(54) METHOD AND APPARATUS FOR AUTHENTICATING USERS
(75) Inventors: Abhay Gupta, Milpitas, CA (US);
Chris Ferris, Whitinsville, MA (US);
Alejandro Abdelnur, Sunnyvale, CA
(US)
(73) Assignee: Sun Microsystems, Inc., Palo Alto, CA (US)
( * ) Notice: Subject to any disclaimer, the term of this patent is extended or adjusted under 35 U.S.C. 154(b) by 0 days.
(21) Appl. No.: 09/309,341
(22) Filed: May 11, 1999
(51) Int. CI.7 H04L 9/32; H04L 9/00;
G06F 11/30
(52) U.S. CI 713/201; 713/200
(58) Field of Search 713/201, 200,
713/202
(56) References Cited
U.S. PATENT DOCUMENTS
5,796,393 * 8/1998 MacNaughton et al 345/329
5,841,970 * 11/1998 Tabuki 713/201
6,032,184 * 2/2000 Cogger et al 709/223
6,049,877 * 4/2000 White 713/201
6,081,900 * 6/2000 Subramaniam et al 713/201
OTHER PUBLICATIONS
Henry Lieberman, Using Prototypical Objects to Implement Shared Behavior in Object Oriented Systems, OOPSLA 86 Proceedings, Sep. 1986, pp. 214-223.
* cited by examiner
A method and apparatus for authenticating users. Prior art mechanisms require each individual application (running on an "application server") that the user is accessing to provide for the ability to use the various authentication mechanisms. One or more embodiments of the invention externalize the authentication mechanism from the application in the form of a login server. Only the login server needs to be configured to handle authentication mechanisms. The application server checks if a request has an active and valid session (e.g., a valid session may exist when there is active communication between a client and server that has not expired). If there is not a valid session, the application server redirects the user to the login server. The login server attempts to authenticate the user using any desired authentication mechanism. Once authenticated, the login server redirects the user back to the application server. The application server verifies the authentication directly with the login server. Once verified, the application server processes the user's request and responds accordingly. One or more embodiments of the invention may utilize cookies to aid in the authentication process. Thus, applications on the application server need not be concerned about authenticating a given user. The application server merely knows how to work with the login server to authenticate the user. Further, communications between the application server and login server are transparent (or without any interaction from) the user (although the user may see the browser communicating with each server).
32 Claims, 4 Drawing Sheets
