Technical Field
The present invention relates generally to user access control and more particularly, but not by way of limitation, to systems and methods for controlling user authentication and authorization to access web applications via a web proxy.
History of Related Art
A number of large organizations are adopting a proxy-based approach for managing and securing access and control to their enterprise applications. For applications that are locally resident and managed by the enterprise, this is fairly straightforward to implement. Implementing a firewalled infrastructure enables the organization to enforce authentication and authorization policies via a reverse web proxy acting as a security gateway to applications on an internal private network. The reverse web proxy applies and enforces corporate access control and authorization policies as required by the organization.
Publicly-accessible applications reside outside an enterprise infrastructure and typically provide “Software as a Service” (SaaS), where multiple organizations (tenants) make use of the services provided through a shared public interface. Because the publicly-accessible applications are not managed by the organization, access to the publicly-accessible applications cannot be constrained by that organization using a firewall to prevent direct access. As such, an alternative method of forcing users to access the publicly-accessible applications through a reverse web proxy is required.
Moreover, as the value and use of information continues to increase, individuals and businesses seek additional ways to process and store information. One option available to users is information handling systems. An information handling system generally processes, compiles, stores, and/or communicates information or data for business, personal, or other purposes thereby allowing users to take advantage of the value of the information. Because technology and information handling needs and requirements vary between different users or applications, information handling systems may also vary regarding what information is handled, how the information is handled, how much information is processed, stored, or communicated, and how quickly and efficiently the information may be processed, stored, or communicated. The variations in information handling systems allow for information handling systems to be general or configured for a specific user or specific use such as financial transaction processing, airline reservations, enterprise data storage, or global communications. In addition, information handling systems may include a variety of hardware and software components that may be configured to process, store, and communicate information and may include one or more computer systems, data storage systems, and networking systems.