1. Field of the Invention
The field of the invention is data processing, or, more specifically, methods, systems, and products for authentication of a principal in a federation.
2. Description of Related Art
A federation is a collection of administered security spaces. A federation may implement single sign-on functionality in which an access manager in one federated security space relies on an access manager in another security space for authentication services. The authentication process of federated access managers currently is limited to off-the-shelf authentication methods and custom authentication methods known to or installed upon a particular access manager. A change in authorization requirements for a principal during a single sign-on session, such as, for example, a step-up requirement, may readily be accomplished with off-the-shelf authentication methods because an access manager typically knows how to utilize the off-the-shelf authentication methods. Support for multiple custom methods of other security domains within a federated environment however is not easily accomplished because an access manager in the current art is not equipped to carry out authentication according to custom requirements of entities in another security space or domain. Approaches by current access managers are not flexible enough to implement custom authentication methods of other entities involved in the authentication process.