authenticating as the user using the authentication identifier, the gateway device resides in an internal network, the endpoint resides in an external network separated from the internal network such that the endpoint is restricted from performing the authentication request directly with the directory service. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for pass-through authentication, the method comprising:
-
receiving a login operation request from an external endpoint, the login operation request including a user identifier and user login credentials of a user; constructing an authentication request including the user identifier and the user login credentials; transmitting the authentication request to an internal directory service; receiving an authentication response from the internal directory service, the authentication response including an authentication identifier for the user; storing the authentication identifier in a memory without transmitting the authentication identifier to the external endpoint; and initiating a resource operation with an internal resource, the resource operation including a gateway device authenticating as the user using the authentication identifier, the method is performed by the gateway device residing in an internal network, wherein the endpoint resides in an external network separated from the internal network such that the endpoint is restricted from performing the authentication request directly with the directory service. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A non-transitory machine-readable storage medium storing a set of instructions that, when executed by at least one processor, causes the at least one processor to perform operations comprising:
-
receiving a login operation request from an external endpoint, the login operation request including a user identifier and user login credentials of a user; constructing an authentication request including the user identifier and the user login credentials; transmitting the authentication request to an internal directory service; receiving an authentication response from the internal directory service, the authentication response including an authentication identifier for the user; storing the authentication identifier in a memory without transmitting the authentication identifier to the external endpoint; and initiating a resource operation with an internal resource, the resource operation including a gateway device authenticating as the user using the authentication identifier, the at least one processor is a part of the gateway device residing in an internal network, wherein the endpoint resides in an external network separated from the internal network such that the endpoint is restricted from performing the authentication request directly with the directory service. - View Dependent Claims (14, 15, 16, 17)
-
Specification