Patent attributes
Disclosed embodiments relate to systems and methods for security protection against threats to network identity providers. Techniques include identifying a first request from a client for access to a secure network resource; redirecting the client to an identity provider. The identity provider may be configured to authenticate the client and provide the client with data signed using a first identity provider key. Further techniques include identifying a second request from the client, the second request including a doubly-signed version of the data, verifying the doubly-signed version of the data using a second identity provider key corresponding to the first identity provider key and a second client key corresponding to the first client key; and allowing, conditional on a result of the verifying, the client to access the secure network resource.