发明名称 |
Cross instance user authentication architecture |
摘要 |
In accordance with disclosed embodiments, there are provided methods, systems, and apparatuses for implementing a cross instance user authentication architecture in an on-demand service environment including, for example, means for receiving a login request at a global Virtual Internet Protocol (VIP) address for the host organization from a client device; forwarding the login request; determining the selected datacenter is a home-geo or a non-home-geo datacenter; establishing a back-end link; forwarding the login request from the non-home-geo datacenter to the home-geo datacenter via the back-end link for authentication; and returning a response to the client device from the non-home-geo datacenter upon successful authentication of the login request at the home-geo datacenter. Other related embodiments are disclosed. |
申请公布号 |
US9584505(B2) |
申请公布日期 |
2017.02.28 |
申请号 |
US201514709822 |
申请日期 |
2015.05.12 |
申请人 |
salesforce.com, inc. |
发明人 |
Lee Jong |
分类号 |
G06F21/31;H04L29/06;G06F21/45;H04L29/08 |
主分类号 |
G06F21/31 |
代理机构 |
Blakely Sokoloff Taylor & Zafman LLP |
代理人 |
Blakely Sokoloff Taylor & Zafman LLP |
主权项 |
1. A method at a host organization, the method comprising:
receiving a login request from a client device at a single URL endpoint which services login requests for the host organization, the login request received at a first login server of the host organization, the first login server having at least a processor and a memory therein to receive the login request, wherein the first login server resides within a first datacenter of the host organization; forwarding the login request received at the first login server of the host organization to a second login server within a second one of a plurality of datacenters within the host organization, the second login server having at least a processor and a memory therein to receive the login request from the first login server; determining the second datacenter is a non-home-geo datacenter for a user associated with the login request received from the client device; establishing a back-end link from the non-home-geo datacenter to a home-geo datacenter for the user; forwarding the login request from the non-home-geo datacenter to the home-geo datacenter via the back-end link for authentication of the client device at the user's home-geo datacenter responsive to the login request received from the client device; and redirecting communications with the host organization from the client device to the user's home-geo datacenter upon successful authentication of the login request at the home-geo datacenter. |
地址 |
San Francisco CA US |