Systems and methods for policy based triggering of client-authentication at directory level granularity
First Claim
1. A method comprising:
- (a) receiving, by a device intermediary to a client and a server, a first request from the client to access a protected resource of the server;
(b) determining, by the device, that a predetermined portion of the first request matches a corresponding portion specified by a policy, the policy applied responsive to the first request to access the protected resource and specifying an action for the device to request an authentication certificate from the client responsive to the determination that the predetermined portion of the first request matches the corresponding portion specified by the policy, wherein the predetermined portion of the first request includes at least one of a uniform resource locator (URL) pattern, an identifier of one of a method or function, a directory identifier, a client network identifier, a server network identifier, a network port, and a secure socket layer (SSL) parameter; and
(c) transmitting, by the device responsive to the action specified by the policy and while queuing the first request, a second request to the client for the authentication certificate.
7 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods are disclosed for an appliance to authenticate access of a client to a protected directory on a server via a connection, such as a secure SSL connection, established by the appliance. A method comprises the steps of: receiving, by an appliance, a first request from a client on a first network to access a server on a second network, the appliance providing the client a virtual private network connection from the first network to the second network; determining, by the appliance, the first request comprises access to a protected directory of the server; associating, by the appliance, an authentication policy with the protected directory, the authentication policy specifying an action to authenticate the client'"'"'s access to the protected directory; and transmitting, by the appliance in response to the authentication policy, a second request to the client for an authentication certificate. Corresponding systems are also disclosed.
34 Citations
18 Claims
-
1. A method comprising:
-
(a) receiving, by a device intermediary to a client and a server, a first request from the client to access a protected resource of the server; (b) determining, by the device, that a predetermined portion of the first request matches a corresponding portion specified by a policy, the policy applied responsive to the first request to access the protected resource and specifying an action for the device to request an authentication certificate from the client responsive to the determination that the predetermined portion of the first request matches the corresponding portion specified by the policy, wherein the predetermined portion of the first request includes at least one of a uniform resource locator (URL) pattern, an identifier of one of a method or function, a directory identifier, a client network identifier, a server network identifier, a network port, and a secure socket layer (SSL) parameter; and (c) transmitting, by the device responsive to the action specified by the policy and while queuing the first request, a second request to the client for the authentication certificate. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system comprising:
-
a device intermediary to a client and a server, the device is configured to receive a first request from the client to access a protected resource of the server, determine that a predetermined portion of the first request matches a corresponding portion specified by a policy, the policy applied responsive to the first request to access the protected resource and specifying an action for the device to request an authentication certificate from the client responsive to determining that the predetermined portion of the first request matches the corresponding portion specified by the policy, wherein the predetermined portion of the first request includes at least one of a uniform resource locator (URL) pattern, an identifier of one of a method or function, a directory identifier, a client network identifier, a server network identifier, a network port, and a secure socket layer (SSL) parameter; and wherein the device is configured to transmit, responsive to the action specified by the policy and while queuing the first request, a second request to the client for the authentication certificate. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
Specification