| CPC H04L 63/08 (2013.01) [H04L 67/02 (2013.01)] | 11 Claims |
|
1. A method to enable an Identity Provider having an authorization gateway and an authentication interface to verify authenticity of an authentication script component that is used by a user agent active in a web browser to issue authentication API calls and that is managed by a broker or by a service provider, said method comprising:
for the broker, after reception of a request to get a web application login page from a user agent, requesting a pre-authorization at the Authorization Gateway with a broker identifier and contextual information relative to at least an end-user connection, receiving a random token in answer, requesting the creation of an authentication front end script on the basis of the random token at a front-end delivery, said front-end delivery being able to retrieve currently observed contextual information at the user agent, embedding the random token and the URL for the authentication front-end in the web application login page and sending the web application login page to the user agent,
for the front-end delivery, while receiving a request for an authentication front end including the token from the broker, sending the token and the contextual information to the authorization gateway, and generating the authentication front end script embedding the token and the broker identifier, and providing the authentication front end script and the URL for the login page to the broker, and while receiving an authentication request to get the URL of the authentication front end with a token, provisioning the authentication front end to the user agent,
for the authentication interface, while receiving, from the user-agent, calls for authentication including at least the broker identifier, the token and the currently observed contextual information, checking the currently observed contextual information, the broker identifier and the token, the authentication being positive if the currently observed contextual information and the broker identifier corresponds to the contextual information and broker identifier received in the pre-authorization request and if the token in the API call corresponds to the random token sent in answer to the pre-authorization request (PA), and processing the request in case of positive authentication.
|