As the transactions and data access performed through the Internet have become both more sensitive and mission critical, there has been a need to implement better and more reliable security mechanisms for access to protected resources. A certain number of third party authentication providers have arisen to respond to this need.
However, these providers cannot be easily utilized by web applications. For example, some implementations have allowed different servers to employ custom “plug in” mechanisms for authentication. Due to the organization of web applications, however, allowing an authentication module to enter into an interactive conversation with a client (or other servers) using such a mechanism can be problematical. The use of such approaches restricts authentication mechanisms to only those mechanisms that can interact with the authentication types offered by a server container.
What is needed is a mechanism for utilizing supplemental authentication mechanisms for servlets and other web applications.