System and method for relaying authentication at network attachment

1. A method for authenticating a client to a network access server, said method comprising(a) connecting said client to said network access server,(b) transmitting from said client to said network access server an identity,(c) forwarding said identity from said network access server to a local authentication server,(d) locating an identity provider web server responsible for authenticating said client with said identity,(e) transmitting from said local authentication server to said client a redirect address,(f) establishing a tunnel to permit access from said client to said identity provider web server via said network access server and said local authentication server,(g) transmitting from said client to said identity provider web server within said tunnel an authentication request comprising said identity and comprising said redirect address,(h) authenticating said client at said identity provider web server based on said authentication request,(i) transmitting from said identity provider web server to said client within said tunnel a response,(j) transmitting from said client to said local authentication server said response,(k) validating said response at said local authentication server, and(l) transmitting from said local authentication server to said network access server a configuration to permit network access by said client.