Controlled access
First Claim
1. A method for controlling user access to a protected resource, in which the method comprises:
- receiving, from an untrusted application, an access request for a user to a protected resource at a resource server;
determining whether the access request lacks an indicating that the user is authorized to access the protected resource;
sending, upon determination that the access request lacks the indication that the user is authorized to access the protected resource, a command, from the resource server to the application, for opening a client browser;
intercepting a request from the client browser directed to an authorization server;
requesting user credentials from the client browser;
processing user credentials received from the client browser to authenticate the user;
redirecting the client browser to the authorization server configured to issue a token credential for indicating authorization of the user to obtain a token for indicating to the resource server authorization of the user to access the protected resource;
intercepting an authorization request from the browser to the authorization server configured to issue a token credential, andinserting into the authorization request an HTTP header variable indicating the authentication status of the user;
wherein the token credential allows access, by the application, to the token from the authorization server.
1 Assignment
0 Petitions
Accused Products
Abstract
User access to a protected resource is controlled by: intercepting a request from a client browser (80) directed to a server (50); requesting user credentials from the client browser (80); processing user credentials received from the client browser (80) to authenticate the user (20); redirecting the client browser (80) to an authorization server (70) configured to issue a token credential; intercepting an authorization request from the browser (80) to the authorization server (70), and inserting into the authorization request an HTTP header variable indicating the authentication status of the user (20). The authorization server (70) is arranged to issue a token credential, which may be used by the user (20) to obtain a token for indicating to a server (50) hosting the protected resource authorization of the user (20) to access the protected resource.
16 Citations
12 Claims
-
1. A method for controlling user access to a protected resource, in which the method comprises:
-
receiving, from an untrusted application, an access request for a user to a protected resource at a resource server; determining whether the access request lacks an indicating that the user is authorized to access the protected resource; sending, upon determination that the access request lacks the indication that the user is authorized to access the protected resource, a command, from the resource server to the application, for opening a client browser; intercepting a request from the client browser directed to an authorization server; requesting user credentials from the client browser; processing user credentials received from the client browser to authenticate the user; redirecting the client browser to the authorization server configured to issue a token credential for indicating authorization of the user to obtain a token for indicating to the resource server authorization of the user to access the protected resource; intercepting an authorization request from the browser to the authorization server configured to issue a token credential, and inserting into the authorization request an HTTP header variable indicating the authentication status of the user; wherein the token credential allows access, by the application, to the token from the authorization server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A non-transitory tangible computer readable medium having stored thereon, computer executable instructions that, if executed by a computing device, cause the computing device to perform a method comprising:
-
receiving, from an untrusted application, an access request for a user to a protected resource at a resource server; determining whether the access request lacks an indication that the user is authorized to access the protected resource; sending, upon determination that the access request lacks the indication that the user is authorized to access the protected resource, a command, from the resource server to the application, for opening a client browser; intercepting a request from the client browser directed to an authorization server; requesting user credentials from the client browser; processing user credentials received from the client browser to authenticate the user; redirecting the client browser to the authorization server configured to issue a token credential for indicating authorization of the user to obtain a token for indicating to the resource; intercepting an authorization request from the browser to the authorization server configured to issue a token credential, and inserting into the authorization request an HTTP header variable indicating the authentication status of the user; wherein the token credential allows access, by the application, to the token from the authorization server. - View Dependent Claims (10)
-
-
11. A computer server system for controlling user access to a protected resource, the computer server system comprising a resource server and an authorization server, and the computer server system being at least configured to:
-
receive, from an untrusted application, an access request for a user to a protected resource at the resource server; determine whether the access request lacks an indication that the user is authorized to access the protected resource; send, upon determination that the access request lacks the indication that the user is authorized to access the protected resource, a command, from the resource server to the application, to open a client browser; intercept a request from the client browser directed to the authorization server; request user credentials from the client browser; process user credentials received from the client browser to authenticate the user; redirect the client browser to the authorization server configured to issue a token credential for indicating authorization of the user to obtain a token for indicating to the resource server authorization of the user to access the protected resource; intercept an authorization request from the browser to the authorization server configured to issue a token credential; and insert into the authorization request an HTTP header variable indicating the authentication status of the user; wherein the token credential allows access, by the application, to the token from the authorization server. - View Dependent Claims (12)
-
Specification