公开(公告)号：US20150200924A1

公开(公告)日：2015-07-16

申请号：US14155865

申请日：2014-01-15

Applicant: Cisco Technology, Inc.

Inventor： Vincent E. Parla ,  David McGrew ,  Andrzej Kielbasinski

IPC: H04L29/06

CPC classification number: H04L63/0815 ,  H04L63/04 ,  H04L63/08 ,  H04L63/0884

Abstract: An authentication request is generated when a user of a client device attempts to initiate a user session with an application managed by a service provider. An authentication response is generated based on credentials received from the user. The authentication response includes an assertion on behalf of the user. A delivery resource locator for the assertion is rewritten to a resource locator of a proxy in order to redirect the assertion to the proxy. The authentication response is sent to the client device together with the resource locator of the proxy in order to cause the client device to send the assertion to the proxy that decodes the re-written resource locator and sends the assertion to the service provider.

Abstract translation: 当客户机设备的用户尝试发起与由服务提供商管理的应用的用户会话时，生成认证请求。 基于从用户接收的凭证生成认证响应。 认证响应包括代表用户的断言。 用于断言的传送资源定位符被重写到代理的资源定位符，以便将断言重定向到代理。 认证响应与代理的资源定位器一起被发送到客户机设备，以便使客户端设备将该断言发送到对重写的资源定位符进行解码的代理，并将该断言发送给服务提供商。