Systems, methods, and computing platforms for executing credential-less network-based communication exchanges
US-12184638-B2 · Dec 31, 2024 · US
State driven orchestration of authentication components in an access manager
US9628465B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9628465-B2 |
| Application number | US-201514754238-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jun 29, 2015 |
| Priority date | Jan 24, 2013 |
| Publication date | Apr 18, 2017 |
| Grant date | Apr 18, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Methods and systems are described for state driven orchestration of authentication components to access a resource protected by an access manager framework. In response to a client request for a protected resource, relevant authentication components and their respective order are determined. Upon successful authentication of the first authentication component, proper state information of the authentication process is stored by the client indicating the next authentication component. In response to a request for additional credential information for the authentication process from the next authentication component, the client provides the stored state information so that the authentication process continues with the second authentication component according to the determined order of the authentication components within an authentication process.
First claim
Opening claim text (preview).
What is claimed is: 1. A method comprising: receiving, from a client, a request to access a resource; determining an authentication process for access to the resource based on the request, wherein determining the authentication process includes determining a plurality of authentication components, and wherein the plurality of authentication components includes a first authentication component and a second authentication component; based on the determined authentication process, performing, using the first authentication component, a first authentication for the client; sending, based on the first authentication, an authentication context to the client, wherein the authentication context indicates an execution state of the authentication process; receiving, from the client, the authentication context; based on the execution state indicated by the authentication context, determining the second component as a next component in the authentication process; and based on the execution state indicated by the authentication context: bypassing the first authentication component; and then sending a request to the second authentication component of the authentication process, to perform a second authentication for the client. 2. The method of claim 1 , further comprising: allowing access to the resource for the client based on the authentication context and the second authentication. 3. The method of claim 1 , further comprising: determining an authentication order for performing the authentication process using the plurality of authentication components; wherein the authentication process is determined based at least in part on the request. 4. The method of claim 3 , wherein the execution state indicates an authentication component that is next in the authentication order for the authentication process. 5. The method of claim 1 , wherein the authentication context includes credential data validated for the user for each authentication component of the plurality of authentication components for which an authentication is performed for the authentication process. 6. The method of claim 1 , wherein the authentication context is sent to the client with a request for credential information, and wherein the credential information is for the second authentication using the second authentication component. 7. The method of claim 2 , further comprising: generating a session for allowing access to the resource for the client based on the authentication context and the second authentication. 8. The method of claim 1 , wherein the authentication context is implemented as a Hypertext Transfer Protocol (HTTP) cookie. 9. The method of claim 1 , wherein the authentication context is implemented as an encrypted cookie. 10. The method of claim 1 , wherein the first authentication component is an authentication plugin, and wherein the first authentication component is different from the second authentication component. 11. The method of claim 1 , wherein the resource includes an application. 12. The method of claim 1 , wherein the authentication context is represented as a Java® object. 13. A system comprising: a memory; and one or more processors operatively coupled to the memory and configured to: receive, from a client, a request to access a resource; determine an authentication process for access to the resource based on the request, wherein determining the authentication process includes determining a plurality of authentication components, and wherein the plurality of authentication components includes a first authentication component and a second authentication component; based on the determined authentication process, perform, using the first authentication component, a first authentication for the client; send, based on the first authentication, an authentication context to the client, wherein the authentication context indicates an execution state of the authentication process; receive, from the client, the authentication context; based on the execution state indicated by the authentication context, determine the second component as a next component in the authentication process; based on the execution state indicated by the received authentication context: bypass the first authentication component; and then send a request to the second authentication component of the authentication process, to perform a second authentication for the client; and allow access to the resource based on the authentication context and the second authentication. 14. The system of claim 13 , wherein the one or more processors are further configured to: determine an authentication order for performing the authentication process using the plurality of authentication components; wherein the authentication process is determined based at least in part on the request. 15. The system of claim 13 , wherein the execution state indicates an authentication component that is next in the authentication order for the authentication process. 16. A non-transitory machine-readable medium storing instructions that, when executed by one or more processors, cause the one or more processors to: receive, from a client, a request to access a resource; determine an authentication process for access to the resource based on the request, wherein determining the authentication process includes determining a plurality of authentication components, and wherein the plurality of authentication components includes a first authentication component and a second authentication component; based on the determined authentication process, perform, using the first authentication component, a first authentication for the client; send, based on the first authentication, an authentication context to the client, wherein the authentication context indicates an execution state of the authentication process; receive, from the client, the authentication context; based on the execution state indicated by the authentication context, determine the second component as a next component in the authentication process; and based on the execution state indicated by the authentication context: bypass the first authentication component; and then send a request to the second authentication component of the authentication process, to perform a second authentication for the client. 17. The non-transitory machine-readable medium of claim 16 , wherein the instructions, when executed by the one or more processors, further cause the one or more processors to: generate a session for allowing access to the resource for the client based on the authentication context and the second authentication. 18. The non-transitory machine-readable medium of 16 , wherein the instructions, when executed by the one or more processors, further cause the one or more processors to: allow access for the client to a plurality of resources including the resource, wherein the access is allowed based on the authentication context and the second authentication. 19. The non-transitory machine-readable medium of claim 16 , wherein the authentication context includes credential data validated for the user for each authentication component of the plurality of authentication components for which an authentication is performed for the authentication process.
Assignees
Inventors
Classifications
based on web technology, e.g. hypertext transfer protocol [HTTP] · CPC title
Entity profiles · CPC title
- H04L63/08Primary
for authentication of entities (cryptographic mechanisms or cryptographic arrangements for entity authentication H04L9/32) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9628465B2 cover?
- Methods and systems are described for state driven orchestration of authentication components to access a resource protected by an access manager framework. In response to a client request for a protected resource, relevant authentication components and their respective order are determined. Upon successful authentication of the first authentication component, proper state information of the au…
- Who is the assignee on this patent?
- Oracle Int Corp
- What technology area does this patent fall under?
- Primary CPC classification H04L63/08. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Apr 18 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).