System and method for proxying HTTP single sign on across network domains
First Claim
Patent Images
1. A method, the comprising:
- authenticating, by a network traffic management device and utilizing a first security protocol, a user of a remote client device in response to receiving a login request from the remote client device to access a secured network domain, wherein the login request includes a client certificate, which is encrypted in the first security protocol;
establishing, by the network traffic management device, a first connection between the remote client device and the secured network domain after the user has been verified to access the secured network domain;
receiving, by the network traffic management device, a service request from the remote client device to obtain a network service from a resource server in the secured network domain, transitioning, by the network traffic management device, to a second security protocol, sending, by the network traffic management device, a ticket granting request that is specific to the type of service request to a dedicated server, obtaining, by the network traffic management device, a service ticket from the dedicated server in the secured network domain for the service request in the second security protocol, locally storing, by the network traffic management device, the service ticket to allow the service ticket to be repeatedly used to request and access services within the secured domain, and providing, by the network traffic management device, access to the network service using the service ticket in response to the service request;
receiving, by the network traffic management device, another service request from the remote client device to obtain the network service from the resource server in the secured network domain; and
providing, by the network traffic management device, access to the network service using the stored service ticket in response to the another service request received from the remote client device to obtain the network service from the resource server and without communicating with the dedicated server from which the service ticket was previously obtained or authenticating the user.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method to establish and maintain access between a secured network and a remote client device communicating with different security protocols. Once the system and method verify that the remote client device had the requisite credentials to access the secured network domain, the system and method are delegated to fetch a service ticket to one or more dedicated servers on behalf of remote client device. The system and method receives a service ticket from the dedicated server and forwards the service ticket to the remote client device to use the service.
497 Citations
20 Claims
-
1. A method, the comprising:
-
authenticating, by a network traffic management device and utilizing a first security protocol, a user of a remote client device in response to receiving a login request from the remote client device to access a secured network domain, wherein the login request includes a client certificate, which is encrypted in the first security protocol; establishing, by the network traffic management device, a first connection between the remote client device and the secured network domain after the user has been verified to access the secured network domain; receiving, by the network traffic management device, a service request from the remote client device to obtain a network service from a resource server in the secured network domain, transitioning, by the network traffic management device, to a second security protocol, sending, by the network traffic management device, a ticket granting request that is specific to the type of service request to a dedicated server, obtaining, by the network traffic management device, a service ticket from the dedicated server in the secured network domain for the service request in the second security protocol, locally storing, by the network traffic management device, the service ticket to allow the service ticket to be repeatedly used to request and access services within the secured domain, and providing, by the network traffic management device, access to the network service using the service ticket in response to the service request; receiving, by the network traffic management device, another service request from the remote client device to obtain the network service from the resource server in the secured network domain; and providing, by the network traffic management device, access to the network service using the stored service ticket in response to the another service request received from the remote client device to obtain the network service from the resource server and without communicating with the dedicated server from which the service ticket was previously obtained or authenticating the user. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A non-transitory machine readable medium having stored thereon instructions for establishing access between a secured network and a remote client device, comprising machine executable code which when executed by one or more processors, causes the one or more processors to:
-
authenticate, utilizing a first security protocol, a user of a remote client device in response to receiving a login request from the remote client device to access a secured network domain, wherein the login request includes a client certificate, which is encrypted in the first security protocol; establish a first connection between the remote client device and the secured network domain after the user has been verified to access the secured network domain; receive a service request from the remote client device to obtain a network service from a resource server in the secured network domain, transition to a second security protocol, send a ticket granting request that is specific to the type of service request to a dedicated server, obtain a service ticket from a dedicated server in the secured network domain for the service request in the second security protocol locally store the service ticket to allow the service ticket to be repeatedly used to request and access services within the secured domain, and provide access to the network service using the service ticket in response to the service request; receive another service request from the remote client device to obtain the network service from the resource server in the secured network domain; and provide access to the network service using the stored service ticket in response to the another service request received from the remote client device to obtain the network service from the resource server and without communicating with the dedicated server from which the service ticket was previously obtained or authenticating the user. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A network traffic management device comprising memory comprising programmed instructions stored thereon and at least one processor coupled to the memory and configured to be capable of executing the stored programmed instructions to:
-
authenticate, utilizing a first security protocol, a user of a remote client device in response to receiving a login request from the remote client device to access a secured network domain, wherein the login request includes a client certificate, which is encrypted in the first security protocol; establish a first connection between the remote client device and the secured network domain after the user has been verified to access the secured network domain; receive a service request from the remote client device to obtain a network service from a resource server in the secured network domain, transition to a second security protocol, send a ticket granting request that is specific to the type of service request to a dedicated server, obtain a service ticket from a dedicated server in the secured network domain for the service request in the second security protocol, locally store the service ticket to allow the service ticket to be repeatedly used to request and access services within the secured domain, and provide access to the network service using the service ticket in response to the service request; receive another service request from the remote client device to obtain the network service from the resource server in the secured network domain; and provide access to the network service using the stored service ticket in response to the another service request received from the remote client device to obtain the network service from the resource server and without communicating with the dedicated server from which the service ticket was previously obtained or authenticating the user. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A network traffic management system comprising one or more network traffic management devices, dedicated servers, or resource servers, the network traffic management system comprising memory comprising programmed instructions stored thereon and one or more processors configured to be capable of executing the stored programmed instructions to:
-
authenticate, utilizing a first security protocol, a user of a remote client device in response to receiving a login request from the remote client device to access a secured network domain, wherein the login request includes a client certificate, which is encrypted in the first security protocol; establish a first connection between the remote client device and the secured network domain after the user has been verified to access the secured network domain; receive a service request from the remote client device to obtain a network service from a resource server in the secured network domain, transition to a second security protocol, send a ticket granting request that is specific to the type of service request to a dedicated server, obtain a service ticket from the dedicated server in the secured network domain for the service request in the second security protocol, locally store the service ticket to allow the service ticket to be repeatedly used to request and access services within the secured domain, and provide access to the network service using the service ticket in response to the service request; receive another service request from the remote client device to obtain the network service from the resource server in the secured network domain; and provide access to the network service using the stored service ticket in response to the another service request received from the remote client device to obtain the network service from the resource server and without communicating with the dedicated server from which the service ticket was previously obtained or authenticating the user. - View Dependent Claims (17, 18, 19, 20)
-
Specification