Pluggable authentication and authorization
First Claim
Patent Images
1. A method comprising, by a client device:
- forwarding a predetermined local port to a gateway port of a gateway to create a secure shell tunnel to the gateway;
establishing a first connection to a ticket server coupled to the gateway, wherein the ticket server comprises a pluggable authentication and authorization (PAA) ticket server, wherein the gateway couples the client device to a first computing device, wherein the first connection is the secure shell'"'"' tunnel to the gateway, wherein the ticket server preserves state information, and wherein the state information comprises the state information for operation between the client device and one or more computing devices or an event;
confirming one or more credentials for the client device to access the first computing device base at least on a request from the client device to access the first computing device via the secure shell tunnel and an access of the client device to the gateway;
retrieving a permission vector from the ticket server through the first connection, wherein the retrieved permission vector contains at least one or more tickets to authenticate and authorize the client device access to at least the gateway and the first computing device and client-side redirection information;
storing the at least one or more tickets in a persistent storage;
establishing a second connection to the first computing device based at least on the retrieved tickets and information associated with the first connection such that additional information is not required to establish the second connection, wherein the first and second connections comprise one or more remote desktop protocol (RDP) connections, and wherein establishing the second connection to the first computing device based at least on the retrieved tickets comprises by the first computing device;
determining, with the ticket server, whether the retrieved tickets are valid; and
accepting the establishment of the second connection based, at least in part, on the determination of whether the retrieved tickets are valid; and
accessing on one more services provided by the gateway via the first connection.
14 Assignments
0 Petitions
Accused Products
Abstract
In particular embodiments, a client device may established a first connection to a ticket server of a gateway, wherein the gateway couples the client device to a first computing device, retrieve a permission vector from the ticket server though the first connection, wherein the retrieved permission vector contains at least one or more tickets to authenticate and authorize the client device access to at least the gateway and the first computing device, and establish a second connection to the first computing device based at least on the retrieved tickets
-
Citations
16 Claims
-
1. A method comprising, by a client device:
-
forwarding a predetermined local port to a gateway port of a gateway to create a secure shell tunnel to the gateway; establishing a first connection to a ticket server coupled to the gateway, wherein the ticket server comprises a pluggable authentication and authorization (PAA) ticket server, wherein the gateway couples the client device to a first computing device, wherein the first connection is the secure shell'"'"' tunnel to the gateway, wherein the ticket server preserves state information, and wherein the state information comprises the state information for operation between the client device and one or more computing devices or an event; confirming one or more credentials for the client device to access the first computing device base at least on a request from the client device to access the first computing device via the secure shell tunnel and an access of the client device to the gateway; retrieving a permission vector from the ticket server through the first connection, wherein the retrieved permission vector contains at least one or more tickets to authenticate and authorize the client device access to at least the gateway and the first computing device and client-side redirection information; storing the at least one or more tickets in a persistent storage; establishing a second connection to the first computing device based at least on the retrieved tickets and information associated with the first connection such that additional information is not required to establish the second connection, wherein the first and second connections comprise one or more remote desktop protocol (RDP) connections, and wherein establishing the second connection to the first computing device based at least on the retrieved tickets comprises by the first computing device; determining, with the ticket server, whether the retrieved tickets are valid; and accepting the establishment of the second connection based, at least in part, on the determination of whether the retrieved tickets are valid; and accessing on one more services provided by the gateway via the first connection. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. One or more computer-readable non-transitory storage media embodying logic that is operable when executed to:
by a first computing device; receiving a request from a client device to access the first computing device via a first connection comprising a secure shell tunnel, the client device being coupled to the first computing device, wherein a predetermined local port of the client device is forwarded to a port of a gateway to create the secure shell tunnel; confirming one or more credentials for the client device to access the first computing device based at least on the received request and an access of the client device to a gateway, the gateway being coupled to the client device and the first computing device, wherein the first computing device is a ticket server, wherein the ticket server comprises a pluggable authentication and authorization ticket server, wherein the ticket server preserves state information, and wherein the state information comprises the state information for operation between the client device and one or more computing devices or an event, and wherein the client device receives one or more tickets and client-side redirection information from the ticket server; retrieving a permission vector from the ticket server through the secure shell tunnel, wherein the retrieved permission vector contains at least one or more tickets to authenticate and authorize the client device access to at least the first connection and the first computing device and client-side redirection information; storing the at least one or more tickets in a persistent storage; establishing a second connection to the first computing device based at least on the one or more tickets and information associated with the first connection such that additional information is not required to establish the second connection, wherein the first and second connections comprise one or more remote desktop protocol (RDP) connections, and wherein establishing the second connection to the first computing device based at least on the retrieved tickets comprises by the first computing device; determining, with the ticket server, whether the retrieved tickets are valid; accepting the establishment of the second connection based, at least in part, on the determination of whether the retrieved tickets are valid; and providing access to one or more services provided by the gateway via the secure shell tunnel. - View Dependent Claims (14, 15)
-
16. An information handling system comprising:
-
one or more processors; and a memory coupled to the processors comprising instructions executable by the processors, the processors being operable when executing the instructions to; by a first computing device; receiving a request from a client device to access the first computing device via a secure shell tunnel, the client device being coupled to the first computing device, wherein a predetermined local port of the client device is forwarded to a port of a gateway to create the secure shell tunnel; confirming one or more credentials for the client device to access the first computing device based at least on the received request and an access of the client device to a gateway, the gateway being coupled to the client device and the first computing device, wherein the first computing device is a ticket server, wherein the ticket server comprises a pluggable authentication and authorization ticket server, wherein the ticket server preserves state information, and wherein the state information comprises the state information for operation between the client device and one or more computing devices or an event, and wherein the client device receives one or more tickets and client-side redirection information from the ticket server; retrieving a permission vector from the ticket server through the secure shell tunnel, wherein the retrieved permission vector contains at least one or more tickets to authenticate and authorize the client device access to at least the gateway and the first computing device and client-side redirection information; storing the at least one or more tickets in a persistent storage; establishing a second connection to the first computing device based at least on the one or more tickets and information associated with the first connection such that additional information is not required to establish the second connection, wherein the first and second connections comprise one or more remote desktop protocol (RDP) connections, and wherein establishing the second connection to the first computing device based at least on the retrieved tickets comprises by the first computing device; determining, with the ticket server, whether the retrieved tickets are valid; accepting the establishment of the second connection based, at least in part, on the determination of whether the retrieved tickets are valid; and providing access to one or more services provided by the gateway via the secure shell tunnel.
-
Specification