Identity provider discovery service using a publish-subscribe model

Assignee

• International Business Machines Corporation · US

Inventors

• Heather M. Hinton · Austin, US
• Richard James McCarty · Austin, US
• Clifton Steve Looney · Cape Coral, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L67/02
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A proxy is integrated within an F-SSO environment and interacts with an external identity provider (IdP) instance discovery service. The proxy proxies IdP instance requests to the discovery service and receives responses that include the IdP instance assignments. The proxy maintains a cache of the instance assignment(s). As new instance requests are received, the cached assignment data is used to provide appropriate responses in lieu of proxying these requests to the discovery service, thereby reducing the time needed to identify the required IdP instance. The proxy dynamically maintains and manages its cache by subscribing to updates from the discovery service. The updates identify IdP instance changes (such as servers being taken offline for maintenance, new services being added, etc.) occurring within the set of geographically-distributed instances that comprise the IdP service. The updates are provided via a publication-subscription model such that the proxy receives change notifications proactively.