Web-based single sign-on logon manager
First Claim
1. A method comprising:
- receiving, through a web-based interface at a front end logon manager interface of a gateway, a request from a user to access an application through a logon manager interface wherein the logon manager interface comprises an end-user application dashboard display that includes multiple application icons, such that each application icon shown in the dashboard display can represent a web application, a service, and/or a system that the user can access and such that each application icon can be associated with one or more policies and one or more credentials, such that a policy defines how an application can be accessed, and the credential provides information that can be used to authenticate the user to access the application;
converting, by the front end logon manager interface, the request to an access protocol to generate a converted request, the converted request comprising a policy request and a credential request;
forwarding, by the front end logon manager interface, the converted request to a back end logon manager interface;
extracting, by the back end logon manager interface, the policy request and the credential request from the converted request;
transmitting, by the back end logon manager interface, the policy request and the credential request to a single sign-on service;
identifying, based on the policy request, a policy associated with the requested application, wherein the policy defines access requirements associated with the application;
identifying, based on the credential request, user credentials based on the access requirements associated with the application; and
automatically providing the user credentials to the requested application.
1 Assignment
0 Petitions
Accused Products
Abstract
Web-based single sign-on can enable a user to log in to a single interface (such as through a web browser or thin client) and then provide SSO services to the user for one or more web applications. The web-based SSO system can be extended to support one or more different access control methods, such as form-fill, Federated (OIF), SSO Protected (OAM), and other policies. The web-based SSO system can include a user interface through which the user can access different web applications, systems, etc. and manage their credentials. Each SSO service can be associated with a web interface allowing the SSO services to be accessed over the web. The web interfaces can provide CRUD (create, read, update, delete) functionality for each SSO service. To support different access policy types, the web-based SSO system can include an extensible data manager that can manage data access to different types of repositories transparently.
-
Citations
20 Claims
-
1. A method comprising:
-
receiving, through a web-based interface at a front end logon manager interface of a gateway, a request from a user to access an application through a logon manager interface wherein the logon manager interface comprises an end-user application dashboard display that includes multiple application icons, such that each application icon shown in the dashboard display can represent a web application, a service, and/or a system that the user can access and such that each application icon can be associated with one or more policies and one or more credentials, such that a policy defines how an application can be accessed, and the credential provides information that can be used to authenticate the user to access the application; converting, by the front end logon manager interface, the request to an access protocol to generate a converted request, the converted request comprising a policy request and a credential request; forwarding, by the front end logon manager interface, the converted request to a back end logon manager interface; extracting, by the back end logon manager interface, the policy request and the credential request from the converted request; transmitting, by the back end logon manager interface, the policy request and the credential request to a single sign-on service; identifying, based on the policy request, a policy associated with the requested application, wherein the policy defines access requirements associated with the application; identifying, based on the credential request, user credentials based on the access requirements associated with the application; and automatically providing the user credentials to the requested application. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system comprising:
-
a computer, including a computer readable storage medium and processor; a logon manager interface, executing on the computer, wherein the logon manager interface includes a plurality of applications associated with different access requirements; wherein the logon manager interface is configured to; receive, through a web-based interface at a front end of the logon manager interface, a request from a user to access an application in the logon manager interface, wherein the logon manager interface comprises an end-user application dashboard display that includes multiple application icons, such that each application icon shown in the dashboard display can represent a web application, a service, and/or a system that the user can access and such that each application icon can be associated with one or more policies and one or more credentials, such that a policy defines how an application can be accessed, and the credential provides information that can be used to authenticate the user to access the application, convert the request to an access protocol to generate a converted request, the converted request comprising a policy request and a credential request, forward, by the front end of the logon manager interface, the converted request to a back end of the logon manager interface, extract, by the back end of the logon manager interface, the policy request and the credential request from the converted request, transmit, by the back end of the logon manager interface, the policy request and the credential request to a single sign-on service; identify, based on the policy request, a policy associated with the application, wherein the policy defines access requirements associated with the application; identify, based on the credential request, user credentials based on the access requirements associated with the application; and automatically provide the user credentials to the application. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer readable storage medium including instructions stored thereon which when executed by a processor cause the processor to perform the steps of:
-
receiving, through a web-based interface at a front end of a logon manager interface, a request from a user to access an application in a logon manager, wherein the logon manager interface comprises an end-user application dashboard display that includes multiple application icons, such that each application icon shown in the dashboard display can represent a web application, a service, and/or a system that the user can access and such that each application icon can be associated with one or more policies and one or more credentials, such that a policy defines how an application can be accessed, and the credential provides information that can be used to authenticate the user to access the application; converting the request to an access protocol to generate a converted request, the converted request comprising a policy request and a credential request; forwarding, by the front end of the logon manager interface, the converted request to a back end of the logon manager interface; extracting the policy request and the credential request from the converted request; transmitting, by the back end of the logon manager interface, the policy request and the credential request to a single sign-on service; identifying, based on the policy request, a policy associated with the application, wherein the policy defines access requirements associated with the requested application; identifying, based on the credential request, user credentials based on the access requirements associated with the application; and automatically providing the user credentials to the requested application. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification