Secure transmission of a session identifier during service authentication

What is claimed is: 1. A method comprising: establishing a secure network link having a client computer and a network access device (NAD) as endpoints; over the secure network link, a client computer transferring a first hypertext transfer protocol secure (HTTPS) request to a network access device (NAD), wherein the first HTTPS request is addressed to an identity provider computer; the NAD transferring the first HTTPS request to the identity provider computer; transferring, by the NAD, from the identity provider computer, a preceding redirected uniform resource locator (URL) in response to the first HTTPS request, to the client computer, wherein the preceding redirected URL is configured to cause the client computer to redirect to said preceding redirected URL; over a secure network link, the NAD receiving a particular request specifying said preceding redirected URL, from the client computer; in response to receiving the particular request, the NAD generating a particular response, the particular response comprising a subsequent redirected URL and a session identifier, wherein the subsequent redirected URL is configured to cause the client computer to redirect to the identity provider computer over an HTTPS connection; transferring, by the NAD, said subsequent redirected URL over the secure network link to the client computer; transferring, by the NAD, a second HTTPS request, comprising the session identifier, from the client computer to the identity provider computer. 2. The method of claim 1 wherein said preceding redirected URL comprises a host identifier of the identity provider computer, and wherein the NAD receiving the particular request comprises the NAD intercepting the particular request. 3. The method of claim 1 wherein said preceding redirected URL specifies using hypertext transfer protocol (HTTP). 4. The method of claim 1 wherein said subsequent redirected URL comprises a query string that includes the session identifier. 5. The method of claim 1 wherein said preceding redirected URL comprises a session cookie, and the second HTTPS request comprises the session cookie. 6. The method of claim 1 wherein the secure network link comprises one of: an 802.11 robust security network (RSN) link, or an 802.1 advanced encryption (AE) link. 7. The method of claim 1 wherein a security assertion markup language (SAML) element is included in at least one of: said preceding redirected URL and the second HTTPS request. 8. The method of claim 1 wherein the session identifier is based at least in part on a session identifier of an Authentication/Authorization/Accounting (AAA) protocol selected from: remote authentication dial in user service (RADIUS) or Diameter. 9. The method of claim 1 wherein the secure network link comprises at least one of: a direct cable between the client computer and the NAD, or physical security between the client computer and the NAD. 10. A device comprising: a communication interface configured to operate a secure network link that has a client computer and the device as endpoints; a processor coupled to the communication interface; and a processor logic coupled to the processor and the communication interface, and configured to: over the secure network link, receive a first hypertext transfer protocol secure (HTTPS) request from a client computer, wherein the first HTTPS request is addressed to an identity provider computer; transfer the first HTTPS request to the identity provider computer; transfer, from the identity provider computer, a preceding redirected URL in response to the first HTTPS request, to the client computer and configured to cause the client computer to redirect to said preceding redirected URL; over the secure network link, receive a particular request specifying said preceding redirected URL, from the client computer; in response to receiving the particular request, generate a particular response, comprising a subsequent redirected URL and a session identifier, and configured to cause the client computer to redirect to the identity provider computer over an HTTPS connection; transfer said subsequent redirected URL over the secure network link to the client computer; and transfer a second HTTPS request, comprising the session identifier, from the client computer to the identity provider computer. 11. The device of claim 10 wherein said preceding redirected URL comprises a host identifier of the identity provider computer, and wherein receiving the particular request comprises intercepting the particular request. 12. The device of claim 10 wherein said preceding redirected URL specifies using HTTP. 13. The device of claim 10 wherein said subsequent redirected URL comprises a query string that includes the session identifier. 14. The device of claim 10 wherein said preceding redirected URL comprises a session cookie, and the second HTTPS request comprises the session cookie. 15. The device of claim 10 wherein the secure network link comprises one of: an 802.11 RSN link, or an 802.1 AE link. 16. The device of claim 10 wherein a SAML element is included in at least one of: said preceding redirected URL and the second HTTPS request. 17. The device of claim 10 wherein the session identifier is based at least in part on a session identifier of an AAA protocol selected from: RADIUS or Diameter. 18. One or more non-transitory computer readable media comprising instructions that when executed by one or more processors cause: establishing a secure network link having a client computer and a network access device (NAD) as endpoints; over the secure network link, a client computer transferring a first hypertext transfer protocol secure (HTTPS) request to a network access device (NAD), wherein the first HTTPS request is addressed to an identity provider computer; the NAD transferring the first HTTPS request to the identity provider computer; transferring, by the NAD, from the identity provider computer, a preceding redirected uniform resource locator (URL) in response to the first HTTPS request, to the client computer, wherein the preceding redirected URL is configured to cause the client computer to redirect to said preceding redirected URL; over a secure network link, the NAD receiving a particular request specifying said preceding redirected URL, from the client computer; in response to receiving the particular request, the NAD generating a particular response, the particular response comprising a subsequent redirected URL and a session identifier, wherein the subsequent redirected URL is configured to cause the client computer to redirect to the identity provider computer over an HTTPS connection; transferring, by the NAD, said subsequent redirected URL over the secure network link to the client computer; transferring, by the NAD, a second HTTPS request, comprising the session identifier, from the client computer to the identity provider computer. 19. The one or more non-transitory computer readable media of claim 18 wherein the secure network link comprises one of: an 802.11 robust security network (RSN) link, or an 802.1 advanced encryption (AE) link. 20. The one or more non-transitory computer readable media of claim 18 wherein a security assertion markup language (SAML) element is included in at least one of: said preceding redirected URL and the second HTTPS request. 21. The one or more non-transitory computer readable media of claim 18 wherein the session identifier is based at least in part on a session identif