Detection and repair of broken single sign-on integration
First Claim
1. A computer-implemented method performed by an identity management system, the method comprising:
- storing, for each third-party service of a plurality of third-party services, a single sign-on (SSO) integration for the third-party service, the SSO integration comprising information enabling automated login to the third-party service;
for a first one of the third-party services and a corresponding first one of the SSO integrations;
successfully signing in users into accounts of the users on the first one of the third-party services using the first one of the SSO integrations; and
detecting that the first one of the SSO integrations can no longer automatically sign in users into accounts of the users on the first one of the third-party services;
repairing the first SSO integration responsive to detecting that the first SSO integration can no longer automatically sign in users into accounts of the users on the third-party service; and
determining that the first SSO integration has been successfully repaired by;
receiving a request from a user to login to the first third-party service;
using the repaired first SSO integration to attempt to log the user into the first third-party service; and
analyzing behavior of the user after the attempted login using the repaired first SSO integration.
1 Assignment
0 Petitions
Accused Products
Abstract
An identity management system provides single sign-on (SSO) services to clients, logging the clients into a variety of third-party services for which the clients have accounts. An SSO integration is stored for each of the third-party services, the SSO integration including information that allows the identity management system to automate the login for the corresponding third-party service, such as locations of the login pages, and/or identities of username and password fields. The identity management system uses different techniques in different embodiments to detect that a given SSO integration is broken (i.e., no longer permits login for its corresponding third-party service) and/or to repair the SSO integration.
-
Citations
33 Claims
-
1. A computer-implemented method performed by an identity management system, the method comprising:
-
storing, for each third-party service of a plurality of third-party services, a single sign-on (SSO) integration for the third-party service, the SSO integration comprising information enabling automated login to the third-party service; for a first one of the third-party services and a corresponding first one of the SSO integrations; successfully signing in users into accounts of the users on the first one of the third-party services using the first one of the SSO integrations; and detecting that the first one of the SSO integrations can no longer automatically sign in users into accounts of the users on the first one of the third-party services; repairing the first SSO integration responsive to detecting that the first SSO integration can no longer automatically sign in users into accounts of the users on the third-party service; and determining that the first SSO integration has been successfully repaired by; receiving a request from a user to login to the first third-party service; using the repaired first SSO integration to attempt to log the user into the first third-party service; and analyzing behavior of the user after the attempted login using the repaired first SSO integration. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A computer-implemented method performed by an identity management system, the method comprising:
-
storing, for each third-party service of a plurality of third-party services, a single sign-on (SSO) integration for the third-party service, the SSO integration comprising information enabling automated login to the third-party service; for a first one of the third-party services and a corresponding first one of the SSO integrations; successfully signing in users into accounts of the users on the first one of the third-party services using the first one of the SSO integrations; and detecting that the first one of the SSO integrations can no longer automatically sign in users into accounts of the users on the first one of the third-party services, the detecting comprising; attempting login to the first one of the third-party services using incorrect credentials; and determining, based on output of the attempted login, that the attempted login was legitimate except for the incorrect credentials, the determining comprising; obtaining a first screenshot of the first third-party service'"'"'s login page before the attempted login; obtaining a second screenshot of the first third-party service'"'"'s login page after the attempted login; and comparing visual properties of the first screenshot and second screenshot. - View Dependent Claims (22, 23)
-
-
24. A computer-implemented method performed by an identity management system, the method comprising:
-
storing, for each third-party service of a plurality of third-party services, a single sign-on (SSO) integration for the third-party service, the SSO integration comprising information enabling automated login to the third-party service; for a first one of the third-party services and a corresponding first one of the SSO integrations; successfully signing in users into accounts of the users on the first one of the third-party services using the first one of the SSO integrations; and detecting that the first one of the SSO integrations can no longer automatically sign in users into accounts of the users on the first one of the third-party services; and determining that the first one of the SSO integrations can no longer automatically sign in users into accounts of the users on the third-party service due to a change in content of a login page of the first third-party service, based on comparison of a hash value of the login page computed at a time of the detecting and a hash value of the login page computed at a prior time when login into the first third-party service was successful. - View Dependent Claims (25, 26, 27, 28)
-
-
29. A computer-implemented method performed by an identity management system, the method comprising:
-
storing, for each third-party service of a plurality of third-party services, a single sign-on (SSO) integration for the third-party service, the SSO integration comprising information enabling automated login to the third-party service; for a first one of the third-party services and a corresponding first one of the SSO integrations; successfully signing in users into accounts of the users on the first one of the third-party services using the first one of the SSO integrations; and detecting that the first one of the SSO integrations can no longer automatically sign in users into accounts of the users on the first one of the third-party services; and repairing the first SSO integration responsive to detecting that the first SSO integration can no longer automatically sign in users into accounts of the users on the third-party service, the repairing comprising; parsing a login page of the first third-party service to identify a submit button that is a closest button in the login page to a password field in the login page; and storing the identified submit button in the first SSO integration. - View Dependent Claims (30, 31, 32, 33)
-
Specification