Cross instance user authentication architecture
First Claim
1. A method at a host organization, the method comprising:
- receiving a login request from a client device at a single URL endpoint which services login requests for the host organization, the login request received at a first login server of the host organization, the first login server having at least a processor and a memory therein to receive the login request, wherein the first login server resides within a first datacenter of the host organization;
forwarding the login request received at the first login server of the host organization to a second login server within a second one of a plurality of datacenters within the host organization, the second login server having at least a processor and a memory therein to receive the login request from the first login server;
determining the second datacenter is a non-home-geo datacenter for a user associated with the login request received from the client device;
establishing a back-end link from the non-home-geo datacenter to a home-geo datacenter for the user;
forwarding the login request from the non-home-geo datacenter to the home-geo datacenter via the back-end link for authentication of the client device at the user'"'"'s home-geo datacenter responsive to the login request received from the client device; and
redirecting communications with the host organization from the client device to the user'"'"'s home-geo datacenter upon successful authentication of the login request at the home-geo datacenter.
1 Assignment
0 Petitions
Accused Products
Abstract
In accordance with disclosed embodiments, there are provided methods, systems, and apparatuses for implementing a cross instance user authentication architecture in an on-demand service environment including, for example, means for receiving a login request at a global Virtual Internet Protocol (VIP) address for the host organization from a client device; forwarding the login request; determining the selected datacenter is a home-geo or a non-home-geo datacenter; establishing a back-end link; forwarding the login request from the non-home-geo datacenter to the home-geo datacenter via the back-end link for authentication; and returning a response to the client device from the non-home-geo datacenter upon successful authentication of the login request at the home-geo datacenter. Other related embodiments are disclosed.
-
Citations
19 Claims
-
1. A method at a host organization, the method comprising:
-
receiving a login request from a client device at a single URL endpoint which services login requests for the host organization, the login request received at a first login server of the host organization, the first login server having at least a processor and a memory therein to receive the login request, wherein the first login server resides within a first datacenter of the host organization; forwarding the login request received at the first login server of the host organization to a second login server within a second one of a plurality of datacenters within the host organization, the second login server having at least a processor and a memory therein to receive the login request from the first login server; determining the second datacenter is a non-home-geo datacenter for a user associated with the login request received from the client device; establishing a back-end link from the non-home-geo datacenter to a home-geo datacenter for the user; forwarding the login request from the non-home-geo datacenter to the home-geo datacenter via the back-end link for authentication of the client device at the user'"'"'s home-geo datacenter responsive to the login request received from the client device; and redirecting communications with the host organization from the client device to the user'"'"'s home-geo datacenter upon successful authentication of the login request at the home-geo datacenter. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. Non-transitory computer readable storage medium having instructions stored thereon that, when executed by a computing hardware of a host organization including one or more processors and memories, the instructions cause the host organization to perform operations comprising:
-
receiving a login request from a client device at a single URL endpoint which services login requests for the host organization, the login request received at a first login server of the host organization, the first login server having at least a processor and a memory therein to receive the login request, wherein the first login server resides within a first datacenter of the host organization; forwarding the login request received at the first login server of the host organization to a second login server within a second one of a plurality of datacenters within the host organization, the second login server having at least a processor and a memory therein to receive the login request from the first login server; determining the second datacenter is a non-home-geo datacenter for a user associated with the login request received from the client device; establishing a back-end link from the non-home-geo datacenter to a home-geo datacenter for the user; forwarding the login request from the non-home-geo datacenter to the home-geo datacenter via the back-end link for authentication of the client device at the user'"'"'s home-geo datacenter responsive to the login request received from the client device; and redirecting communications with the host organization from the client device to the user'"'"'s home-geo datacenter upon successful authentication of the login request at the home-geo datacenter.
-
-
19. A computing architecture within a host organization, the computing architecture comprising:
-
one or more processors and memories to execute instructions; a plurality of datacenters geographically separated from one another, each of the plurality of datacenters having a plurality of computing pods therein including a database and a pool of application servers to perform workload processing on behalf of the host organization; a global virtual IP address interface and load balancer servicing a single URL endpoint for the host organization to receive login requests on behalf of the host organization; wherein the global virtual IP address interface and load balancer is to receive a login request from a client device at a first login server of the host organization;
wherein the login request from the client device is received at the single URL endpoint which services login requests for the host organization;
wherein the first login server resides within a first datacenter of the host organization;the first login server to forward the login request received to a second login server within a second one of a plurality of datacenters within the host organization; wherein the second login server at the second datacenter determines the second datacenter is a non-home-geo datacenter for a user associated with the login request received from the client device; wherein the second login server is to establish a back-end link from the non-home-geo datacenter to a home-geo datacenter for the user and forward the login request from the non-home-geo datacenter to the home-geo datacenter via the back-end link for authentication of the client device at the user'"'"'s home-geo datacenter responsive to the login request received from the client device; and wherein the second login server is to redirect communications with the host organization from the client device to the user'"'"'s home-geo datacenter upon successful authentication of the login request at the home-geo datacenter.
-
Specification