Web-based single sign-on logon manager

US 10,079,820 B2
Filed: 09/22/2014
Issued: 09/18/2018
Est. Priority Date: 09/20/2013
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, through a web-based interface at a front end logon manager interface of a gateway, a request from a user to access an application through a logon manager interface wherein the logon manager interface comprises an end-user application dashboard display that includes multiple application icons, such that each application icon shown in the dashboard display can represent a web application, a service, and/or a system that the user can access and such that each application icon can be associated with one or more policies and one or more credentials, such that a policy defines how an application can be accessed, and the credential provides information that can be used to authenticate the user to access the application;

converting, by the front end logon manager interface, the request to an access protocol to generate a converted request, the converted request comprising a policy request and a credential request;

forwarding, by the front end logon manager interface, the converted request to a back end logon manager interface;

extracting, by the back end logon manager interface, the policy request and the credential request from the converted request;

transmitting, by the back end logon manager interface, the policy request and the credential request to a single sign-on service;

identifying, based on the policy request, a policy associated with the requested application, wherein the policy defines access requirements associated with the application;

identifying, based on the credential request, user credentials based on the access requirements associated with the application; and

automatically providing the user credentials to the requested application.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Web-based single sign-on can enable a user to log in to a single interface (such as through a web browser or thin client) and then provide SSO services to the user for one or more web applications. The web-based SSO system can be extended to support one or more different access control methods, such as form-fill, Federated (OIF), SSO Protected (OAM), and other policies. The web-based SSO system can include a user interface through which the user can access different web applications, systems, etc. and manage their credentials. Each SSO service can be associated with a web interface allowing the SSO services to be accessed over the web. The web interfaces can provide CRUD (create, read, update, delete) functionality for each SSO service. To support different access policy types, the web-based SSO system can include an extensible data manager that can manage data access to different types of repositories transparently.

Citations

20 Claims

1. A method comprising:
- receiving, through a web-based interface at a front end logon manager interface of a gateway, a request from a user to access an application through a logon manager interface wherein the logon manager interface comprises an end-user application dashboard display that includes multiple application icons, such that each application icon shown in the dashboard display can represent a web application, a service, and/or a system that the user can access and such that each application icon can be associated with one or more policies and one or more credentials, such that a policy defines how an application can be accessed, and the credential provides information that can be used to authenticate the user to access the application;
  
  converting, by the front end logon manager interface, the request to an access protocol to generate a converted request, the converted request comprising a policy request and a credential request;
  
  forwarding, by the front end logon manager interface, the converted request to a back end logon manager interface;
  
  extracting, by the back end logon manager interface, the policy request and the credential request from the converted request;
  
  transmitting, by the back end logon manager interface, the policy request and the credential request to a single sign-on service;
  
  identifying, based on the policy request, a policy associated with the requested application, wherein the policy defines access requirements associated with the application;
  
  identifying, based on the credential request, user credentials based on the access requirements associated with the application; and
  
  automatically providing the user credentials to the requested application.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - receiving a request from a user to add a new application to the front end logon manager interface, wherein the request includes a policy and a credential;
      
      sending a request to a data manager to store the policy and the credential; and
      
      adding an icon corresponding to the new application to the front end logon manager interface, such that the icon is displayed in the front end logon manager interface.
  - 3. The method of claim 1, further comprising:
    - receiving a request to provision a plurality of applications for a user, wherein the request includes policies and credentials for each of the plurality of applications; and
      
      sending a request to a data manager to store the policies and the credentials; and
      
      adding icons corresponding to each of the plurality of applications to the front end logon manager interface, such that the icons are displayed when the user logs-in to the front end logon manager interface.
  - 4. The method of claim 1, wherein the front end logon manager interface presents a unified view of a plurality of applications associated with a plurality of different types of credentials.
  - 5. The method of claim 1, wherein identifying user credentials based on the access requirements associated with the application comprises:
    - extracting the policy request for the policy associated with the application, wherein the policy request is formatted according to a web based interface;
      
      sending the policy request to a single sign-on service; and
      
      receiving a policy response including the policy associated with the application, wherein the policy response is formatted according to the web based interface.
  - 6. The method of claim 5, wherein identifying user credentials based on the access requirements associated with the application comprises:
    - extracting the credential request for the user credentials, wherein the credential request is formatted according to a web based interface;
      
      sending the credential request to a single sign-on service; and
      
      receiving a credential response including the user credential, wherein the credential response is formatted according to the web based interface.
  - 7. The method of claim 1, wherein the policy is a form fill policy and wherein automatically providing the user credentials to the application comprises automatically populating fields in a graphical user interface associated with the application with the user credentials and submitting the user credentials to the application through the graphical user interface.

8. A system comprising:
- a computer, including a computer readable storage medium and processor;
  
  a logon manager interface, executing on the computer, wherein the logon manager interface includes a plurality of applications associated with different access requirements;
  
  wherein the logon manager interface is configured to;
  
  receive, through a web-based interface at a front end of the logon manager interface, a request from a user to access an application in the logon manager interface, wherein the logon manager interface comprises an end-user application dashboard display that includes multiple application icons, such that each application icon shown in the dashboard display can represent a web application, a service, and/or a system that the user can access and such that each application icon can be associated with one or more policies and one or more credentials, such that a policy defines how an application can be accessed, and the credential provides information that can be used to authenticate the user to access the application,convert the request to an access protocol to generate a converted request, the converted request comprising a policy request and a credential request,forward, by the front end of the logon manager interface, the converted request to a back end of the logon manager interface,extract, by the back end of the logon manager interface, the policy request and the credential request from the converted request,transmit, by the back end of the logon manager interface, the policy request and the credential request to a single sign-on service;
  
  identify, based on the policy request, a policy associated with the application, wherein the policy defines access requirements associated with the application;
  
  identify, based on the credential request, user credentials based on the access requirements associated with the application; and
  
  automatically provide the user credentials to the application.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, wherein the logon manager interface is further configured to:
    - receive a request from a user to add a new application to the logon manager interface, wherein the request includes a policy and a credential;
      
      send a request to a data manager to store the policy and the credential; and
      
      add an icon corresponding to the new application to the logon manager interface, such that the icon is displayed in the logon manager interface.
  - 10. The system of claim 8, wherein the logon manager interface is further configured to:
    - receive a request to provision a plurality of applications for a user, wherein the request includes policies and credentials for each of the plurality of applications; and
      
      send a request to a data manager to store the policies and the credentials; and
      
      add icons corresponding to each of the plurality of applications to the logon manager interface, such that the icons are displayed when the user logs-in to the logon manager interface.
  - 11. The system of claim 8, wherein the logon manager interface presents a unified view of a plurality of applications associated with a plurality of different types of credentials.
  - 12. The system of claim 8, wherein identifying user credentials based on the access requirements associated with the application comprises:
    - extracting the policy request for the policy associated with the application, wherein the policy request is formatted according to a web based interface;
      
      sending the policy request to a single sign-on service; and
      
      receiving a policy response including the policy associated with the application, wherein the policy response is formatted according to the web based interface.
  - 13. The system of claim 12, wherein identifying user credentials based on the access requirements associated with the application comprises:
    - extracting the credential request for the user credentials, wherein the credential request is formatted according to a web based interface;
      
      sending the credential request to a single sign-on service; and
      
      receiving a credential response including the user credential, wherein the credential response is formatted according to the web based interface.
  - 14. The system of claim 8, wherein the policy is a form fill policy and wherein automatically providing the user credentials to the application comprises automatically populating fields in a graphical user interface associated with the application with the user credentials and submitting the user credentials to the application through the graphical user interface.

15. A non-transitory computer readable storage medium including instructions stored thereon which when executed by a processor cause the processor to perform the steps of:
- receiving, through a web-based interface at a front end of a logon manager interface, a request from a user to access an application in a logon manager, wherein the logon manager interface comprises an end-user application dashboard display that includes multiple application icons, such that each application icon shown in the dashboard display can represent a web application, a service, and/or a system that the user can access and such that each application icon can be associated with one or more policies and one or more credentials, such that a policy defines how an application can be accessed, and the credential provides information that can be used to authenticate the user to access the application;
  
  converting the request to an access protocol to generate a converted request, the converted request comprising a policy request and a credential request;
  
  forwarding, by the front end of the logon manager interface, the converted request to a back end of the logon manager interface;
  
  extracting the policy request and the credential request from the converted request;
  
  transmitting, by the back end of the logon manager interface, the policy request and the credential request to a single sign-on service;
  
  identifying, based on the policy request, a policy associated with the application, wherein the policy defines access requirements associated with the requested application;
  
  identifying, based on the credential request, user credentials based on the access requirements associated with the application; and
  
  automatically providing the user credentials to the requested application.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory computer readable storage medium of claim 15, further instructions stored thereon which when executed by a processor cause the processor to perform the steps of:
    - receiving a request from a user to add a new application to the logon manager, wherein the request includes a policy and a credential;
      
      sending a request to a data manager to store the policy and the credential; and
      
      adding an icon corresponding to the new application to the logon manager, such that the icon is displayed in the logon manager.
  - 17. The non-transitory computer readable storage medium of claim 15, further instructions stored thereon which when executed by a processor cause the processor to perform the steps of:
    - receiving a request to provision a plurality of applications for a user, wherein the request includes policies and credentials for each of the plurality of applications; and
      
      sending a request to a data manager to store the policies and the credentials; and
      
      adding icons corresponding to each of the plurality of applications to the logon manager, such that the icons are displayed when the user logs-in to the logon manager.
  - 18. The non-transitory computer readable storage medium of claim 15, wherein the logon manager interface presents a unified view of a plurality of applications associated with a plurality of different types of credentials.
  - 19. The non-transitory computer readable storage medium of claim 15, wherein identifying user credentials based on the access requirements associated with the application comprises:
    - extracting the policy request for the policy associated with the application, wherein the policy request is formatted according to a web based interface;
      
      sending the policy request to a single sign-on service; and
      
      receiving a policy response including the policy associated with the application, wherein the policy response is formatted according to the web based interface.
  - 20. The non-transitory computer readable storage medium of claim 19, wherein identifying user credentials based on the access requirements associated with the application comprises:
    - extracting the credential request for the user credentials, wherein the credential request is formatted according to a web based interface;
      
      sending the credential request to a single sign-on service; and
      
      receiving a credential response including the user credential, wherein the credential response is formatted according to the web based interface.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Kolli, Ashish, Uchil, Mrudul, Brunaugh, Josh, Singh, Dharmvir
Primary Examiner(s)
Revak, Christopher
Assistant Examiner(s)
Savenkov, Vadim

Application Number

US14/493,224
Publication Number

US 20150089580A1
Time in Patent Office

1,457 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/41   where a single sign-on prov...

H04L 63/0815   providing single-sign-on or...

H04L 63/0838   using one-time-passwords

H04L 63/0884   by delegation of authentica...

H04L 63/10   for controlling access to d...

H04L 63/20   for managing network securi...

Web-based single sign-on logon manager

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Web-based single sign-on logon manager

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links