User authentication with multiple authentication sources and non-binary authentication decisions

What is claimed is: 1. A method comprising: receiving an authentication request from an application server seeking to authenticate a user for access to a protected resource associated with the application server; evaluating, using at least one processing device, one or more pre-flow rules and one or more characteristics of said authentication request to determine a plurality of authentication sources from a set of authentication sources to invoke for said authentication request and an order for said invocation; communicating, using said at least one processing device, with at least a first authentication source in the set based on said determined invocation order to provide first authentication information of the user to said first authentication source and to obtain a first authentication result for the user from said first authentication source; evaluating, using said at least one processing device, one or more in-flow rules and said first authentication result to determine if additional authentication of the user should be performed prior to determining a final authentication decision; communicating, using said at least one processing device, with at least a second authentication source in the set based on one or more of said determined invocation order and a result of said evaluation of said one or more in-flow rules to provide second authentication information of the user to said second authentication source and to obtain a second authentication result for the user from said second authentication source, wherein the second authentication source is distinct from the first authentication source and performs an authentication type distinct from the authentication type of the first authentication source; and dynamically evaluating, using said at least one processing device, one or more decision rules and said first authentication result and said second authentication result to determine a combined authentication decision, wherein at least a given one of said first authentication result and said second authentication result comprises a non-binary response indicating an individual confidence level of said corresponding second authentication result obtained from a given one of said first authentication source and said second authentication source that generated said given authentication result, wherein said combined authentication decision comprises one or more of accept said user, reject said user and proceed to one or more third authentication sources in the set, wherein said non-binary response indicating an individual confidence level of said corresponding first or second authentication result is used to determine a selection of at least one particular subsequent authentication source from a subset of two or more authentication sources in the set that have not provided an authentication result for said authentication request. 2. The method of claim 1 , wherein the authentication type of one or more of the first authentication source and the second authentication source comprise one or more of: a credential-based authentication using a credential supplied by the user; a risk-based authentication evaluating a risk posed by a set of risk factors associated with the authentication request; an evaluation of one or more cookies stored on a device from at least one previous authentication; and a biometric authentication. 3. The method of claim 1 , wherein the invocation order comprises a list of a plurality of said authentication sources to contact one or more of sequentially, in parallel and a combination thereof. 4. The method of claim 1 , wherein said one or more in-flow rules change said invocation order for said user dynamically during said authentication of said user. 5. The method of claim 1 , wherein said decision rules are at least one of: customer-specific and updated using machine learning techniques. 6. The method of claim 1 , wherein said decision rules combine said first and second authentication results into said combined authentication decision. 7. The method of claim 1 , wherein the selection of the at least one particular subsequent authentication source dynamically updates the order for said invocation. 8. An article of manufacture comprising a non-transitory processor-readable storage medium having processor-readable instructions embodied thereon which, when implemented, cause at least one processing device to carry out the following steps: receiving an authentication request from an application server seeking to authenticate a user for access to a protected resource associated with the application server; evaluating, using said at least one processing device, one or more pre-flow rules and one or more characteristics of said authentication request to determine a plurality of authentication sources from a set of authentication sources to invoke for said authentication request and an order for said invocation; communicating, using said at least one processing device, with at least a first authentication source in the set based on said determined invocation order to provide first authentication information of the user to said first authentication source and to obtain a first authentication result for the user from said first authentication source: evaluating, using said at least one processing device, one or more in-flow rules and said first authentication result to determine if additional authentication of the user should be performed prior to determining a final authentication decision; communicating, using said at least one processing device, with at least a second authentication source in the set based on one or more of said determined invocation order and a result of said evaluation of said one or more in-flow rules to provide second authentication information of the user to said second authentication source and to obtain a second authentication result for the user from said second authentication source, wherein the second authentication source is distinct from the first authentication source performs an authentication type distinct from the authentication type of the first authentication source; and dynamically evaluating, using said at least one processing device, one or more decision rules and said first authentication result and said second authentication result to determine a combined authentication decision, wherein at least a given one of said first authentication result and said second authentication result comprises a non-binary response indicating an individual confidence level of said corresponding first or second authentication result obtained from a given one of said first authentication source and said second authentication source that generated said given authentication result, wherein said combined authentication decision comprises one or more of accept said user, reject said user and proceed to one or more third authentication sources in the set, wherein said non-binary response indicating an individual confidence level of said corresponding first or second authentication result is used to determine a selection of at least one particular subsequent authentication source from a subset of two or more authentication sources in the set that have not provided an authentication result for said authentication request. 9. The article of manufacture of claim 8 , wherein the invocation order comprises a list of a plurality of said authentication sources to contact one or more of sequentially, in parallel and a combination thereof. 10. The article of manufacture of claim 8 , wherein said one or more in-flow rules change said invocation order for said user dynamically during said authentication of said user. 11. The article of manufacture of claim 8 , wherein said decision