Authentication servers are used to authenticate clients that wish to access various services or applications. In conventional systems having authentication servers, the client presents a particular set of credentials (such as username and password) to the authentication server. One approach is for the authentication server to validate the presented credentials against system's internal store to authenticate the client's identity. This approach has the drawback that the systems must store user credentials of the client.
Another approach is to delegate authentication to a trusted third party authenticator, which does not require the systems to store user credentials. In some existing systems, for third party authentication the authentication server merely sends the set of credentials to the third party authenticator and receives a confirmation or rejection of authentication. In using such a system, difficulties arise when dealing with many different possible third party authenticators, each supporting numerous credential types. For example, it may be redundant and unnecessarily complex to create a specific system pluggable authentication module for each credential for each third party authenticator.
Other difficulties with existing systems will be appreciated in view of the detailed description hereinbelow.