| CPC H04L 63/0807 (2013.01) [H04L 63/0236 (2013.01); H04L 63/102 (2013.01); H04L 63/20 (2013.01)] | 20 Claims |
|
1. A system, comprising:
at least one processor; and
a memory that stores one or more programs that are configured to be executed by the one or more processors, the one or more programs including instructions to perform actions that:
transmit, from a client application, a first request to authenticate the client application to access an on-premise application, the first request sent to an identity provider of a cloud computing service, the first request made through a cloud-based network authentication protocol, the on-premise application subject to a Kerberos authentication protocol, the cloud-based network authentication protocol incompatible with the Kerberos authentication protocol;
in response to a successful authentication of the client application, obtain, at the client application, a security token including at least one claim, wherein the at least one claim includes a Kerberos security ticket of the Kerberos authentication protocol, wherein a claim identifies a granted permission to a resource, the Kerberos security ticket generated by a Kerberos Key Distribution Center included in the identity provider of the cloud computing service, the security token associated with the cloud-based network authentication protocol;
extract, at the client application, the Kerberos security ticket from the security token;
transmit, from the client application, a Kerberos authentication request using the Kerberos authentication protocol to a second Kerberos Key Distribution Center comprising a Kerberos authorization server of the on-premise application, the Kerberos authentication request including the Kerberos security ticket; and
in response to a successful validation of the Kerberos security ticket, obtain, by the client application, access to the on-premise application.
|