System and method for resource access with identity impersonation
First Claim
1. A gateway device comprising a processor and a memory, the processor is configured to:
- receive, by the gateway device, a resource request message from an endpoint associated with a user, the resource request message including an external token, a resource operation, and a resource identifier, the gateway device is not the endpoint;
retrieve, from the memory of the gateway device, an authentication identifier associated with one of the endpoint and the user based on the external token;
authorize, by the gateway device, the resource operation with a directory service using the authentication identifier;
receive, by the gateway device, an authorization token from the directory service; and
initiate, by the gateway device, the resource operation with an internal resource associated with the resource identifier using the authorization token.
1 Assignment
0 Petitions
Accused Products
Abstract
A gateway device comprising a processor and a memory, the processor is configured to receive a resource request message from an endpoint associated with a user, the resource request message including an external token, a resource operation, and a resource identifier. The processor is also configured to retrieve, from the memory, an authentication identifier associated with one of the endpoint and the user based on the external token and authorize the resource operation with a directory service using the authentication identifier. The processor is further configured to receive an authorization token from the directory service and initiate the resource operation with an internal resource using the authorization token.
-
Citations
20 Claims
-
1. A gateway device comprising a processor and a memory, the processor is configured to:
-
receive, by the gateway device, a resource request message from an endpoint associated with a user, the resource request message including an external token, a resource operation, and a resource identifier, the gateway device is not the endpoint; retrieve, from the memory of the gateway device, an authentication identifier associated with one of the endpoint and the user based on the external token; authorize, by the gateway device, the resource operation with a directory service using the authentication identifier; receive, by the gateway device, an authorization token from the directory service; and initiate, by the gateway device, the resource operation with an internal resource associated with the resource identifier using the authorization token. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for pass-through impersonation, the method comprising:
-
receiving, by a gateway, a resource request message from an endpoint associated with a user, the resource request message including an external token, a resource operation, and a resource identifier, the gateway is not the endpoint; retrieving, from a memory of the gateway, an authentication identifier associated with one of the endpoint and the user based on the external token; authorizing, by the gateway, the resource operation with a directory service using the authentication identifier; receiving, by the gateway, an authorization token from the directory service; and initiating, by the gateway, the resource operation with an internal resource associated with the resource identifier using the authorization token. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A machine-readable storage medium storing a set of instructions that, when executed by at least one processor, causes the at least one processor to perform operations comprising:
-
receiving a resource request message from an endpoint associated with a user, the resource request message including an external token, a resource operation, and a resource identifier, the at least one processor is not the endpoint; retrieving, from a memory, an authentication identifier associated with one of the endpoint and the user based on the external token; authorizing the resource operation with a directory service using the authentication identifier; receiving an authorization token from the directory service; and initiating the resource operation with an internal resource associated with the resource identifier using the authorization token. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification