Single sign-on framework for browser-based applications and native applications
First Claim
Patent Images
1. A system for providing a single sign-on capability to at least one application installed on a client device, comprising:
- the client device; and
an identity provider application executable by the client device, the identity provider application causing the client device to at least;
register the identity provider application as a local identity provider on the client device using an application programming interface (API) associated with an operating system of the client device, wherein the identity provider application specifies a particular identity provider server address for an identity provider service for which the identity provider application is the local identity provider;
obtain a user credential associated with a user account;
authenticate the user credential for the user account with the identity provider service;
obtain a request to validate an installation of an application installed on the client device based upon the user account;
validate the installation of the application based upon at least one parameter embedded within the request, the installation of the application being validated by extracting a package family name from the request to authenticate the installation of the application, generating a session identifier associated with the request to authenticate the installation of the application and providing the session identifier and an encryption key to the installation of the application;
request an authentication key from the identity provider service; and
provide the authentication key to the application, wherein the application authenticates the user account with the identity provider service using the authentication key.
2 Assignments
0 Petitions
Accused Products
Abstract
Disclosed are various approaches for providing single sign-on capabilities for a user on a client device. A user'"'"'s credentials can be authenticated by an identity provider application. The identity provider application can facilitate single sign-on capabilities for browser-based applications and native applications on the client device.
-
Citations
20 Claims
-
1. A system for providing a single sign-on capability to at least one application installed on a client device, comprising:
-
the client device; and an identity provider application executable by the client device, the identity provider application causing the client device to at least; register the identity provider application as a local identity provider on the client device using an application programming interface (API) associated with an operating system of the client device, wherein the identity provider application specifies a particular identity provider server address for an identity provider service for which the identity provider application is the local identity provider; obtain a user credential associated with a user account; authenticate the user credential for the user account with the identity provider service; obtain a request to validate an installation of an application installed on the client device based upon the user account; validate the installation of the application based upon at least one parameter embedded within the request, the installation of the application being validated by extracting a package family name from the request to authenticate the installation of the application, generating a session identifier associated with the request to authenticate the installation of the application and providing the session identifier and an encryption key to the installation of the application; request an authentication key from the identity provider service; and provide the authentication key to the application, wherein the application authenticates the user account with the identity provider service using the authentication key. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for providing a single sign-on capability to at least one application installed on a client device, comprising:
-
registering an identity provider application as a local identity provider on the client device using an application programming interface (API) associated with an operating system of the client device, wherein the identity provider application specifies a particular identity provider server address for an identity provider service for which the identity provider application is the local identity provider; obtaining a user credential associated with a user account, authenticating the user credential for the user account with the identity provider service; obtaining a request to validate an installation of an application installed on the client device based upon the user account; validating the installation of the application based upon at least one parameter embedded within the request, the installation of the application validated by extracting a package family name from the request to authenticate the installation of the application, generating a session identifier associated with the request to authenticate the installation of the application, and providing the session identifier and an encryption key to the installation of the application; requesting an authentication key from the identity provider service; providing the authentication key to the application, wherein the application authenticates the user account with the identity provider service using the authentication key. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer-readable medium comprising machine-readable instructions providing a single sign-on capability to at least one application installed on a client device, wherein when executed by a processor of the client device, the machine-readable instructions cause the client device to at least:
-
register an identity provider application as a local identity provider on the client device using an application programming interface (API) associated with an operating system of the client device, wherein the identity provider application specifics a particular identity provider server address for an identity provider service for which the identity provider application is the local identity provider; obtain a user credential associated with a user account; authenticate the user credential for the user account with the identity provider service; obtain a request to validate an installation of an application installed on the client device based upon the user account; validate the installation of the application based upon at least one parameter embedded within the request, the installation of the application validated by extracting a package family name from the request to authenticate the installation of the application, generating a session identifier associated with the request to authenticate the installation of the application, and providing the session identifier and an encryption key to the installation of the application; request an authentication key from the identity provider service; and provide the authentication key to the application, wherein the application authenticates the user account with the identity provider service using the authentication key. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification