Method and system for extending authentication methods
First Claim
1. A computer-implemented method for managing authentication credentials for a user within a data processing system, the method comprising:
- receiving at a session management server from a client a request to access a protected resource on behalf of a user, wherein the session management server performs session management with respect to the user for a domain that includes the protected resource, and wherein access to the protected resource requires authentication credentials that have been generated for a first type of authentication context;
in response to determining by the session management server that authentication credentials for the user indicate that the authentication credentials have been generated for a second type of authentication context, sending a first message from the session management server to an authentication proxy server, wherein the first message contains the authentication credentials for the user and an indicator for the first type of authentication context; and
receiving a second message at the session management server from the authentication proxy server, wherein the second message contains updated authentication credentials for the user, and wherein the updated authentication credentials indicate that the updated authentication credentials have been generated for the first type of authentication context.
3 Assignments
0 Petitions
Accused Products
Abstract
A method is presented for managing authentication credentials for a user. A session management server performs session management with respect to the user for a domain that includes a protected resource. The session management server receives a request to access the protected resource, which requires authentication credentials that have been generated for a first type of authentication context. In response to determining that authentication credentials for the user have been generated for a second type of authentication context, the session management server sends to an authentication proxy server a first message that contains the authentication credentials for the user and an indicator for the first type of authentication context. The session management server subsequently receives a second message that contains updated authentication credentials for the user that indicate that the updated authentication credentials have been generated for the first type of authentication context.
76 Citations
20 Claims
-
1. A computer-implemented method for managing authentication credentials for a user within a data processing system, the method comprising:
-
receiving at a session management server from a client a request to access a protected resource on behalf of a user, wherein the session management server performs session management with respect to the user for a domain that includes the protected resource, and wherein access to the protected resource requires authentication credentials that have been generated for a first type of authentication context; in response to determining by the session management server that authentication credentials for the user indicate that the authentication credentials have been generated for a second type of authentication context, sending a first message from the session management server to an authentication proxy server, wherein the first message contains the authentication credentials for the user and an indicator for the first type of authentication context; and receiving a second message at the session management server from the authentication proxy server, wherein the second message contains updated authentication credentials for the user, and wherein the updated authentication credentials indicate that the updated authentication credentials have been generated for the first type of authentication context. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer program product on a computer-readable storage medium for use within a data processing system for managing authentication credentials for a user, the computer program product holding computer program instructions which when executed by the data processing system perform a method comprising:
-
receiving at a session management server from a client a request to access a protected resource on behalf of a user, wherein the session management server performs session management with respect to the user for a domain that includes the protected resource, and wherein access to the protected resource requires authentication credentials that have been generated for a first type of authentication context; sending, in response to determining by the session management server that authentication credentials for the user indicate that the authentication credentials have been generated for a second type of authentication context, a first message from the session management server to an authentication proxy server, wherein the first message contains the authentication credentials for the user and an indicator for the first type of authentication context; and receiving a second message at the session management server from the authentication proxy server, wherein the second message contains updated authentication credentials for the user, and wherein the updated authentication credentials indicate that the updated authentication credentials have been generated for the first type of authentication context. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. An apparatus for managing authentication credentials for a user within a data processing system, the apparatus comprising:
-
a processor; a computer memory holding computer program instructions which when executed by the processor perform a method comprising; receiving at a session management server from a client a request to access a protected resource on behalf of a user, wherein the session management server performs session management with respect to the user for a domain that includes the protected resource, and wherein access to the protected resource requires authentication credentials that have been generated for a first type of authentication context; sending, in response to determining by the session management server that authentication credentials for the user indicate that the authentication credentials have been generated for a second type of authentication context, a first message from the session management server to an authentication proxy server, wherein the first message contains the authentication credentials for the user and an indicator for the first type of authentication context; and receiving a second message at the session management server from the authentication proxy server, wherein the second message contains updated authentication credentials for the user, and wherein the updated authentication credentials indicate that the updated authentication credentials have been generated for the first type of authentication context. - View Dependent Claims (18, 19, 20)
-
Specification