Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

System and method of federated authentication with reverse proxy

Inactive Publication Date: 2012-11-01
SYMANTEC CORP
View PDF11 Cites 98 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Benefits of technology

[0010]It is an objective of the invention to provide an enhanced reverse proxy which allows federated single sign-on to be used with cloud applications.
[0015]in the reverse proxy computer, replacing the URL with a modified URL, and returning the modified URL to the client device, thereby enabling the client to access the resource.

Problems solved by technology

As a result, most cloud applications cannot use simultaneously both a federated SSO strategy, which normally requires direct communications between the Identity Provider for the enterprise and the Cloud application, and a Reverse Proxy, which would interrupt this direct communications for SSO.
A new challenge is to use a Reverse Proxy server to act as a gateway to a heterogeneous mix of web servers, each with a unique URL / Domain, and a set of disparate services.
The limited capabilities of existing Reverse Proxy servers would require the setup of separate reverse proxies on a cloud by cloud basis.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • System and method of federated authentication with reverse proxy
  • System and method of federated authentication with reverse proxy
  • System and method of federated authentication with reverse proxy

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0086]With the objective to overcome the limitations of reverse proxies of the prior art, an enhanced Reverse Proxy server has been developed by the PerspecSys corporation. This enhanced Reverse Proxy server will be referred to as a Perspecsys (PRS) Reverse Proxy, features and embodiments of which are described in the following.

[0087]To resolve the apparent incompatibility of federated SSO to operate in conjunction with a Reverse Proxy, the invention proposes a system and methods wherein a modified Reverse Proxy (termed PerspecSys Reverse Proxy) behaves as an Intercepting Proxy, inserting itself in the middle of the trusted authentication conversation between the SSO Identity Provider and the Cloud application. In this way, the PRS Reverse Proxy can be used for its original purposes for managing access to the Cloud applications, i.e. applications provided and running in SaaS servers, while not hindering the security and user management that SSO provides for authentication with the C...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

A Security Assertion Markup Language (SAML) conversation is intercepted in an enhanced Reverse Proxy server computer located in the path between a user and a server computer that provide cloud application services to the user. During authentication, the SAML assertion signature is modified in the enhanced Reverse Proxy such that the enhanced Reverse Proxy and the user can share an encryption key. The modified assertion signature permits a common session key to be shared by the enhanced Reverse Proxy and a targeted application in the server, thus enabling the user to be authenticated, and subsequently to communicate via the enhanced Reverse Proxy in a secure session with an application in the server.

Description

RELATED APPLICATIONS[0001]The present application claims benefit from the U.S. provisional application Ser. No. 61 / 479,634 filed on Apr. 27, 2012, entire contents of which are incorporated herein by reference.FIELD OF THE INVENTION[0002]The present invention relates to client-server communication in a network, and in particular to user authentication when client-server communication is mediated by a proxy.BACKGROUND OF THE INVENTION[0003]In computer networks, a Reverse Proxy is a type of proxy server that retrieves resources on behalf of a client from one or more servers. These resources are then returned to the client as though they originated from the Reverse Proxy itself. The user browser navigates to a Universal Resource Locator (URL) in a Hypertext Transfer Protocol (HTTP) message for example HTTP: / / www.mydomain.com. The Reverse Proxy at that address, in turn, makes a request to the real web server resources on behalf of the user, for example HTTP: / / www.saas.com. In order for a...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/00G06F7/04
CPCH04L61/2596H04L61/301H04L67/28H04L63/0815G09C1/00G06F21/10H04L63/0281G06F21/602H04L67/02H04L67/56
Inventor WOELFEL, JOHN HAROLDWOLOSZYN, TERRENCE PETER
Owner SYMANTEC CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com