US Patent 8006289 Method and system for extending authentication methods

A method is presented for managing authentication credentials for a user. A session management server performs session management with respect to the user for a domain that includes a protected resource. The session management server receives a request to access the protected resource, which requires authentication credentials that have been generated for a first type of authentication context. In response to determining that authentication credentials for the user have been generated for a second type of authentication context, the session management server sends to an authentication proxy server a first message that contains the authentication credentials for the user and an indicator for the first type of authentication context. The session management server subsequently receives a second message that contains updated authentication credentials for the user that indicate that the updated authentication credentials have been generated for the first type of authentication context.