Cross-protocol federated single sign-on (F-SSO) for cloud enablement

摘要

A method to enable access to resources hosted in a compute cloud begins upon receiving a registration request to initiate a user's registration to use resources hosted in the compute cloud. During a registration process initiated by receipt of the registration request, a federated single sign-on (F-SSO) request is received. The F-SSO request includes an assertion (e.g., an HTTP-based SAML assertion) having authentication data (e.g., an SSH public key, a CIFS username, etc.) for use to enable direct user access to a resource hosted in the compute cloud. Upon validation of the assertion, the authentication data is deployed within the cloud to enable direct user access to the compute cloud resource using the authentication data. In this manner, the cloud provider provides authentication, single sign-on and lifecycle management for the user, despite the “air gap” between the HTTP protocol used for F-SSO and the non-HTTP protocol used for the user's direct access to the cloud resource.

主权项

1. A method to manage access to resources hosted in a shared pool of configurable computing resources, comprising:
receiving a registration request to initiate a user's registration to use resources hosted in the shared pool of configurable computing resources; during a registration process initiated by receipt of the registration request, receiving a federated single sign-on (F-SSO) request, the F-SSO request having an assertion associated therewith that includes authentication data for use to enable direct user access to a resource hosted in the shared pool of configurable computing resources; attempting to validate the assertion using a software component executing on a hardware element; upon validation of the assertion, deploying the authentication data within the shared pool of configurable computing resources to enable direct user access to the resource.