Centralized pluggable authentication and authorization
First Claim
Patent Images
1. A method comprising, by a first computing device of an infrastructure:
- receiving a request from a second computing device to access through a gateway a first entity of the infrastructure, the second computing device being coupled to the first computing device, wherein the request comprises a first ticket previously assigned by the first computing device, and wherein the first ticket authenticates and authorizes the second computing device for access to at least the first entity and a second entity of the infrastructure and one or more back-end services, wherein the first computing device comprises a centralized pluggable authentication and authorization (PAA) ticketing server that is coupled to the gateway and that provides the first ticket, wherein the PAA ticketing server, an HTTPS server and the gateway form a centralized PAA framework, wherein the first ticket is encrypted based at least on one or more of a connection as routed between the first computing device and at least one of the one or more back-end services, a user of the first computing device and data associated with the connection, wherein the first ticket comprises a list of redirection servers, wherein the first computing device is associated with a third-party encryption service, wherein accessibility of the second computing device to pre-determined entities of the infrastructure is provided by the third-party encryption service, and wherein the first entity redirects the second computing device to the second entity;
determining an eligibility of the second computing device to access at least the first entity of the infrastructure based at least on the first ticket and the first entity, wherein the first ticket is usable by the second computing device against one or more resources; and
assigning, by the PAA ticketing server, a second ticket to the second computing device responsive to the received request based on the eligibility determination, wherein the second ticket authenticates and authorizes the second computing device for access to at least the first entity of the infrastructure, wherein the second ticket is based on a relationship to the first ticket, and wherein assigning the second ticket to the second computing device comprises;
nullifying the first ticket previously assigned by the first computing device; and
sending the second ticket to the second computing device.
14 Assignments
0 Petitions
Accused Products
Abstract
In particular embodiments, a first computing device may receive a request from a second computing device to access a first entity of an infrastructure, the second computing device being coupled to the first computing device, then determining an eligibility of the second computing device to access as least the first entity of the infrastructure, and if the second computing device is determined to be eligible to access the first entity, then assigning a second ticket to the second computing device responsive to the received request.
-
Citations
13 Claims
-
1. A method comprising, by a first computing device of an infrastructure:
-
receiving a request from a second computing device to access through a gateway a first entity of the infrastructure, the second computing device being coupled to the first computing device, wherein the request comprises a first ticket previously assigned by the first computing device, and wherein the first ticket authenticates and authorizes the second computing device for access to at least the first entity and a second entity of the infrastructure and one or more back-end services, wherein the first computing device comprises a centralized pluggable authentication and authorization (PAA) ticketing server that is coupled to the gateway and that provides the first ticket, wherein the PAA ticketing server, an HTTPS server and the gateway form a centralized PAA framework, wherein the first ticket is encrypted based at least on one or more of a connection as routed between the first computing device and at least one of the one or more back-end services, a user of the first computing device and data associated with the connection, wherein the first ticket comprises a list of redirection servers, wherein the first computing device is associated with a third-party encryption service, wherein accessibility of the second computing device to pre-determined entities of the infrastructure is provided by the third-party encryption service, and wherein the first entity redirects the second computing device to the second entity; determining an eligibility of the second computing device to access at least the first entity of the infrastructure based at least on the first ticket and the first entity, wherein the first ticket is usable by the second computing device against one or more resources; and assigning, by the PAA ticketing server, a second ticket to the second computing device responsive to the received request based on the eligibility determination, wherein the second ticket authenticates and authorizes the second computing device for access to at least the first entity of the infrastructure, wherein the second ticket is based on a relationship to the first ticket, and wherein assigning the second ticket to the second computing device comprises; nullifying the first ticket previously assigned by the first computing device; and sending the second ticket to the second computing device. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. One or more computer-readable non-transitory storage media embodying logic that is operable when executed to:
-
by a first computing device of an infrastructure; receiving a request from a second computing device to access through a gateway a first entity of the infrastructure, the second computing device being coupled to the first computing device, wherein the request comprises a first ticket previously assigned by the first computing device, and wherein the first ticket authenticates and authorizes the second computing device for access to at least the first entity and a second entity of the infrastructure and one or more back-end services, wherein the first computing device comprises a centralized pluggable authentication and authorization (PAA) ticketing server that is coupled to the gateway and that provides the first ticket, wherein the PAA ticketing server, an HTTPS server and the gateway form a centralized PAA framework, wherein the first ticket is encrypted based at least on one or more of a connection as routed between the first computing device and at least one of the one or more back-end services, a user of the first computing device and data associated with the connection, wherein the first ticket comprises a list of redirection servers, wherein the first computing device is associated with a third-party encryption service, wherein accessibility of the second computing device to pre-determined entities of the infrastructure is provided by the third-party encryption service, and wherein the first entity redirects the second computing device to the second entity; determining an eligibility of the second computing device to access at least the first entity of the infrastructure based at least on the first ticket and the first entity, wherein the first ticket is usable by the second computing device against one or more resources; and assigning, by the PAA ticketing server, a second ticket to the second computing device responsive to the received request based on the eligibility determination, wherein the second ticket authenticates and authorizes the second computing device for access to at least the first entity of the infrastructure through the gateway, wherein the second ticket is based on a relationship to the first ticket, and wherein assigning the second ticket to the second computing device comprises; nullifying the first ticket previously assigned by the first computing device; and sending the second ticket to the second computing device. - View Dependent Claims (9, 10)
-
-
11. An information handling system comprising:
- one or more processors; and
a memory coupled to the processors comprising instructions executable by the processors, the processors being operable when executing the instructions to; by a first computing device of an infrastructure; receiving a request from a second computing device to access through a gateway a first entity of the infrastructure, the second computing device being coupled to the first computing device, wherein the request comprises a first ticket previously assigned by the first computing device, and wherein the first ticket authenticates and authorizes the second computing device for access to at least the first entity and a second entity of the infrastructure and one or more back-end services, wherein the first computing device comprises a centralized pluggable authentication and authorization (PAA) ticketing server that is coupled to the gateway and that provides the first ticket, wherein the PAA ticketing server, an HTTPS server and the gateway form a centralized PAA framework, wherein the first ticket is encrypted based at least on one or more of a connection as routed between the first computing device and at least one of the one or more back-end services, a user of the first computing device and data associated with the connection, wherein the first ticket comprises a list of redirection servers, wherein the first computing device is associated with a third-party encryption service, wherein accessibility of the second computing device to pre-determined entities of the infrastructure is provided by the third-party encryption service, and wherein the first entity redirects the second computing device to the second entity; determining an eligibility of the second computing device to access at least the first entity of the infrastructure based at least on the first ticket and the first entity, wherein the first ticket is usable by the second computing device against one or more resources; and assigning, by the PAA ticketing server, a second ticket to the second computing device responsive to the received request based on the eligibility determination, wherein the second ticket authenticates and authorizes the second computing device for access to at least the first entity of the infrastructure, wherein the second ticket is based on a relationship to the first ticket, and wherein assigning the second ticket to the second computing device comprises; nullifying the first ticket previously assigned by the first computing device; and sending the second ticket to the second computing device. - View Dependent Claims (12, 13)
- one or more processors; and
Specification