CPC H04L 63/0272 (2013.01) [H04L 63/0236 (2013.01); H04L 63/0815 (2013.01); H04L 63/20 (2013.01)] | 20 Claims |
1. A computerized method, by a controller deployed within a cloud computing network and maintained within a non-transitory storage medium, for establishing a secure channel between a virtual private network (VPN) client processing on a network device for a user and a network gateway, the computerized method comprising:
transmitting, by the controller, an authentication request to an identity provider based on receipt of a resource request from the VPN client;
receiving, by the controller, an authentication response from the identity provider;
generating, by the controller, an authentication token based on the authentication response;
transmitting, by the controller, the authentication token to the VPN client, wherein the controller further stores the authentication token;
receiving, by the network gateway, a secure connection request from the VPN client that includes the authentication token;
validating, by the network gateway, the authentication token by querying the controller for a comparison of a pairing of the authentication token and a user identifier with one or more stored pairings of authentication tokens and user identifiers;
in response to validation of the authentication token, establishing, by the network gateway, the secure connection with VPN client; and
providing, by the network gateway, the VPN client with access to resources via the secure connection.
|