Field of the Invention
The present invention relates to an authorization server, an authentication cooperation system between a service of cloud services, for example, and a local service, and a storage medium storing a program.
Description of the Related Art
In recent years, cloud computing services (or cloud services) which make a server open to the Internet to provide services to a client have gathered attentions. Fundamentally, a cloud computing service may distribute and execute data conversion and data processing by using many computing resources and process requests from many clients in parallel by performing distributed parallel processing. Presently, there are so many venders each of which implements a Web service on a cloud computing service environment for realizing a cloud computing service as described above, resulting in a wide variety of services provided on the Web. In developing a cloud service, many services which have already been provided on the web may be effectively used to provide a new function so that advantages can be gained in terms of development speed and development costs. On the other hand, in the past, a carrier, for example, may possess its own servers and so on and operate many ON-premise systems. Transferring all internal systems to a cloud service together may be difficult. Hence, partial ON-premise systems may be transferred to a cloud service in a stepwise manner. As a result, an increased number of users may utilize both of an ON-premise service and a cloud service in cooperation with each other.
When an ON-premise service and a cloud service in cooperation are used, Single Sign On (hereinafter, also called SSO) has been demanded strongly because a local authentication (such as LDAP) as in a conventional ON-premise system and a cloud authentication are different. According to a conventional technology, a local authentication of an ON-premise system may be synchronized with a local authentication service constructed in a cloud service so that a login to a login service of both of the cloud service and the ON-premise system can start a user ID provisioning. This, for example, may start management including generation and maintenance of information regarding a user account such as a user ID. After that, when a user uses a VPN to log in to the local authentication service for the cloud service, the user can log in to the cloud service with credential information associated with the user. See PCT Japanese Translation Patent Publication No. 2015-518198.