公开(公告)号：US09578007B2

公开(公告)日：2017-02-21

申请号：US14674938

申请日：2015-03-31

Applicant: Cisco Technology, Inc.

Inventor： Antonio Martin ,  Syam Sundar Appala ,  Joseph Salowey

IPC: H04L29/00 ,  H04L29/06 ,  H04L29/08

CPC classification number: H04L63/08 ,  H04L63/0236 ,  H04L63/0245 ,  H04L63/0272 ,  H04L63/0815 ,  H04L63/0892 ,  H04L63/1466 ,  H04L63/168 ,  H04L63/30 ,  H04L67/02 ,  H04L67/2814

Abstract: In an embodiment a method is performed by a network access device (NAD). The NAD transfers a first HTTPS request from a client computer (UE) to an identity provider computer (IdP). The NAD transfers, from the IdP, a preceding redirected URL in response to the first HTTPS request, to the UE and configured to cause the UE to redirect to said preceding redirected URL. Over a secure network link, the NAD receives a particular request specifying said preceding redirected URL, from the UE. Responsive to receiving the particular request, the NAD generates a response, comprising a subsequent redirected URL and a session identifier, and configured to cause the UE to redirect to the IdP over an HTTPS connection. The NAD transfers said subsequent redirected URL over the secure network link to the UE. The NAD transfers a second HTTPS request, comprising the session identifier, from the UE to the IdP.

Abstract translation: 在一个实施例中，一种方法由网络接入设备（NAD）来执行。 NAD将第一个HTTPS请求从客户端计算机（UE）传送到身份提供者计算机（IdP）。 NAD从IdP将响应于第一HTTPS请求的先前重定向的URL传送到UE并且被配置为使得UE重定向到所述先前的重定向URL。 通过安全网络链路，NAD从UE接收指定所述先前重定向URL的特定请求。 响应于接收到特定请求，NAD生成响应，包括随后的重定向URL和会话标识符，并且被配置为使得UE通过HTTPS连接重定向到IdP。 NAD通过安全网络链路将所述后续的重定向URL传送给UE。 NAD将包括会话标识符的第二HTTPS请求从UE传送到IdP。