Single sign-on for unmanaged mobile devices
First Claim
1. A non-transitory computer-readable medium embodying a program executable in at least one computing device, the program, when executed by the at least one computing device, being configured to cause the at least one computing device to at least:
- cause a mapping between a predefined scheme name and an authentication application to be registered with a client device;
receive an access request from a client application executed in the client device;
cause the client application, using a redirection response that redirects the access request to an identity provider, to request an identity assertion from the authentication application executed in the client device, the identity assertion being requested by the client application using a local uniform resource locator (URL) beginning with the predefined scheme name that is registered with the client device to correspond to the authentication application;
receive the identity assertion from the client application;
verify the identity assertion; and
authenticate the client application.
2 Assignments
0 Petitions
Accused Products
Abstract
Disclosed are various examples for providing a single sign-on experience for mobile devices that may or may not be managed. A service provider receives an access request from a first client application executed in a client device. The service provider causes the first client application, using a redirection response that redirects the access request to an identity provider, to request an authentication token from a second client application executed in the client device. The service provider receives the authentication token from the first client application. The service provider then authenticates the first client application in response to verifying the authentication token.
-
Citations
20 Claims
-
1. A non-transitory computer-readable medium embodying a program executable in at least one computing device, the program, when executed by the at least one computing device, being configured to cause the at least one computing device to at least:
-
cause a mapping between a predefined scheme name and an authentication application to be registered with a client device; receive an access request from a client application executed in the client device; cause the client application, using a redirection response that redirects the access request to an identity provider, to request an identity assertion from the authentication application executed in the client device, the identity assertion being requested by the client application using a local uniform resource locator (URL) beginning with the predefined scheme name that is registered with the client device to correspond to the authentication application; receive the identity assertion from the client application; verify the identity assertion; and authenticate the client application. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system, comprising:
-
at least one computing device comprising a processor and a memory; and a service provider executable by the at least one computing device, the service provider configured to cause the at least one computing device to at least; receive an access request from a first client application executed in a client device; cause a mapping between a predefined scheme name and a second client application to be registered with the client device; cause the first client application, using a redirection response that redirects the access request to an identity provider, to request an authentication token from the second client application executed in the client device, the authentication token being requested by the first client application using a local uniform resource locator (URL) beginning with the predefined scheme name that is registered with the client device to correspond to the second client application; receive the authentication token from the first client application; and authenticate the first client application in response to verifying the authentication token. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A method, comprising:
-
receiving, by a service provider executed in at least one computing device comprising a processor and a memory, an access request from a first client application executed in a client device; causing, by the service provider, a mapping between a predefined scheme name and a second client application to be registered with the client device; causing the first client application, by the service provider using a redirection response that redirects the access request to an identity provider, to request an authentication token from the second client application executed in the client device, the authentication token being requested by the first client application using a local uniform resource locator (URL) beginning with the predefined scheme name that is registered with the client device to correspond to the second client application; receiving, by the service provider, the authentication token from the first client application; and authenticating, by the service provider, the first client application in response to verifying the authentication token. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification