The present application relates to computing, and more specifically to systems and methods for facilitating secure communications between multiple client systems and a server-side system, where each of the client systems may employ different authentication technologies, which may differ from the authentication technology employed by the server-side system and/or server upon which it runs.
Systems and methods involving sharing and/or using confidential or secret information among computing devices, software applications, and/or other computing environment resources are employed in various demanding applications, including collaborative enterprise, software development, social networking, and other applications. Such applications often demand efficient mechanisms for enabling disparate systems that employ different authentication technologies to securely communicate with an application that may natively employ yet a different authentication technology or mechanism.
The need for efficient integration and secure communications between computing environment resources, including software applications that may employ different authentication technologies, may be particularly important in enterprise computing environments, where multiple software applications often require secure intercommunications between verified software applications and associated users.
Enterprise computing environments are often complex, requiring secure communications between multiple network resources, e.g., software applications, web services, backend database applications, and so on. Inefficient mechanisms for enabling secure communications between the network resources can be particularly problematic in enterprise applications, as lack of secure intercommunications can yield not only costly security breaches, but reduced software functionality.
An example enterprise computing environment includes many software applications running on an application server, wherein one or more of the software applications must access data and/or functionality of a second software application, also running on the application server. The second software application and/or associated user may require authentication or verification before allowing other entities or network resources, e.g., software applications, to access the data and/or functionality of the second software application.
In such a computing environment, the several software applications, called client applications, may employ different authentication technologies, i.e., authentication technologies that differ from the authentication technologies supported by the second software application (which may be a web application, service, Application Programming Interface (API), or other collection of software functionality and/or data).
Accordingly, when the client applications issue request messages to the second software application, the application server that supports running of the various applications may be unable to securely connect the client applications with the second software application if the client applications do not use a similar authentication technology (embodied in a so-called authenticator) as the second software application or as the application server itself. Accordingly, the application server may not know if a particular request message originated from a trusted client application or whether permission to execute code of the second software application should be granted to the client application and/or associated user thereof.
To address such issues, some application servers may support registering of specific authenticators in the application server, which then performs authentication brokering to facilitate secure communications between systems that may employ disparate authentication technologies. However, conventional approaches to such registration often require complicated registration steps and require custom application-server specific code that is not portable to other computing environments or systems.