Abstract: A method includes receiving a request from a client device to establish a first computing session for a first resource hosted on a virtual machine (VM). The method includes generating a session transfer key for accessing a second resource provided by a second resource provider. The method includes issuing instructions, to the VM that hosts the first resource, for establishing a second computing session to host the second resource, wherein the instructions include a mapping of the session transfer key to a session identifier. The method includes providing the instructions to the client device to establish the second computing session for the second resource without input for the second resource from the user of the client device. The establishment of the second computing session being between the VM and the second resource provider and based on the mapping of the session transfer key to the session identifier.

Abstract: Methods, systems, computer-readable media, and apparatuses may provide creation and management of composite tokens for use with services in a virtual environment without the user having to re-authenticate each time the user accesses a different service. A composite identity server may receive a request to upgrade a first authentication token for a user. The composite identity server may redirect a user agent to an identity provider for authentication and, in response, may receive a second authentication token for the user. The composite identity server may send the second authentication token to a federated microservice and, in response, may receive one or more claims of the second authentication token designated for inclusion in a composite token. The composite identity server may generate a composite token including the one or more claims of the first authentication token and one or more claims of the second authentication token.

Abstract: Aspects described herein may utilize self-federation in a plugin-based authentication system to support combinations of authentication processes. The authentication system may include a plugin that executes an authentication process that is a combination of two or more other authentication processes. This plugin may handle the combined authentication process by self-federating back to the authentication interface, generating its own authentication requests under each of the subsidiary authentication processes. Thus, the self-federating plugin corresponding to the combined authentication process may allow the authentication system to support authentication requests that indicate the combined authentication process. This “chained” authentication process, accomplished through self-federation, may allow the authentication system to reuse existing code paths and avoid downsides associated with duplication of code.

Abstract: Aspects described herein may utilize self-federation in a plugin-based authentication system to support combinations of authentication processes. The authentication system may include a plugin that executes an authentication process that is a combination of two or more other authentication processes. This plugin may handle the combined authentication process by self-federating back to the authentication interface, generating its own authentication requests under each of the subsidiary authentication processes. Thus, the self-federating plugin corresponding to the combined authentication process may allow the authentication system to support authentication requests that indicate the combined authentication process. This “chained” authentication process, accomplished through self-federation, may allow the authentication system to reuse existing code paths and avoid downsides associated with duplication of code.

Abstract: Methods, computer-readable media, and apparatuses for checking the health of a cloud-based component. The method includes receiving, by a health event hub as output by a first device, a request for performing a health check on a second device; outputting, by the health event hub, the request to each health checker on the network; receiving, by the health event hub, a health data response output by at least one checker that is capable of performing the health check; collecting, by the health event hub, each health data response associated with the request output by the first device that is output by the at least one health checker that is capable of performing the health check on the second device; and outputting, by the health event hub to each health data collector on the network, each health data response associated with the request output by the first device.

Abstract: A method includes receiving a request from a client device to establish a first computing session for a first resource hosted on a virtual machine (VM). The method includes generating a session transfer key for accessing a second resource provided by a second resource provider. The method includes issuing instructions, to the VM that hosts the first resource, for establishing a second computing session to host the second resource, wherein the instructions include a mapping of the session transfer key to a session identifier. The method includes providing the instructions to the client device to establish the second computing session for the second resource without input for the second resource from the user of the client device. The establishment of the second computing session being between the VM and the second resource provider and based on the mapping of the session transfer key to the session identifier.

Abstract: A method includes receiving a request from a client device to establish a first computing session for a first resource hosted on a virtual machine (VM). The method includes generating a session transfer key for accessing a second resource provided by a second resource provider. The method includes issuing instructions, to the VM that hosts the first resource, for establishing a second computing session to host the second resource, wherein the instructions include a mapping of the session transfer key to a session identifier. The method includes providing the instructions to the client device to establish the second computing session for the second resource without input for the second resource from the user of the client device. The establishment of the second computing session being between the VM and the second resource provider and based on the mapping of the session transfer key to the session identifier.

Abstract: A method includes receiving a request from a client device to establish a first computing session for a first resource hosted on a virtual machine (VM). The method includes generating a session transfer key for accessing a second resource provided by a second resource provider. The method includes issuing instructions, to the VM that hosts the first resource, for establishing a second computing session to host the second resource, wherein the instructions include a mapping of the session transfer key to a session identifier. The method includes providing the instructions to the client device to establish the second computing session for the second resource without input for the second resource from the user of the client device. The establishment of the second computing session being between the VM and the second resource provider and based on the mapping of the session transfer key to the session identifier.

Abstract: Aspects described herein may utilize self-federation in a plugin-based authentication system to support combinations of authentication processes. The authentication system may include a plugin that executes an authentication process that is a combination of two or more other authentication processes. This plugin may handle the combined authentication process by self-federating back to the authentication interface, generating its own authentication requests under each of the subsidiary authentication processes. Thus, the self-federating plugin corresponding to the combined authentication process may allow the authentication system to support authentication requests that indicate the combined authentication process. This “chained” authentication process, accomplished through self-federation, may allow the authentication system to reuse existing code paths and avoid downsides associated with duplication of code.

Abstract: Methods, systems, computer-readable media, and apparatuses may provide creation and management of composite tokens for use with services in a virtual environment without the user having to re-authenticate each time the user accesses a different service. A composite identity server may receive a request to upgrade a first authentication token for a user. The composite identity server may redirect a user agent to an identity provider for authentication and, in response, may receive a second authentication token for the user. The composite identity server may send the second authentication token to a federated microservice and, in response, may receive one or more claims of the second authentication token designated for inclusion in a composite token. The composite identity server may generate a composite token including the one or more claims of the first authentication token and one or more claims of the second authentication token.

Abstract: Methods, systems, computer-readable media, and apparatuses may provide creation and management of composite tokens for use with services in a virtual environment without the user having to re-authenticate each time the user accesses a different service. A composite identity server may receive a request to upgrade a first authentication token for a user. The composite identity server may redirect a user agent to an identity provider for authentication and, in response, may receive a second authentication token for the user. The composite identity server may send the second authentication token to a federated microservice and, in response, may receive one or more claims of the second authentication token designated for inclusion in a composite token. The composite identity server may generate a composite token including the one or more claims of the first authentication token and one or more claims of the second authentication token.

Abstract: Methods, systems, computer-readable media, and apparatuses may provide creation and management of composite tokens for use with services in a virtual environment without the user having to re-authenticate each time the user accesses a different service. A composite identity server may receive a request to upgrade a first authentication token for a user. The composite identity server may redirect a user agent to an identity provider for authentication and, in response, may receive a second authentication token for the user. The composite identity server may send the second authentication token to a federated microservice and, in response, may receive one or more claims of the second authentication token designated for inclusion in a composite token. The composite identity server may generate a composite token including the one or more claims of the first authentication token and one or more claims of the second authentication token.

Abstract: Methods, computer-readable media, and apparatuses for checking the health of a cloud-based component. The method includes receiving, by a health event hub as output by a first device, a request for performing a health check on a second device; outputting, by the health event hub, the request to each health checker on the network; receiving, by the health event hub, a health data response output by at least one checker that is capable of performing the health check; collecting, by the health event hub, each health data response associated with the request output by the first device that is output by the at least one health checker that is capable of performing the health check on the second device; and outputting, by the health event hub to each health data collector on the network, each health data response associated with the request output by the first device.