최소 단어 이상 선택하여야 합니다.
최대 10 단어까지만 선택 가능합니다.
다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
NTIS 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
DataON 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
Edison 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
Kafe 바로가기국가/구분 | United States(US) Patent 등록 |
---|---|
국제특허분류(IPC7판) |
|
출원번호 | US-0165783 (2011-06-21) |
등록번호 | US-10135831 (2018-11-20) |
발명자 / 주소 |
|
출원인 / 주소 |
|
대리인 / 주소 |
|
인용정보 | 피인용 횟수 : 0 인용 특허 : 320 |
A system and method for handling a request from a client device to access a service from a server. The method comprises receiving a request from a user using a client device to access a service from a server. The request is received by a network traffic management device having a local external acce
A system and method for handling a request from a client device to access a service from a server. The method comprises receiving a request from a user using a client device to access a service from a server. The request is received by a network traffic management device having a local external access management (EAM) agent. The EAM agent directly communicates with an EAM server that provides authentication policy information of a plurality of users able to at least partially access the server. User credential information is sent from the EAM agent to the EAM server, whereby the EAM agent receives access policy information of the user from the EAM server. The system and method selectively controls access of the user's request to the server in accordance with the received access policy information at the network traffic management device.
1. A method of providing access control, the method comprising: receiving, by a local external access management (EAM) agent of a network traffic management device, a request from a client device for a user to access a service or resource accessible to one or more servers;sending, by the EAM agent o
1. A method of providing access control, the method comprising: receiving, by a local external access management (EAM) agent of a network traffic management device, a request from a client device for a user to access a service or resource accessible to one or more servers;sending, by the EAM agent of the network traffic management device, credential information for the user to an EAM server, wherein the network traffic management device and the local EAM agent are remote from the servers and the EAM server;receiving, by the EAM agent of the network traffic management device, access policy information for the user from the EAM server in response to sending the credential information, the access policy information indicating whether the user is authorized to access the service or resource; andenforcing, by the EAM agent of the network traffic management device, the access policy information comprising sending another request on behalf of the client device to access the service or resource accessible to servers based on traffic handling priority information for the user corresponding to identity information included in the access policy information, when the access policy information indicates that the user is authorized to access the service or resource. 2. The method of claim 1, obtaining, by the EAM agent of the network traffic management device, the credential information for the user comprising at least one of receiving the credential information in response to a request for the credential information sent to the client device or retrieving the credential information from a single sign on (SSO) cookie included in the received request to access the service or resource. 3. The method of claim 1, further comprising: generating by the EAM agent of the network traffic management device, and inserting into a received response from one or more of the servers, a single sign on (SSO) cookie for the user, wherein the SSO cookie contains the credential information and at least a portion of the access policy information for the user received from the EAM server; andsending, by the EAM agent of the network traffic management device, the response with the inserted SSO cookie to the client device. 4. The method of claim 1, further comprising: modifying, by the EAM agent of the network traffic management device, the request to include the credential information in accordance with the access policy information; andsending by the EAM agent of the network traffic management device, the modified request to one or more of the servers. 5. The method of claim 1, further comprising: applying, by the EAM agent of the network traffic management device, a local access policy for the user prior to sending the credential information to the EAM server. 6. The method of claim 1, further comprising: determining, by the EAM agent of the network traffic management device, when at least a portion of a previous server response to the request is stored in a memory;retrieving, by the EAM agent of the network traffic management device, the at least a portion of the previous server response from the memory, when the determining indicates that the at least a portion of the previous server response is stored in the memory; andsending, by the EAM agent of the network traffic management device, the retrieved at least a portion of the previous server response to the client device. 7. The method of claim 1, further comprising: determining, by the EAM agent of the network traffic management device, when the request can be processed in an expedited manner based on a uniform resource identifier of the request; andforwarding, by the EAM agent of the network traffic management device, the request directly to one or more of the servers without communicating with the EAM server, when the determining indicates that the request is eligible to be processed in the expedited manner. 8. The method of claim 1, further comprising: determining, by the EAM agent of the network traffic management device, when a prior determination that the user is authorized to access the service or resource is stored in a memory; andforwarding, by the EAM agent of the network traffic management device, the request to one or more of the servers, when the determining indicates that the prior determination that the user is authorized to access the service or resource is stored in the memory. 9. The method of claim 1, further comprising: executing, by the EAM agent of the network traffic management device, one or more request processing events, wherein the one or more request processing events are configured to allow insertion of custom processing logic to modify default request processing of the event. 10. A non-transitory machine readable medium having stored thereon instructions for providing access control, comprising machine executable code which when executed by at least one machine, causes the machine to: receive a request from a client device for a user to access a service or resource accessible to one or more remotely located servers;send credential information for the user to an external access management (EAM) server;receive access policy information for the user from the EAM server in response to sending the credential information, the access policy information indicating whether the user is authorized to access the service or resource; andenforce the access policy information and send another request on behalf of the client device to access the service or resource accessible to the servers based on traffic handling priority information for the user corresponding to identity information included in the access policy information, when the access policy information indicates that the user is authorized to access the service or resource. 11. The machine readable medium of claim 10, wherein the machine executable code when executed by the at least one machine further causes the machine to obtain the credential information for the user comprising at least one of receiving the credential information in response to a request for the credential information sent to the client device or retrieving the credential information from a single sign on (SSO) cookie included in the received request to access the service or resource. 12. The machine readable medium of claim 10, wherein the machine executable code when executed by the at least one machine further causes the machine to: generate, and insert into a received response from one or more of the servers, a single sign on (SSO) cookie for the user, wherein the SSO cookie contains the credential information and at least a portion of the access policy information for the user received from the EAM server; andsend the response with the inserted SSO cookie to the client device. 13. The machine readable medium of claim 10, wherein the machine executable code when executed by the at least one machine further causes the machine to: modify the request to include the credential information in accordance with the access policy information; andsend the modified request to one or more of the servers. 14. The machine readable medium of claim 10, wherein the machine executable code when executed by the at least one machine further causes the machine to: apply a previously stored local access policy for the user prior to sending the credential information to the EAM server. 15. The machine readable medium of claim 10, wherein the machine executable code when executed by the at least one machine further causes the machine to: determine when at least a portion of a previous server response to the request is stored in a memory;retrieve the at least a portion of the previous server response from the memory when the determining indicates that the at least a portion of the previous server response is stored in the memory; andsend the retrieved at least a portion of the previous server response to the client device. 16. The machine readable medium of claim 10, wherein the machine executable code when executed by the at least one machine further causes the machine to: determine when the request can be processed in an expedited manner based on a uniform resource identifier of the request; andforward the request directly to one or more of the servers without communicating with the EAM server, when the determining indicates that the request is eligible to be processed in the expedited manner. 17. The machine readable medium of claim 10, wherein the machine executable code when executed by the at least one machine further causes the machine to: determine when a prior determination that the user is authorized to access the service or resource is stored in a memory; andforward the request to one or more of the servers, when the determining indicates that the prior determination that the user is authorized to access the service or resource is stored in the memory. 18. The machine readable medium of claim 10, wherein the machine executable code when executed by the at least one machine further causes the machine to execute one or more request processing events, wherein the one or more request processing events are configured to allow insertion of custom processing logic to modify default request processing of the event. 19. A network traffic management device comprising: a memory comprising programmed instructions stored in the memory for a local external access management (EAM) agent; anda processor coupled to the memory and configured to be capable of executing the programmed instructions stored in the memory to: receive a request from a client device for a user to access a service or resource accessible to one or more servers;send credential information for the user to an EAM server, wherein the network traffic management device and the local EAM agent are remote from the servers and the EAM server;receive access policy information for the user from the EAM server in response to sending the credential information, the access policy information indicating whether the user is authorized to access the service or resource; andenforce the access policy information and;sending another request on behalf of the client device to access the service or resource accessible to the servers based on traffic handling priority information for the user corresponding to identity information included in the access policy information, when the access policy information indicates that the user is authorized to access the service or resource. 20. The network traffic management device of claim 19, wherein the processor is further configured to be capable of executing the programmed instructions stored in the memory to obtain the credential information for the user comprising at least one of receive the credential information in response to a request for the credential information sent to the client device or retrieve the credential information from a single sign on (SSO) cookie included in the received request to access the service or resource. 21. The network traffic management device of claim 19, wherein the processor is further configured to be capable of executing the programmed instructions stored in the memory to: generate, and insert into a received response from one or more of the servers, a single sign on (SSO) cookie for the user, wherein the SSO cookie contains the credential information and at least a portion of the access policy information for the user received from the EAM server; andsend the response with the inserted SSO cookie to the client device. 22. The network traffic management device of claim 19, wherein the processor is further configured to be capable of executing the programmed instructions stored in the memory to: modify the request to include the credential information in accordance with the access policy information; andsend the modified request to one or more of the servers. 23. The network traffic management device of claim 19, wherein the processor is further configured to be capable of executing the programmed instructions stored in the memory to apply a previously stored local access policy for the user prior to sending the credential information to the EAM server. 24. The network traffic management device of claim 19, wherein the processor is further configured to be capable of executing the programmed instructions stored in the memory to: determine when at least a portion of a previous server response to the request is stored in the memory;retrieve the at least a portion of the previous server response from the memory when the determining indicates that the at least a portion of the previous server response is stored in the memory; andsend the retrieved at least a portion of the previous server response to the client device. 25. The network traffic management device of claim 19, wherein the processor is further configured to be capable of executing the programmed instructions stored in the memory to: determine when the request can be processed in an expedited manner based on a uniform resource identifier of the request; andforward the request directly to one or more of the servers without communicating with the EAM server, when the determining indicates that the request is eligible to be processed in the expedited manner. 26. The network traffic management device of claim 19, wherein the processor is further configured to be capable of executing the programmed instructions stored in the memory to: determine when a prior determination that the user is authorized to access the service or resource is stored in the memory; andforward the request to one or more of the servers, when the determining indicates that the prior determination that the user is authorized to access the service or resource is stored in the memory. 27. The network traffic management device of claim 19, wherein the processor is further configured to be capable of executing the programmed instructions stored in the memory to execute one or more request processing events, wherein the one or more request processing events are configured to allow insertion of custom processing logic to modify default request processing of the event. 28. A method of providing access control, the method comprising: intercepting, by a network traffic management device, a request from a client device for a user to access a service or resource accessible by one or more servers;sending, by the network traffic management device, credential information for the user to an external access management (EAM) server, wherein the network traffic management device is remote from the servers and the EAM server;receiving, by the network traffic management device, access policy information for the user from the EAM server in response to sending the credential information, the access policy information indicating whether the user is authorized to access the requested service or resource; andenforcing, by the network traffic management device, the access policy information comprising sending another request on behalf of the client device to access the service or resource to one or more of the servers, when the access policy information indicates that the user is authorized to access the requested service or resource, and including a single sign on (SSO) cookie or token containing at least a portion of the credential information and at least a portion of the access policy information received from the EAM server for the user in a response to the other request on behalf of the client device, which is then returned by the client device in a subsequent request relating to the service or resource accessible by the servers. 29. A non-transitory machine readable medium having stored thereon machine executable code containing instructions for providing access control, which when executed by at least one machine, causes the machine to: intercept a request from a client device for a user to access a service or resource accessible by one or more remotely located servers;send credential information for the user to an external access management (EAM) server;receive access policy information for the user from the EAM server in response to sending the credential information, the access policy information indicating whether the user is authorized to access the requested service or resource; andenforce the access policy information comprising sending another request on behalf of the client device to access the service or resource to one or more of the servers, when the access policy information indicates that the user is authorized to access the requested service or resource, and include a single sign on (SSO) cookie or token containing at least a portion of the credential information and at least a portion of the access policy information received from the EAM server for the user in a response to the other request on behalf of the client device, which is then returned by the client device in a subsequent request relating to the service or resource accessible by the servers. 30. A network traffic management device comprising: a memory comprising programmed instructions stored thereon for a local external access management (EAM) agent; anda processor coupled to the memory and configured to be capable of executing the stored programmed instructions to: intercept a request from a client device for a user to access a service or resource accessible by one or more servers;send credential information for the user to an EAM server, wherein the network traffic management device is remote from the servers and the EAM server;receive access policy information for the user from the EAM server in response to sending the credential information, the access policy information indicating whether the user is authorized to access the requested service or resource; andenforce the access policy information comprising sending another request on behalf of the client device to access the service or resource to one or more of the servers, when the access policy information indicates that the user is authorized to access the requested service or resource, and include a single sign on (SSO) cookie or token containing at least a portion of the credential information and at least a portion of the access policy information received from the EAM server for the user in a response to the other request on behalf of the client device, which is then returned by the client device in a subsequent request relating to the service or resource accessible by the servers.
Copyright KISTI. All Rights Reserved.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.