Abstract: In various embodiments, techniques for flexible resource authentication are provided. A principal attempts to login to a target resource using first credentials. The target resource does not recognize the first credentials and in response thereto forwards the first credentials to an identity service. The identity service authenticates the principal via the first credentials and supplies second credentials to the target resource. The target resource recognizes and authenticates the second credentials and grants access to the principal.

Abstract: Techniques for credential auditing are provided. Histories for credentials are evaluated against a principal credential policy for a user and an enterprise credential policy for an enterprise as a whole. An audit trail is produced within a report for the histories. The report indicates whether compliance with the principal and enterprise credential policies occurred and if not at least one reason is provided as to why compliance was not met within the histories.

Abstract: A computer receives a request for authentication from a client. The computer forwards the authentication request to an authentication source. Once the authentication source has validated the authentication request, the computer requests authentication and cache control information from the authentication source. The computer uses the authentication and cache control information to populate a user object stored in a container hierarchy and enable the computer to authenticate an authentication request without forwarding the authentication request to the authentication source.

Abstract: Techniques real-time adaptive password policies are presented. Patterns for passwords are regularly analyzed along with other factors associated with the patterns to dynamically determine password strength values. The strength values can change over time based on usage statistics. When a strength value falls below an acceptable threshold, passwords associated with that particular pattern can be downgraded or rejected in real-time and existing policy can be adapted to reflect the undesirability of that pattern.

Abstract: In various embodiments, techniques for flexible resource authentication are provided. A principal attempts to login to a target resource using first credentials. The target resource does not recognize the first credentials and in response thereto forwards the first credentials to an identity service. The identity service authenticates the principal via the first credentials and supplies second credentials to the target resource. The target resource recognizes and authenticates the second credentials and grants access to the principal.

Abstract: A computer receives an authentication request from a client. The computer creates a temporary user object and populates it with identification information from the authentication request. The computer then forwards the authentication request to an authentication source. Once the authentication source has validated the authentication request, the computer queries the authentication source for identification information, populates the temporary user object with the identification information, and makes the user object permanent.

Abstract: A computer receives a request for authentication from a client. The computer forwards the authentication request to an authentication source. Once the authentication source has validated the authentication request, the computer requests authentication and cache control information from the authentication source. The computer uses the authentication and cache control information to populate a user object stored in a container hierarchy and enable the computer to authenticate an authentication request without forwarding the authentication request to the authentication source.