CREDENTIAL COLLECTION IN AN AUTHENTICATION SERVER EMPLOYING DIVERSE AUTHENTICATION SCHEMES

摘要

An aspect of the present invention facilitates flexible credential collection in an authentication server employing diverse authentication schemes. In an embodiment, an access manager in the authentication server determines that an authentication scheme is to be used for allowing access to a resource requested by a user. A custom module (implementing the authentication scheme) in the authentication server then sends to the access manager commands indicating corresponding sets of credentials to be collected. The access manager, in response to receiving each command, collects the corresponding credentials from the user and checks whether the collected credentials authenticates the user. The custom module sends each command after the checking of the previously collected credentials. Accordingly, a developer of the custom module is enabled to request for and to perform the authentication of the user based on different sets of credentials.

主权项

1. An authentication server comprising:
an access manager to receive an authentication request for a user seeking access to a resource, and to identify that a first authentication scheme is to be used for authenticating said user before allowing access to said resource, wherein said first authentication scheme specifies that both of a first set of credentials and a second set of credentials are to be collected and checked for processing said authentication request; and a custom module to send to said access manager a first command indicating said first set of credentials to be collected, said access manager, in response to receiving of said first command collecting said first set of credentials from said user, and checking whether said first set of credentials authenticates said user, said custom module to send to said access manager a second command after said checking, said second command indicating said second set of credentials to be collected, said access manager, in response to receiving of said second command, collecting said second set of credentials from said user and checking whether said second set of credentials authenticates said user, wherein, in response to said first authentication scheme specifying that said first set of credentials and said second set of credentials are to be collected and checked for processing said authentication request, said custom module sends said first command and said second command and said access manager collects and checks both of said first set of credentials and said second set of credentials to process said authentication request.