Abstract: The disclosed technology is generally directed to web authentication. In one example of the technology, authentication of a broker is obtained with an identity provider. Obtaining the authentication includes at least communication between the broker and a top-level frame and communication between the broker and the identity provider. The broker is executing in a descendant frame of the top-level frame. The top-level frame and the broker are hosted on different domains. At the broker, from an embedded application that is executing on another descendant frame of the top-level frame, a token request is received. Via the broker, a token is requested from the identity provider. The token is associated with an authorization of secure delegated remote access of at least one resource by the embedded application. At the broker, from the identity provider, the token is received. Via the broker, the token is provided to the embedded application.

Abstract: The disclosed technology is generally directed to web authentication. In one example of the technology, authentication of a broker with an identity provider is initiated. The broker is a first application that is executing in a top-level frame. At the broker, from a second application that is executing on a first descendent frame that is a descendant frame of the top-level frame, a token request is received. Via the broker, a first token is requested from the identity provider on behalf of the second application. The first token is associated with an authorization of secure delegated remote access of at least one resource by the second application. At the broker, from the identity provider, the first token is received. Via the broker, the first token is provided to the second application.

Abstract: The disclosed technology is generally directed to web authentication. In one example of the technology, authentication of a broker is obtained with an identity provider. Obtaining the authentication includes at least communication between the broker and a top-level frame and communication between the broker and the identity provider. The broker is executing in a descendant frame of the top-level frame. The top-level frame and the broker are hosted on different domains. At the broker, from an embedded application that is executing on another descendant frame of the top-level frame, a token request is received. Via the broker, a token is requested from the identity provider. The token is associated with an authorization of secure delegated remote access of at least one resource by the embedded application. At the broker, from the identity provider, the token is received. Via the broker, the token is provided to the embedded application.

Abstract: The disclosed technology is generally directed to web authentication. In one example of the technology, authentication of a broker with an identity provider is initiated. The broker is a first application that is executing in a top-level frame. At the broker, from a second application that is executing on a first descendent frame that is a descendant frame of the top-level frame, a token request is received. Via the broker, a first token is requested from the identity provider on behalf of the second application. The first token is associated with an authorization of secure delegated remote access of at least one resource by the second application. At the broker, from the identity provider, the first token is received. Via the broker, the first token is provided to the second application.

Abstract: A system includes a processor and memory to execute an application. The application receives feedback from a target regarding ability of a plurality of resources of the target to service requests from one or more clients. The feedback includes a metric indicative of a load of each of the resources. The application calculates weights for the resources based on the feedback. A weight for a resource is based on a product of a first term that determines a maximum difference in probabilities of selection between two resources and a second term including an exponent that is a difference between a current load of the resource and a current minimum load across the resources determined based on the feedback. The application selects, for servicing a request from one of the clients, one of the resources in round robin manner based on the weights to evenly utilize the plurality of resources.

Abstract: A system includes a processor and memory to execute an application. The application receives feedback from a target regarding ability of a plurality of resources of the target to service requests from one or more clients. The feedback includes a metric indicative of a load of each of the resources. The application calculates weights for the resources based on the feedback. A weight for a resource is based on a product of a first term that determines a maximum difference in probabilities of selection between two resources and a second term including an exponent that is a difference between a current load of the resource and a current minimum load across the resources determined based on the feedback. The application selects, for servicing a request from one of the clients, one of the resources in round robin manner based on the weights to evenly utilize the plurality of resources.