公开(公告)号：US09444808B1

公开(公告)日：2016-09-13

申请号：US14169136

申请日：2014-01-30

Applicant: Dell Software Inc.

Inventor： Marc Alexander Sherman ,  Marc Edward Zapf

IPC: G06F17/30 ,  H04L29/06

CPC classification number: H04L63/0807 ,  G06F21/31 ,  H04L63/0815 ,  H04L63/101 ,  H04L63/104

Abstract: In one embodiment, a method includes maintaining a domain information cache. The method further includes receiving credentials from a client system. The credentials correspond to a user of the client system. The method also includes storing the credentials in a security cookie. In addition, the method includes, based, at least in part, on the domain information cache, resolving the credentials to an authentication server associated with a domain of the user. Also, the method includes authenticating, using the credentials, an identity of the user with the authentication server. Additionally, the method includes, responsive to successful authentication, building a list of groups and users to which the user belongs. Moreover, the method includes compiling a list of authorized resources to which the user has access. In addition, the method includes providing the list of authorized resources to the client system.

Abstract translation: 在一个实施例中，一种方法包括维护域信息高速缓存。 该方法还包括从客户端系统接收凭证。 凭证对应于客户端系统的用户。 该方法还包括将证书存储在安全cookie中。 此外，该方法至少部分地基于域信息高速缓存，将证书解析为与用户的域相关联的认证服务器。 此外，该方法包括使用证书使用认证服务器来认证用户的身份。 此外，该方法包括响应于成功的认证，构建用户所属的组和用户的列表。 此外，该方法包括编译用户具有访问权限的授权资源的列表。 此外，该方法包括向客户端系统提供授权资源列表。

公开(公告)号：US09197644B1

公开(公告)日：2015-11-24

申请号：US14169130

申请日：2014-01-30

Applicant: Dell Software Inc.

Inventor： Marc Alexander Sherman ,  Marc Edward Zapf

IPC: H04L29/06

CPC classification number: H04L63/0807 ,  G06F21/31 ,  H04L63/0815 ,  H04L63/101 ,  H04L63/104

Abstract: In one embodiment, a method is performed on a multitenant shared-resources system for each managed domain of a plurality of managed domains. The method includes collecting configuration data for the managed domain via a configuration interface provided to an authorized user. The method further includes identifying domain-information sources for the managed domain based, at least in part, on the configuration data. The domain-information sources include a catalog server and an authentication server. In addition, the method includes acquiring domain information for the managed domain from at least one domain-information source of the domain-information sources. Further, the method includes enumerating users for the managed domain. The method also includes assigning at least a portion of the users to shared resources maintained by the multitenant shared-resources system. At least a portion of the plurality of domains have independent security boundaries.

Abstract translation: 在一个实施例中，对多个管理域的每个管理域的多租户共享资源系统执行方法。 该方法包括通过提供给授权用户的配置界面收集管理域的配置数据。 该方法还包括至少部分地基于配置数据来识别管理域的域信息源。 域信息源包括目录服务器和认证服务器。 此外，该方法包括从域信息源的至少一个域信息源获取管理域的域信息。 此外，该方法包括枚举管理域的用户。 该方法还包括将至少一部分用户分配给由多租户共享资源系统维护的共享资源。 多个域中的至少一部分具有独立的安全边界。

公开(公告)号：US10200478B1

公开(公告)日：2019-02-05

申请号：US13970155

申请日：2013-08-19

Applicant: Dell Software Inc.

Inventor： Michael Franke ,  Michael McDonald ,  Marc Edward Zapf

IPC: H04L29/08

Abstract: Systems and methods for pre-login of user(s) to sessions or resources in an information handling system are disclosed. A method for pre-login may include the steps of determining if any users are to be pre-logged on to a session or resource within a select period of time from a current time, and counting the number of users to be pre-logged on. A pre-login time for the users may be calculated and scheduled, and the users may be pre-logged on to the session or resource at the pre-login time.

公开(公告)号：US09792426B1

公开(公告)日：2017-10-17

申请号：US14169103

申请日：2014-01-30

Applicant: Dell Software Inc.

Inventor： Adam Robert Driscoll ,  Marc Edward Zapf

IPC: G06F21/41 ,  G06F21/62

CPC classification number: G06F21/41 ,  G06F21/45 ,  G06F21/62

Abstract: In one embodiment, a method is performed on a shared-resources system. The method includes creating an anonymous target. The method further includes assigning shared resources to the anonymous target. In addition, the method includes receiving a request for anonymous access from an anonymous user of a client system. The method also includes, responsive to the request, performing the following: generating anonymous-user credentials for the anonymous user; determining the shared resources assigned to the anonymous target; based, at least in part, on the determining, communicating a list of authorized resources to the client system; receiving a request from the client system to access a target resource from the list of authorized resources; and causing an anonymous-user account to be created on the target resource using the anonymous-user credentials.