Authentication proxy agent

What is claimed is: 1 . A server comprising: an authentication engine configured to cause at least one processor of the server to receive, at the server, an authentication request and credentials from a client; store the credentials at the server; generate, at the server, a proxy agent; send, from the proxy agent, the credentials to an identity provider to authenticate the client on behalf of the client, using the credentials; receive, at the proxy agent, an assertion of authentication of the client from the identity provider; create a session for the client, based on the assertion; and delete the stored credentials at the server. 2 . The system of claim 1 , wherein the authentication engine is implemented by a mobile server providing services to the client, and the client includes a mobile client. 3 . The system of claim 1 , wherein the authentication engine is configured to cause the at least one processor, in response to the receipt of the authentication request and credentials, to resolve a previously-stored authentication configuration, including identifying the identity provider from among a plurality of identity providers as being associated with the client. 4 . The system of claim 1 , wherein the proxy agent is configured to store configuration data governing content, format, and timing of interactions with the identity provider. 5 . The system of claim 1 , wherein the proxy agent includes a virtual browser manager configured to implement a virtual browser used to relay the credentials to the identity provider on behalf of the client. 6 . The system of claim 5 , wherein the virtual browser manager is configured to access a virtual browser pool storing a plurality of available virtual browsers, and to select the virtual browser therefrom. 7 . The system of claim 1 , wherein the proxy agent is configured to execute the Security Assertion Markup Language (SAML) standard with the identity provider, including receiving the assertion therefrom, on behalf of the client. 8 . The system of claim 1 , wherein the server includes a mobile server, and the authentication engine is provided by the mobile server, and wherein the session provides access to multiple services of the mobile server to the client. 9 . A method comprising: receiving, at a server, an authentication request and credentials from a client; storing the credentials at the server; generating, at the server, a proxy agent; sending, from the proxy agent, the credentials to an identity provider to authenticate the client on behalf of the client, using the credentials; receiving, at the proxy agent, an assertion of authentication of the client from the identity provider; creating a session for the client, based on the assertion; and deleting the stored credentials at the server. 10 . The method of claim 9 , wherein receiving the authentication request and credentials further comprises resolving a previously-stored authentication configuration, including identifying the identity provider from among a plurality of identity providers as being associated with the client. 11 . The method of claim 9 , wherein the proxy agent is configured to store configuration data governing content, format, and timing of interactions with the identity provider. 12 . The method of claim 9 , wherein the proxy agent includes a virtual browser manager configured to implement a virtual browser used to relay the credentials to the identity provider on behalf of the client. 13 . The method of claim 9 , wherein the proxy agent is configured to execute the Security Assertion Markup Language (SAML) standard with the identify provider, including receiving the assertion therefrom, on behalf of the client. 14 . The method of claim 9 , wherein the server includes a mobile server, and wherein the session provides access to multiple services of the mobile server to the client. 15 . A computer program product including instructions recorded on a non-transitory computer readable storage medium and configured to cause at least one processor to: receive, at a server, an authentication request and credentials from a client; store the credentials at the server; generate, at the server, a proxy agent; send, from the proxy agent, the credentials to an identity provider to authenticate the client on behalf of the client, using the credentials; receive, at the proxy agent, an assertion of authentication of the client from the identity provider; create a session for the client, based on the assertion; and delete the stored credentials at the server. 16 . The computer program product of claim 15 , wherein the instructions, when executed, are further configured, in response to the receipt of the authentication request and credentials, to resolve a previously-stored authentication configuration, including identifying the identity provider from among a plurality of identity providers as being associated with the client. 17 . The computer program product of claim 15 , wherein the proxy agent is configured to store configuration data governing content, format, and timing of interactions with the identity provider. 18 . The computer program product of claim 15 , wherein proxy agent includes a virtual browser manager configured to implement a virtual browser used to relay the credentials to the identity provider on behalf of the client. 19 . The computer program product of claim 18 , wherein the virtual browser manager is configured to access a virtual browser pool storing a plurality of available virtual browsers, and to select the virtual browser therefrom. 20 . The computer program product of claim 15 , wherein the proxy agent is configured to execute the Security Assertion Markup Language (SAML) standard with the identify provider, including receiving the assertion therefrom, on behalf of the client.