Cross-protocol federated single sign-on (F-SSO) for cloud enablement
First Claim
1. A method to manage access to resources hosted in a shared pool of configurable computing resources, comprising:
- receiving a registration request to initiate a user'"'"'s registration to use resources hosted in the shared pool of configurable computing resources;
during a registration process initiated by receipt of the registration request, receiving a federated single sign-on (F-SSO) request, the F-SSO request having an assertion associated therewith that includes authentication data for use to enable direct user access to a resource hosted in the shared pool of configurable computing resources;
attempting to validate the assertion using a software component executing on a hardware element;
upon validation of the assertion, deploying the authentication data within the shared pool of configurable computing resources to enable direct user access to the resource.
2 Assignments
0 Petitions
Accused Products
Abstract
A method to enable access to resources hosted in a compute cloud begins upon receiving a registration request to initiate a user'"'"'s registration to use resources hosted in the compute cloud. During a registration process initiated by receipt of the registration request, a federated single sign-on (F-SSO) request is received. The F-SSO request includes an assertion (e.g., an HTTP-based SAML assertion) having authentication data (e.g., an SSH public key, a CIFS username, etc.) for use to enable direct user access to a resource hosted in the compute cloud. Upon validation of the assertion, the authentication data is deployed within the cloud to enable direct user access to the compute cloud resource using the authentication data. In this manner, the cloud provider provides authentication, single sign-on and lifecycle management for the user, despite the “air gap” between the HTTP protocol used for F-SSO and the non-HTTP protocol used for the user'"'"'s direct access to the cloud resource.
34 Citations
33 Claims
-
1. A method to manage access to resources hosted in a shared pool of configurable computing resources, comprising:
-
receiving a registration request to initiate a user'"'"'s registration to use resources hosted in the shared pool of configurable computing resources; during a registration process initiated by receipt of the registration request, receiving a federated single sign-on (F-SSO) request, the F-SSO request having an assertion associated therewith that includes authentication data for use to enable direct user access to a resource hosted in the shared pool of configurable computing resources; attempting to validate the assertion using a software component executing on a hardware element; upon validation of the assertion, deploying the authentication data within the shared pool of configurable computing resources to enable direct user access to the resource. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 28, 31)
-
-
10. Apparatus to manage access to resources hosted in a shared pool of configurable computing resources, comprising:
-
a processor; computer memory holding computer program instructions that when executed by the processor perform a method comprising; receiving a registration request to initiate a user'"'"'s registration to use resources hosted in the shared pool of configurable computing resources; during a registration process initiated by receipt of the registration request, receiving a federated single sign-on (F-SSO) request, the F-SSO request having an assertion associated therewith that includes authentication data for use to enable direct user access to a resource hosted in the shared pool of configurable computing resources; attempting to validate the assertion; upon validation of the assertion, deploying the authentication data within the shared pool of configurable computing resources to enable direct user access to the resource. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 29, 32)
-
-
19. A computer program product in a non-transitory computer readable storage medium for use in a data processing system to manage access to resources hosted in a shared pool of configurable computing resources, the computer program product holding computer program instructions which, when executed by the data processing system, perform a method comprising:
-
receiving a registration request to initiate a user'"'"'s registration to use resources hosted in the shared pool of configurable computing resources; during a registration process initiated by receipt of the registration request, receiving a federated single sign-on (F-SSO) request, the F-SSO request having an assertion associated therewith that includes authentication data for use to enable direct user access to a resource hosted in the shared pool of configurable computing resources; attempting to validate the assertion; upon validation of the assertion, deploying the authentication data within the shared pool of configurable computing resources to enable direct user access to the resource. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 30, 33)
-
Specification