摘要 |
<p>User access to a protected resource is controlled by: intercepting a request from a client browser (80) directed to a server (50); requesting user credentials from the client browser (80); processing user credentials received from the client browser (80) to authenticate the user; redirecting the client browser (80) to an authorization server (70) configured to issue a token credential; intercepting an authorization request from the browser (80) to the authorization server (70), and inserting into the authorization request an HTTP header variable indicating the authentication status of the user (20). The authorization server (70) is arranged to issue a token credential, which may be used by the user (20) to obtain a token for indicating to a server (50) hosting the protected resource authorization of the user to access the protected resource.</p> |