| CPC H04L 63/0272 (2013.01) [H04L 63/0236 (2013.01); H04L 63/0815 (2013.01); H04L 63/20 (2013.01)] | 20 Claims |
|
1. A computerized method, by a controller deployed within a cloud computing network and maintained within a non-transitory storage medium, for establishing a secure channel between a virtual private network (VPN) client processing on a network device for a user and a network gateway, the computerized method comprising:
receiving, by the controller, a resource request from the VPN client;
determining, by the controller, if a valid logon session has been established for the VPN client;
responsive to a determination that a valid logon session has not been established for the VPN client, transmitting, by the controller, an authentication request to an identity provider;
responsive to the VPN client being validated via the identity provider, receiving, by the controller, an assertion from the identity provider that the VPN client has been validated, wherein the assertion comprises a status tag including an authentication result, a subject tag that identifies the user, and an attribute tag including at least one profile association of the user;
extracting, by the controller, from the assertion the at least one profile association of the user;
generating, by the controller, a one-time token that is stored by the controller in a database;
transmitting, by the controller, the one-time token and the at least one profile association to the VPN client; and
responsive to a validation of the one-time token, establishing the secure channel between the VPN client and the network device.
|