Secure identity federation for non-federated systems
First Claim
1. A method for single sign-on (SSO) to access services provided by non-federated systems, the method including:
- storing a set of credentials to enable user access to the services for a plurality of remote computer applications in a repository remote from the user, the services provided by the non-federated systems do not share a common identity verification protocol;
receiving a request to access one of the services by an authenticated user; and
supplying the requested service with a credential of the authenticated user to enable the authenticated user to access the service in response to determining that an account associated with the requested service is authorized to act on behalf of the user.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and apparatus, including computer program products, implementing and using techniques for providing user credentials over a network to a remote computer application. User credentials for the remote computer application are stored in a central repository that is accessible through the network. A request is sent to a service to perform, on behalf of a user, a particular task involving the remote computer application. It is determined whether the service has been granted permission to act on behalf of the user with respect to the remote computer application. When the service has permission to act on behalf of the user, the service is used to retrieve the user'"'"'s credentials for the remote computer application from the central repository and to supply the retrieved user credentials to the remote computer application.
-
Citations
21 Claims
-
1. A method for single sign-on (SSO) to access services provided by non-federated systems, the method including:
-
storing a set of credentials to enable user access to the services for a plurality of remote computer applications in a repository remote from the user, the services provided by the non-federated systems do not share a common identity verification protocol; receiving a request to access one of the services by an authenticated user; and supplying the requested service with a credential of the authenticated user to enable the authenticated user to access the service in response to determining that an account associated with the requested service is authorized to act on behalf of the user. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory computer readable medium storing a plurality of instructions to cause one or more processors to perform a set of operations for single sign-on (SSO) to access services provided by non-federated systems the set of operations comprising:
-
storing a set of credentials to enable user access to the services for a plurality of remote computer applications in a repository remote from the user, the services provided by the non-federated systems do not share a common identity verification protocol; receiving a request to access one of the services by an authenticated user; and supplying the requested service with a credential of the authenticated user to enable the authenticated user to access the service in response to determining that an account associated with the requested service is authorized to act on behalf of the user. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer system configured to perform a set of operations for single sign-on (SSO) to access services provided by non-federated systems, the computer system comprising:
-
a non-transitory computer readable medium having stored therein an intermediate service; and at least one processor, the at least one processor to execute the intermediate service, the intermediate service to store a set of credentials to enable user access to the services for a plurality of remote computer applications in a repository remote from the user, the services provided by the non-federated systems do not share a common identity verification protocol, to receive a request to access one of the services by an authenticated user, and to supply the requested service with a credential of the authenticated user to enable the authenticated user to access the service in response to determining that an account associated with the requested service is authorized to act on behalf of the user. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification