Back to Security Pattern Catalog
: Perimeter Security, Spoofing
How can an application authenticate when a client does not
have a direct trust relationship with it?
Use an authentication broker that both parties trust to independently issue a security token to the client. The client can then present credentials, including the security token, to the authenticating application.
An authentication broker component can operate in many ways. A broker can be based on the X.509 PKI standard or the Kerberos authentication protocol. There may also be a separate authentication broker in the form of a security token service (STS).
Authentication, Broker, Component
Last modified: May 05, 2012
and Maintained by: Munawar Hafiz