During a login process, authentication data (e.g., a principal name and data establishing the principal's identity) is received and an authentication action is performed based on the authentication data. An attacker may interrupt the login process to change the authentication data prior to performance of the authentication action. The authentication action may be defined as an atomic action in order to guard against this and other potential attacks. As an additional precaution, the authentication data may be discarded immediately after the authentication action is completed.
A consumer system may be required to login to a second system in order to obtain a service provided by a provider system. The consumer system therefore provides authentication data to the second (i.e. intermediary) system. The second system cannot discard the authentication data after performing an authentication action as described above, but instead must use the received authentication data to log into the provider system. However, the authentication data may be vulnerable to corruption and/or attack as it flows through the second system on its way to the provider system.
Systems are therefore desired for efficiently propagating authentication data from a consumer system to a provider system through an intermediary service component. Such systems may provide improved security of the authentication data in comparison to conventional systems.