Delivery of authentication information to a RESTful service using token validation scheme
First Claim
Patent Images
1. A computer-implemented method of authenticating an entity, comprising:
- receiving, by an authentication component of a RESTful service, a service request from an entity agent;
redirecting, by the authentication component, the entity agent to a relying party;
redirecting, by the relying party, the entity agent to an identity provider, wherein the identity provider authenticates the entity using entity-supplied information;
accepting, by the relying party, a service ticket and a SAML assertion from the identity provider;
sending, by the relying party, the service ticket to the authentication component, wherein the sending is via the entity agent through an HTTP redirect; and
retrieving, by the authentication component, entity-related information from the relying party, wherein the retrieved entity-related information is encoded in the SAML assertion and transferred via a back channel.
3 Assignments
0 Petitions
Accused Products
Abstract
Information useful for authenticating an entity is sent over a back channel during the authentication of an entity to a RESTful service. The delivery of the entity-related information is triggered by the validation of a service ticket received by the authentication component of the RESTful service.
57 Citations
19 Claims
-
1. A computer-implemented method of authenticating an entity, comprising:
-
receiving, by an authentication component of a RESTful service, a service request from an entity agent; redirecting, by the authentication component, the entity agent to a relying party; redirecting, by the relying party, the entity agent to an identity provider, wherein the identity provider authenticates the entity using entity-supplied information; accepting, by the relying party, a service ticket and a SAML assertion from the identity provider; sending, by the relying party, the service ticket to the authentication component, wherein the sending is via the entity agent through an HTTP redirect; and retrieving, by the authentication component, entity-related information from the relying party, wherein the retrieved entity-related information is encoded in the SAML assertion and transferred via a back channel. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer system providing entity-authentication, comprising:
-
a network connected RESTful server system comprising an authentication component, the authentication component operable to; redirect an entity agent to a relying party, receive a service ticket, send a validate service ticket request via a back channel, receive a SAML assertion via a back channel, wherein the SAML assertion encodes entity-related information, and authenticate an entity making a RESTful service request, wherein the authentication is based, at least in part, on entity-related information; an identity provider system running on one or more processors operable to return entity-related information based, at least in part, on entity-supplied information from the entity agent; and a relying party system operable to; receive a request for entity-related information from the authentication component, receive entity-related information from the identity provider, send a service ticket associated with the request for entity-related information, wherein the service ticket is sent by redirecting the entity agent from the relying party to the authentication component, receive a validate service ticket request from the authentication component, wherein the validate service ticket request is via a back channel, and send a SAML assertion to the authentication component via a back channel, wherein the SAML assertion is associated with the request for entity related information. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
Specification