Web-based interface integration for single sign-on
First Claim
1. A method for web-based access management through a single sign-on service system, the method comprising:
- receiving, by a first tunnel proxy of a computer system that includes a data manager that manages data access to different types of repositories transparently, from a second tunnel proxy of a single sign-on gateway, a first request, for a first single sign-on service of a plurality of single sign on services to perform a management operation on first single sign-on data of a plurality of single sign-on data, wherein;
the first request is initiated as a second request, wherein the second request is a credential management request, defined according to a first protocol, by a client device via a web interface associated with the first single sign-on service,the second tunnel proxy of the single sign-on gateway converts the second request from the first protocol to an access protocol to generate the first request,the management operation is one of creating, updating, or deleting the first single sign-on data, andthe single sign-on service system provides the plurality of single sign-on services for a plurality of single sign-on access control types using the plurality of single sign-on data stored in a plurality of data repositories;
in response to receiving the first request, converting, by the first tunnel proxy of the computer system, the first request from the access protocol to the first protocol to obtain the second request;
in response to converting the first request to obtain the second request, providing the second request to the first single sign-on service;
in response to receiving the second request, performing, by the first single sign-on service of the computer system, the management operation, wherein performing the management operation comprises;
generating an operation request based on the second request to perform the management operation,providing the operation request to the data manager of the single sign-on service system,determining, by the data manager, that the first single sign-on data is associated with a first data repository of the plurality of data repositories,transmitting the operation request to the first data repository, and generating a first response to the second request based on transmitting the operation request to the first data repository, wherein the first response is defined according to the first protocol;
converting, by the first tunnel proxy of the computer system, the first response from the first protocol to the access protocol to generate a second response; and
sending, by the first tunnel proxy of the computer system, to the second tunnel proxy of the single sign-on gateway, the second response that facilitates providing the first response to the client device via the web interface.
1 Assignment
0 Petitions
Accused Products
Abstract
Web-based single sign-on can enable a user to log in to a single interface (such as through a web browser or thin client) and then provide SSO services to the user for one or more web applications. The web-based SSO system can be extended to support one or more different access control methods, such as form-fill, Federated (OIF), SSO Protected (OAM), and other policies. The web-based SSO system can include a user interface through which the user can access different web applications, systems, etc. and manage their credentials. Each SSO service can be associated with a web interface allowing the SSO services to be accessed over the web. The web interfaces can provide CRUD (create, read, update, delete) functionality for each SSO service. To support different access policy types, the web-based SSO system can include an extensible data manager that can manage data access to different types of repositories transparently.
50 Citations
20 Claims
-
1. A method for web-based access management through a single sign-on service system, the method comprising:
-
receiving, by a first tunnel proxy of a computer system that includes a data manager that manages data access to different types of repositories transparently, from a second tunnel proxy of a single sign-on gateway, a first request, for a first single sign-on service of a plurality of single sign on services to perform a management operation on first single sign-on data of a plurality of single sign-on data, wherein; the first request is initiated as a second request, wherein the second request is a credential management request, defined according to a first protocol, by a client device via a web interface associated with the first single sign-on service, the second tunnel proxy of the single sign-on gateway converts the second request from the first protocol to an access protocol to generate the first request, the management operation is one of creating, updating, or deleting the first single sign-on data, and the single sign-on service system provides the plurality of single sign-on services for a plurality of single sign-on access control types using the plurality of single sign-on data stored in a plurality of data repositories; in response to receiving the first request, converting, by the first tunnel proxy of the computer system, the first request from the access protocol to the first protocol to obtain the second request; in response to converting the first request to obtain the second request, providing the second request to the first single sign-on service; in response to receiving the second request, performing, by the first single sign-on service of the computer system, the management operation, wherein performing the management operation comprises; generating an operation request based on the second request to perform the management operation, providing the operation request to the data manager of the single sign-on service system, determining, by the data manager, that the first single sign-on data is associated with a first data repository of the plurality of data repositories, transmitting the operation request to the first data repository, and generating a first response to the second request based on transmitting the operation request to the first data repository, wherein the first response is defined according to the first protocol; converting, by the first tunnel proxy of the computer system, the first response from the first protocol to the access protocol to generate a second response; and sending, by the first tunnel proxy of the computer system, to the second tunnel proxy of the single sign-on gateway, the second response that facilitates providing the first response to the client device via the web interface. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A single sign-on service system for web-based access management, the single sign-on service system comprising:
-
a computer of the single sign-on service system that provides a plurality of single sign-on services for a plurality of single sign-on access control types using a plurality of single sign-on data stored in a plurality of data repositories, the computer including a computer readable medium and processor, the computer also including a data manager that manages data access to different types of repositories transparently; wherein the computer comprises a first tunnel proxy configured to; receive, from a second tunnel proxy of a single sign-on gateway, a first request for a first single sign-on service of the plurality of single sign-on services to perform a management operation on first single sign-on data, wherein; the first request is initiated as a second request, wherein the second request is a credential management request, defined according to a first protocol, by a client device via a web interface associated with the first single sign-on service, the second tunnel proxy of the single sign-on gateway converts the second request from the first protocol to an access protocol to generate the first request, and the management operation is one of creating, updating, or deleting the first single sign-on data; in response to receiving the first request, convert the first request from the access protocol to the first protocol to obtain the second request, in response to converting the first request to obtain the second request, providing the second request to a first single sign-on service of the plurality of single sign-on services; convert a first response, received from the first single sign-on service, from the first protocol to the access protocol to generate a second response; and send, to the second tunnel proxy of the single sign-on gateway, the second response that facilitates providing the first response to the client device via the web interface; and wherein the first single sign-on service is configured to; in response to receiving the second request, perform the management operation, wherein performing the management operation comprises; generating an operation request based on the second request to perform the management operation, providing the operation request to the data manager of the computer, determining, by the data manager, that the first single sign-on data is associated with a first data repository of the plurality of data repositories, transmitting the operation request to the first data repository, generating the first response to the second request based on transmitting the operation request to the first data repository, wherein the first response is defined according to the first protocol; and transmit the first response to the first tunnel proxy. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A non-transitory computer readable storage medium including instructions stored thereon which, when executed by a processor, cause the processor to perform a method of operations comprising:
-
receive, by a first tunnel proxy of a computer system of a single sign-on service system, that includes a data manager that manages data access to different types of repositories transparently, from a second tunnel proxy of a single sign-on gateway, a first request to perform a management operation on first single sign-on data, wherein; the first request is initiated as a second request, wherein the second request is a credential management request, defined according to a first protocol, by a client device via a web interface associated with the single sign-on service system, the second tunnel proxy of the single sign-on gateway converts the second request from the first protocol to an access protocol to generate the first request, the management operation is one of creating, updating, or deleting the first single sign-on data, and the single sign-on service system provides a plurality of single sign-on services for a plurality of single sign-on access control types using a plurality of single sign-on data stored in a plurality of data repositories; in response to receiving the first request, convert the first request from the access protocol to the first protocol to obtain the second request; in response to converting the first request to obtain the second request, provide the second request to the single sign-on service system; in response to receiving the second request perform, by the single sign-on service system, the management operation, wherein performing the management operation comprises; generating an operation request based on the second request to perform the management operation, providing the operation request to the data manager of the single sign-on service system, determining, by the data manager, that the first single sign-on data is associated with a first data repository of the plurality of data repositories, transmitting the operation request to the first data repository, and generate a first response to the second request based on transmitting the operation request to the first data repository, wherein the first response is defined according to the first protocol; convert, by the first tunnel proxy, the first response from the first protocol to the access protocol to generate a second response; and send, by the first tunnel proxy to the second tunnel proxy of the single sign-on gateway, the second response that facilitates providing the first response to the client device via the web interface. - View Dependent Claims (17, 18, 19, 20)
-
Specification