Configurable adaptive access manager callouts
First Claim
1. A computer-implemented method comprising:
- storing, at an authorization server computer, a mapping between an adaptive access manager and an identity domain of a plurality of identity domains;
receiving, at the authorization server computer, an authentication request for a user associated with the identity domain, wherein the authentication request includes one or more attributes, the one or more attributes identifying a source by which the authentication request was communicated;
in response to receiving the authentication request, determining, based on the mapping, that the adaptive access manager is associated with the identity domain with which the user is associated;
in response to determining that the adaptive access manager is associated with the identity domain with which the user is associated, applying an identity domain-specific policy of the identity domain to the authentication request based on the one or more attributes of the authentication request;
determining, based on applying the identity domain-specific policy to the authentication request, whether to call the adaptive access manager to determine a process for authenticating the user for the authentication request;
upon determining to call the adaptive access manager, sending, at the authorization server computer, a request to the adaptive access manager for information defining an authentication process for authenticating the user for the authentication request;
receiving, at the authorization server computer, from the adaptive access manager, a response including the information defining the authentication process;
determining, based on the information defining the authentication process, to perform a different authentication process, the different authentication process being distinct from a standard authentication process to authenticate the user for the authentication request; and
in response to determining to perform the different authentication process, the authorization server computer performing the different authentication process to authenticate the user for the authentication request.
1 Assignment
0 Petitions
Accused Products
Abstract
A framework, which conforms to the OAuth standard, involves a generic OAuth authorization server that can be used by multiple resource servers in order to ensure that access to resources stored on those resource servers is limited to access to which the resource owner consents. Each resource server registers, with the OAuth authorization server, metadata for that resource server, indicating scopes that are recognized by the resource server. The OAuth authorization server refers to this metadata when requesting consent from a resource owner on behalf of a client application, so that the consent will be of an appropriate scope. The OAuth authorization server refers to this metadata when constructing an access token to provide to the client application for use in accessing the resources on the resource server. The OAuth authorization server uses this metadata to map issued access tokens to the scopes to which those access tokens grant access.
-
Citations
20 Claims
-
1. A computer-implemented method comprising:
-
storing, at an authorization server computer, a mapping between an adaptive access manager and an identity domain of a plurality of identity domains; receiving, at the authorization server computer, an authentication request for a user associated with the identity domain, wherein the authentication request includes one or more attributes, the one or more attributes identifying a source by which the authentication request was communicated; in response to receiving the authentication request, determining, based on the mapping, that the adaptive access manager is associated with the identity domain with which the user is associated; in response to determining that the adaptive access manager is associated with the identity domain with which the user is associated, applying an identity domain-specific policy of the identity domain to the authentication request based on the one or more attributes of the authentication request; determining, based on applying the identity domain-specific policy to the authentication request, whether to call the adaptive access manager to determine a process for authenticating the user for the authentication request; upon determining to call the adaptive access manager, sending, at the authorization server computer, a request to the adaptive access manager for information defining an authentication process for authenticating the user for the authentication request; receiving, at the authorization server computer, from the adaptive access manager, a response including the information defining the authentication process; determining, based on the information defining the authentication process, to perform a different authentication process, the different authentication process being distinct from a standard authentication process to authenticate the user for the authentication request; and in response to determining to perform the different authentication process, the authorization server computer performing the different authentication process to authenticate the user for the authentication request. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer-readable memory comprising instructions which, when executed by one or more processors, cause the one or more processors to perform:
-
storing, at an authorization server computer, a mapping between an adaptive access manager and an identity domain of a plurality of identity domains; receiving, at the authorization server computer, an authentication request for a user associated with the identity domain, wherein the authentication request includes one or more attributes, the one or more attributes identifying a source by which the authentication request was communicated; in response to receiving the authentication request, determining, based on the mapping, that the adaptive access manager is associated with the identity domain with which the user is associated; in response to determining that the first adaptive access manager is associated with the identity domain with which the user is associated, applying an identity domain-specific policy of the identity domain to the authentication request based on the one or more attributes of the authentication request; determining, based on applying the identity domain-specific policy to the authentication request, whether to call the adaptive access manager to determine a process for authenticating the user for the authentication request; upon determining to call the adaptive access manager, sending, at the authorization server computer, a request to the adaptive access manager for information defining an authentication process for authenticating the user for the authentication request; receiving, at the authorization server computer, from the adaptive access manager, a response including the information defining the authentication process; determining, based on the information defining the authentication process, to perform a different authentication process, the different authentication process being distinct from a standard authentication process to authenticate the user for the authentication request; and in response to determining to perform the different authentication process, the authorization server computer performing the different authentication process to authenticate the user for the authentication request. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A system comprising:
-
a first machine that includes a first adaptive access manager; and a second machine that includes an authorization server that is configured to; store a first mapping between the first adaptive access manager and a first identity domain of a plurality of identity domains; receive a first authentication request from a first user associated with the first identity domain, wherein the first authentication request includes one or more attributes, the one or more attributes identifying a source by which the first authentication request was communicated; determine, in response to receiving the first authentication request, and based on the first mapping, that the first user is associated with the first identity domain; in response to determining that the first user is associated with the first identity domain, apply a first identity domain-specific policy of the first identity domain to the first authentication request based on the one or more attributes of the first authentication request; determine, based on applying the first identity domain-specific policy to the first authentication request, whether to call the first adaptive access manager to determine a process for authenticating the first user for the first authentication request; upon determining to call the first adaptive access manager, send a first request to the first adaptive access manager for information defining a first authentication process for authenticating the first user for the first authentication request; receive, from the first adaptive access manager, a first response including the information defining the first authentication process; determine, based on the information defining the first authentication process, to perform a different authentication process, the different authentication process being distinct from a standard authentication process to authenticate the first user for the first authentication request; and in response to determining to perform the different authentication process, perform the different authentication process to authenticate the first user for the first authentication request. - View Dependent Claims (17, 18, 19, 20)
-
Specification