Back to Security Pattern Catalog




Brokered Authentication


Classification Key : Perimeter Security, Spoofing

Problem

How can an application authenticate when a client does not have a direct trust relationship with it?

Solution

Use an authentication broker that both parties trust to independently issue a security token to the client. The client can then present credentials, including the security token, to the authenticating application.

Image

Known Uses

An authentication broker component can operate in many ways. A broker can be based on the X.509 PKI standard or the Kerberos authentication protocol. There may also be a separate authentication broker in the form of a security token service (STS).

Related Patterns

Authentication Enforcer

Source

Microsoft Book

Tags

Authentication, Broker, Component


 

Last modified: May 05, 2012

Conceived and Maintained by: Munawar Hafiz