主权项 |
1. A computer-implemented method of authenticating and authorizing an entity, comprising:
receiving, by a RESTful service, a request from an entity, wherein the request is for access to a protected resource; redirecting the entity to a relying party, wherein the relying party facilitates the authentication of the entity and stores a first credential and a SAML credential; receiving, by the RESTful service, the first credential from the relying party, wherein the first credential is received through a front channel; receiving, by the RESTful service, the SAML credential from the relying party, wherein the SAML credential is received through a back channel; authenticating the entity at a level of confidence based on the credential strength of the first credential and based on the credential strength of the SAML credential; and authorizing the entity's access to the protected resource, wherein the authorization is based on attributes contained in the SAML credential. |