Citrix Systems, Inc.
Universal group support for authentication systems

Abstract:

A central authentication service is for authentication of a user operating a computing device requesting access to a service provider. The central authentication service stores a universal group that includes principals from different types of identity providers, with the user of the computing device included as one of the principals. An access token generated by an identity provider associated with the computing device is received by the central authentication service. The central authentication service generates a universal token that includes group membership information for the universal group, and exchanges the access token with the universal token. The universal token is provided to the service provider, with the group membership information on the universal token to allow the service provider to determine if the user of the computing device has permission to access desired services.