Browse Prior Art Database

control login method at user level Disclosure Number: IPCOM000249556D
Publication Date: 2017-Mar-03
Document File: 2 page(s) / 24K

Publishing Venue

The Prior Art Database


This is a mechanish for an enterprize application to change login method of a user and maintain different authentication methods for users and set of users instead of having single authentication method for all users in application. Also ability to have same user with two passwords, LDAP password and internal password.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 51% of the total text.


control login method at user level

Background: An enterprise application may allow various different authentication methods. Windows integrated login, where product uses Windows Active Directory for authentication. Application's internal authentication and authorization. LDAP, where product can use LDAP server to synch users and for authentication. Web access control, where product can use web access control software such as Site minder or  Tivoli access manager for authentication.

Problem Statement: The authentication method is chosen at application level and there is no way for some LDAP users to login and some users from site minder to log in as well. at a time only one login method is active. Ability to change login method at user level instead of at application level. Also ability to have same user with two passwords, LDAP password and internal password. This does not mean each user has access to change his or her login method or login information is stored at user level. It is still stored in application and still application administrator will have control over it.

A parameter "Login Method" at user level to be used to control authentication method for each user.  This would be a parameter that can be set and updated only by administrator of the application. An application would have various authentication method already configured to synch, create and  update user properties within application. After this configuration is complete a user level parameter is to be set to define login method of each  user. A database column/flag will be used to identify user's login method. This database column will be  stored in user table along with other user level information. All information of the user required to authenticate by any of the possible defined method to be stored  in underlying user tables while user is being created or being synched. When a user attempts to login to application, corresponding login method code of the product is  invoked based login method stored. IBM Marketing Platform Internal login method would store internal password for user always in  encrypted format with user information. When user's login method is changed to Internal, this stored password to be used automatically. When login method is changed to LDAP, application will ignore the password stored internally and  always seek authentication confirmation from LDAP server. Similarly for other authentication methods, encrypted password stored internally will be ig...