Abstract: Using an authentication server to discover one or more additional authentication servers and to dynamically establish a trust relationship with the one or more additional authentication servers. The authentication server searches for the one or more additional authentication servers to discover one or more sources of authentication tokens, and inspects an incoming authentication request from the one or more additional authentication servers to determine if the request is carrying one or more authentication tokens from a newly discovered realm. Once the authentication server determines a newly discovered realm to be trustworthy, the authentication server receives a directory schema from the newly discovered realm and compares the received directory schema with a known directory schema retrieved by the authentication server to identify an intersection of the received directory schema and the known directory schema.

Abstract: Embodiments of the invention include methods for providing policy-driven, adaptive, multi-factor authentication procedures. A pool of potential authentication challenges is defined. Each of the potential authentication challenges is assigned a category and a weighted difficulty level. One or more authentication challenges are selected from the pool of potential authentication challenges using one or more security policies that are based upon the assigned category and the assigned weighted difficulty level, wherein a quantity of authentication challenges is determined using the one or more security policies. One or more historical access patterns are utilized in conjunction with the selected one or more authentication challenges to authenticate a user, wherein the historical access patterns include at least one of an access time or an access location. One or more dummy challenges are used to authenticate the user.