Back to Security Pattern Catalog

Brokered Authentication

Classification Key : Perimeter Security, Spoofing


How can an application authenticate when a client does not have a direct trust relationship with it?


Use an authentication broker that both parties trust to independently issue a security token to the client. The client can then present credentials, including the security token, to the authenticating application.


Known Uses

An authentication broker component can operate in many ways. A broker can be based on the X.509 PKI standard or the Kerberos authentication protocol. There may also be a separate authentication broker in the form of a security token service (STS).

Related Patterns

Authentication Enforcer


Microsoft Book


Authentication, Broker, Component


Last modified: May 05, 2012

Conceived and Maintained by: Munawar Hafiz