| CPC H04L 63/0884 (2013.01) [H04L 63/0281 (2013.01); H04L 63/20 (2013.01)] | 21 Claims |
|
1. A method implemented in an identity proxy and access gateway, comprising:
receiving a first authentication request from a client device that has been generated by a third-party application in response to a first access request from the client device to the third-party application requesting access to a resource at the third-party application, wherein the first authentication request is requesting an authentication of a user that is attempting to access the third-party application, and wherein the identity proxy and access gateway is configured as a first identity provider of the third-party application;
causing the client device to transmit a second authentication request to a second identity provider selected based on configuration data for the third-party application;
receiving, from the client device, a first authentication response that was generated by the second identity provider that indicates the user has successfully authenticated to the second identity provider;
enforcing a first set of one or more access rules to determine whether to allow access to the third-party application based on the first authentication request and first authentication response, wherein the first set of one or more access rules is enforced independently from any rules enforced at the second identity provider;
determining, from the enforcing of the first set of one or more access rules, to allow access the third-party application, and responsive to this determination, generating a second authentication response that indicates a successful authentication; and
transmitting the second authentication response that indicates the user has successfully authenticated to the client device to cause the client device to transmit the second authentication response to the third-party application.
|