Single sign-on framework for browser-based applications and native applications
First Claim
Patent Images
1. A system for providing a single sign-on capability to a browser-based application accessed by a browser:
- a client device comprising a processor and a memory, the client device executing the browser and configured to at least;
store an authentication key on the client device in response to a previous authentication of credentials associated with a user account;
transmit a request to authenticate access to the browser-based application from the client device to an identity provider server in response to the browser-based application accessing a link that requires federated user authentication;
receive an authentication challenge embedded in a tbauth request from the identity provider server in response to the request to authenticate access, the tbauth request including a uniform resource identifier (URI) for which an identity provider application on the client device is registered as a local identity provider;
retrieve the authentication key;
transmit the authentication key and the authentication challenge to the identity provider server; and
obtain an indication that the user account is authenticated by the identity provider server.
4 Assignments
0 Petitions
Accused Products
Abstract
Disclosed are various approaches for providing single sign-on capabilities for a user on a client device. A user'"'"'s credentials can be authenticated by an identity provider application. The identity provider application can facilitate single sign-on capabilities for browser-based applications and native applications on the client device.
-
Citations
17 Claims
-
1. A system for providing a single sign-on capability to a browser-based application accessed by a browser:
a client device comprising a processor and a memory, the client device executing the browser and configured to at least; store an authentication key on the client device in response to a previous authentication of credentials associated with a user account; transmit a request to authenticate access to the browser-based application from the client device to an identity provider server in response to the browser-based application accessing a link that requires federated user authentication; receive an authentication challenge embedded in a tbauth request from the identity provider server in response to the request to authenticate access, the tbauth request including a uniform resource identifier (URI) for which an identity provider application on the client device is registered as a local identity provider; retrieve the authentication key; transmit the authentication key and the authentication challenge to the identity provider server; and obtain an indication that the user account is authenticated by the identity provider server. - View Dependent Claims (2, 3, 4, 5, 6)
-
7. A method for providing a single sign-on capability to a browser-based application accessed by a browser on a client device, comprising:
-
storing an authentication key on the client device in response to a previous authentication of credentials associated with a user account; transmitting a request to authenticate access to the browser-based application from the client device to an identity provider server in response to the browser-based application accessing a link that requires federated user authentication; receiving an authentication challenge embedded in a tbauth request from the identity provider server in response to the request to authenticate access, the tbauth request including a uniform resource identifier (URI) for which an identity provider application on the client device is registered as a local identity provider; retrieving the authentication key; transmitting the authentication key and the authentication challenge to the identity provider server; and obtaining an indication that the user account is authenticated by the identity provider server. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A non-transitory computer-readable medium comprising machine-readable instructions providing a single sign-on capability to a browser-based application accessed by a browser on a client device, wherein when executed by a processor of the client device, the machine-readable instructions cause the client device to at least:
-
store an authentication key on the client device in response to a previous authentication of credentials associated with a user account; transmit a request to authenticate access to the browser-based application from the client device to an identity provider server in response to the browser-based application accessing a link that requires federated user authentication; receive an authentication challenge embedded in a tbauth request from the identity provider server in response to the request to authenticate access, the tbauth request including a uniform resource identifier (URI) for which an identity provider application on the client device is registered as a local identity provider; retrieve the authentication key; transmit the authentication key and the authentication challenge to the identity provider server; and obtain an indication that the user account is authenticated by the identity provider server. - View Dependent Claims (14, 15, 16, 17)
-
Specification