Abstract: The present disclosure describes systems and methods of an authentication framework to implement varying authentication schemes in a configurable and extendable manner. This authentication framework provides a level of abstraction in which requirements for credential gathering and authentication workflow are independent from the agents or authentication implementation that does the credential gathering and authentication workflow. A higher level of abstraction and a more comprehensive authentication framework allows handling the associated authentication transactions of complex authentication schemes without requiring any specific understanding of their internals. For example, the requirements to gather certain credentials for a particular authentication scheme may be configured and maintained separately from the client-side authentication agent that gathers the credentials.

Abstract: The present invention is directed towards systems and methods for establishing and applying a policy group to control a user's access to an identified resource. A policy group representing an aggregate of one or more access configurations for a user to access one or more identified resources may be established via a policy manager. The policy group may include a login point component representing an entry point to access the identified resource. The login point may be configured via the policy manager to specify a uniform resource locator for the entry point. One or more authentication and authorization methods may be selected for the login point component. The device may receive a request to access the uniform resource locator. The device may initiate the policy group for evaluation. The device may initiate, with the user, one or more authentication and authorization methods specified by the login point component.

Abstract: Techniques for accessing enterprise resources while providing denial-of-service attack protection may include receiving, at a gateway from a client device, a request for a resource, the request including a location identifier associated with the resource. Techniques may further include redirecting, by a redirection message, the request to an authentication device that requests credentials for authentication, the redirection message including the location identifier. Techniques may also include retrieving, after authentication of the credentials, the location identifier from the client device. Techniques may additionally include providing access to the resource based on the location identifier.

Abstract: The present invention is directed towards systems and methods for self-load balancing access gateways. The systems and methods include a master access gateway that receives load metrics and capabilities from a plurality of access gateways. The master access gateway also receives requests to determine if a request to start a new session is to be redirected to an access gateways. The master access gateways uses the load metrics and capabilities to select an access gateway to service the request.

Abstract: A method for accessing enterprise resources while providing denial-of-service attack protection. The method may include receiving, at a gateway from a client device, a request for a resource, the request comprising a location identifier associated with the resource. The method may further include redirecting, by a redirection message, the request to an authentication device that requests credentials for authentication, the redirection message comprising the location identifier. The method may also include retrieving, after authentication of the credentials, the location identifier from the client device. The method may additionally include providing access to the resource based on the location identifier.

Abstract: The present invention is directed towards systems and methods for establishing and applying a policy group to control a user's access to an identified resource. A policy group representing an aggregate of one or more access configurations for a user to access one or more identified resources may be established via a policy manager. The policy group may include a login point component representing an entry point to access the identified resource. The login point may be configured via the policy manager to specify a uniform resource locator for the entry point. One or more authentication and authorization methods may be selected for the login point component. The device may receive a request to access the uniform resource locator. The device may initiate the policy group for evaluation. The device may initiate, with the user, one or more authentication and authorization methods specified by the login point component.

Abstract: A method for providing secure remote access to an enterprise application store with enterprise applications for a service running on a mobile device includes receiving an authentication request with user credentials from an access manager on the mobile device. Authentication and a valid session cookie are provided if user credentials are valid. An access token request is received and an access token is provided in response to the token request if the token request includes the valid session cookie. An access request from the service is received and access to the enterprise application store by the service is allowed if the request includes the access token. The service may then download applications or receive applications delivered via the enterprise application store. The application management service can also access a publicly available application store.

Abstract: The present invention is directed towards systems and methods for establishing and applying a policy group to control a user's access to an identified resource. A policy group representing an aggregate of one or more access configurations for a user to access one or more identified resources may be established via a policy manager. The policy group may include a login point component representing an entry point to access the identified resource. The login point may be configured via the policy manager to specify a uniform resource locator for the entry point. One or more authentication and authorization methods may be selected for the login point component. The device may receive a request to access the uniform resource locator. The device may initiate the policy group for evaluation. The device may initiate, with the user, one or more authentication and authorization methods specified by the login point component.

Abstract: The present invention is directed towards systems and methods for self-load balancing access gateways. The systems and methods include a master access gateway that receives load metrics and capabilities from a plurality of access gateways. The master access gateway also receives requests to determine if a request to start a new session is to be redirected to an access gateways. The master access gateways uses the load metrics and capabilities to select an access gateway to service the request.

Abstract: The present disclosure describes systems and methods of an authentication framework to implement varying authentication schemes in a configurable and extendable manner. This authentication framework provides a level of abstraction in which requirements for credential gathering and authentication workflow are independent from the agents or authentication implementation that does the credential gathering and authentication workflow. A higher level of abstraction and a more comprehensive authentication framework allows handling the associated authentication transactions of complex authentication schemes without requiring any specific understanding of their internals. For example, the requirements to gather certain credentials for a particular authentication scheme may be configured and maintained separately from the client-side authentication agent that gathers the credentials.

Abstract: The present invention is directed towards systems and methods for establishing and applying a policy group to control a user's access to an identified resource. A policy group representing an aggregate of one or more access configurations for a user to access one or more identified resources may be established via a policy manager. The policy group may include a login point component representing an entry point to access the identified resource. The login point may be configured via the policy manager to specify a uniform resource locator for the entry point. One or more authentication and authorization methods may be selected for the login point component. The device may receive a request to access the uniform resource locator. The device may initiate the policy group for evaluation. The device may initiate, with the user, one or more authentication and authorization methods specified by the login point component.