Cross instance user authentication architecture

摘要

In accordance with disclosed embodiments, there are provided methods, systems, and apparatuses for implementing a cross instance user authentication architecture in an on-demand service environment including, for example, means for receiving a login request at a global Virtual Internet Protocol (VIP) address for the host organization from a client device; forwarding the login request; determining the selected datacenter is a home-geo or a non-home-geo datacenter; establishing a back-end link; forwarding the login request from the non-home-geo datacenter to the home-geo datacenter via the back-end link for authentication; and returning a response to the client device from the non-home-geo datacenter upon successful authentication of the login request at the home-geo datacenter. Other related embodiments are disclosed.

主权项

1. A method at a host organization, the method comprising:
receiving a login request from a client device at a single URL endpoint which services login requests for the host organization, the login request received at a first login server of the host organization, the first login server having at least a processor and a memory therein to receive the login request, wherein the first login server resides within a first datacenter of the host organization; forwarding the login request received at the first login server of the host organization to a second login server within a second one of a plurality of datacenters within the host organization, the second login server having at least a processor and a memory therein to receive the login request from the first login server; determining the second datacenter is a non-home-geo datacenter for a user associated with the login request received from the client device; establishing a back-end link from the non-home-geo datacenter to a home-geo datacenter for the user; forwarding the login request from the non-home-geo datacenter to the home-geo datacenter via the back-end link for authentication of the client device at the user's home-geo datacenter responsive to the login request received from the client device; and redirecting communications with the host organization from the client device to the user's home-geo datacenter upon successful authentication of the login request at the home-geo datacenter.