Modifying a user session lifecycle in a cloud broker environment
First Claim
Patent Images
1. A processor-implemented method for modifying a user session lifecycle, the method comprising:
- instructing an identity provider to authenticate a first user session of a user device on a first cloud service provider under a single source sign-on service, wherein the authentication requires a user to provide user specific credentials;
monitoring a plurality of user behaviors exhibited during the authenticated user session;
determining a plurality of session data relating to a session timeout within the identity provider should be updated based on the monitored plurality of user behaviors and a security policy within a database, wherein initiating the session timeout relates to terminating a user session based on an elapsed time since user authentication;
modifying, within the identity provider, the determined plurality of session data based on the determination;
in response to the session timeout being initiated, instructing the identity provider to authenticate a second user session of the user device on a second cloud service provider under the single source sign-on service; and
in response to the session timeout being extended, providing user access, by an extension of the first user session, to the second cloud service provider based on the modified plurality of session data.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for modifying a user session lifecycle is provided. The method may include verifying a user session on a cloud service provider is valid. The method may also include monitoring a plurality of user behaviors exhibited during the verified user session. The method may further include determining a plurality of session data within an identity provider should be updated based on the monitored plurality of user behaviors and a policy within a database. The method may also include modifying the determined plurality of session data.
-
Citations
20 Claims
-
1. A processor-implemented method for modifying a user session lifecycle, the method comprising:
-
instructing an identity provider to authenticate a first user session of a user device on a first cloud service provider under a single source sign-on service, wherein the authentication requires a user to provide user specific credentials; monitoring a plurality of user behaviors exhibited during the authenticated user session; determining a plurality of session data relating to a session timeout within the identity provider should be updated based on the monitored plurality of user behaviors and a security policy within a database, wherein initiating the session timeout relates to terminating a user session based on an elapsed time since user authentication; modifying, within the identity provider, the determined plurality of session data based on the determination; in response to the session timeout being initiated, instructing the identity provider to authenticate a second user session of the user device on a second cloud service provider under the single source sign-on service; and in response to the session timeout being extended, providing user access, by an extension of the first user session, to the second cloud service provider based on the modified plurality of session data. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer system for modifying a user session lifecycle, the computer system comprising:
-
one or more processors, one or more computer-readable memories, one or more computer-readable tangible storage medium, and program instructions stored on at least one of the one or more tangible storage medium for execution by at least one of the one or more processors via at least one of the one or more memories, wherein the computer system is capable of performing a method comprising; instructing an identity provider to authenticate a first user session of a user device on a first cloud service provider under a single source sign-on service, wherein the authentication requires a user to provide user specific credentials; monitoring a plurality of user behaviors exhibited during the authenticated user session; determining a plurality of session data relating to a session timeout within the identity provider should be updated based on the monitored plurality of user behaviors and a security policy within a database, wherein initiating the session timeout relates to terminating a user session based on an elapsed time since user authentication; modifying, within the identity provider, the determined plurality of session data based on the determination; in response to the session timeout being initiated, instructing the identity provider to authenticate a second user session of the user device on a second cloud service provider under the single source sign-on service; and in response to the session timeout being extended, providing user access, by an extension of the first user session, to the second cloud service provider based on the modified plurality of session data. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer program product for modifying a user session lifecycle, the computer program product comprising:
-
one or more computer-readable tangible storage medium and program instructions stored on at least one of the one or more tangible storage medium, the program instructions executable by a processor, the program instructions comprising;
program instructions to instruct an identity provider to authenticate a first user session of a user device on a first cloud service provider under a single source sign-on service, wherein the authentication requires a user to provide user specific credentials;program instructions to monitor a plurality of user behaviors exhibited during the authenticated user session; program instructions to determine a plurality of session data relating to a session timeout within the identity provider should be updated based on the monitored plurality of user behaviors and a policy within a database, and wherein initiating the session timeout relates to terminating a user session based on an elapsed time since user authentication; program instructions to modify, within the identity provider, the determined plurality of session data based on the determination; in response to the session timeout being initiated, program instructions to instruct the identity provider to authenticate a second user session of the user device on a second cloud service provider under the single source sign-on service; and in response to the session timeout being extended, program instructions to provide user access, by an extension of the first user session, to the second cloud service provider based on the modified plurality of session data. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification