Substituting callback URLs when using OAuth protocol exchanges
First Claim
1. A method comprising:
- operating a proxy service having a proxy uniform resource locator (URL) that communicates with an identity access management server, wherein an application is registered with the identity access management server using the proxy URL, and the application resides at a first network location corresponding to a first URL; and
authenticating the application after the application is moved from the first network location to a second network location, by;
receiving, at the proxy service having the proxy URL, an authentication message generated for the application; and
forwarding, by the proxy service having the proxy URL, the authentication message to the application at the second network location having a second URL.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems for computer security. A proxy service implements methods for substituting callback uniform resource locators (URLs) when using an OAuth protocol exchange to authenticate an application. A proxy service is established at a first uniform resource locator to carry out communications between one or more identity access management servers and a plurality of application hosting sites. At least one of the plurality of application hosting sites has a second uniform resource locator that is different from the first uniform resource locator. An identity access management server will register the application and the first uniform resource locator. From any hosting site, the application is invoked, upon which invocation, the application carries out at least a portion of the OAuth protocol exchange with the IAM. The proxy service at the first uniform resource locator receives an authentication message from the IAM and then redirects the authentication message to the application hosting site.
31 Citations
21 Claims
-
1. A method comprising:
-
operating a proxy service having a proxy uniform resource locator (URL) that communicates with an identity access management server, wherein an application is registered with the identity access management server using the proxy URL, and the application resides at a first network location corresponding to a first URL; and authenticating the application after the application is moved from the first network location to a second network location, by; receiving, at the proxy service having the proxy URL, an authentication message generated for the application; and forwarding, by the proxy service having the proxy URL, the authentication message to the application at the second network location having a second URL. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory computer readable medium having stored thereon a sequence of instructions which, when stored in memory and executed by a processor causes the processor to perform a set of acts comprising:
-
operating a proxy service having a proxy uniform resource locator (URL) that communicates with an identity access management server, wherein an application is registered with the identity access management server using the proxy URL, and the application resides at a first network location corresponding to a first URL; and authenticating the application after the application is moved from the first network location to a second network location, by; receiving, at the proxy service having the proxy URL, an authentication message generated for the application; and forwarding, by the proxy service having the proxy URL, the authentication message to the application at the second network location having a second URL. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A system comprising:
-
a non-transitory storage medium having stored thereon a sequence of instructions; and a physical processor that executes the sequence of instructions to cause a set of acts, the acts comprising, operating a proxy service having a proxy uniform resource locator (URL) that communicates with an identity access management server, wherein an application is registered with the identity access management server using the proxy URL, and the application resides at a first network location corresponding to a first URL; and authenticating the application after the application is moved from the first network location to a second network location, by; receiving, at the proxy service having the proxy URL, an authentication message generated for the application; and forwarding, by the proxy service having the proxy URL, the authentication message to the application at the second network location having a second URL. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification