Single sign-on for managed mobile devices
First Claim
1. A non-transitory computer-readable medium embodying a program executable in a server computing device, the program, when executed by the server computing device, being configured to cause the server computing device to at least:
- receive a request for an identity assertion from an application executed in a mobile device;
detect that the requesting mobile device includes a specific platform selected from a plurality of platforms, wherein each of the plurality of platforms is operable to work with only one of a plurality of corresponding subsets of a plurality of types of management credentials, and the only one of the corresponding subsets of the plurality of types of management credentials differs for each of the plurality of platforms;
identify a specific platform adapter individually corresponding to the detected specific platform, wherein the specific platform adapter is selected from a plurality of platform adapters that each individually correspond to one of the plurality of platforms, and each of the plurality of platform adapters is individually operable with a corresponding type of management credential of the only one of the plurality of corresponding subsets of the plurality of types of management credentials for the one of the plurality of platforms;
generate, by the identified specific platform adapter, a response that requests a management credential having the corresponding type of management credential of the only one of the plurality of corresponding subsets of the plurality of types of management credentials;
send to the mobile device the response;
receive the requested management credential from the mobile device;
determine that the received management credential is valid for the identity assertion; and
send the identity assertion to the mobile device in response to determining that the management credential is valid for the identity assertion.
0 Assignments
0 Petitions
Accused Products
Abstract
Disclosed are various examples for single-sign on by way of managed mobile devices. For example, an identity provider service can receive a request for an identity assertion from an application executed in a client device. The identity provider service can then detect a platform associated with the client device. A response to the request can be sent based at least in part on the platform, where the response requests authentication by a management credential. Data generated by the management credential is received from the client device, and the management credential is determined to be valid for the identity assertion. The identity assertion is then sent to the client device in response to determining that the management credential is valid for the identity assertion.
77 Citations
20 Claims
-
1. A non-transitory computer-readable medium embodying a program executable in a server computing device, the program, when executed by the server computing device, being configured to cause the server computing device to at least:
-
receive a request for an identity assertion from an application executed in a mobile device; detect that the requesting mobile device includes a specific platform selected from a plurality of platforms, wherein each of the plurality of platforms is operable to work with only one of a plurality of corresponding subsets of a plurality of types of management credentials, and the only one of the corresponding subsets of the plurality of types of management credentials differs for each of the plurality of platforms; identify a specific platform adapter individually corresponding to the detected specific platform, wherein the specific platform adapter is selected from a plurality of platform adapters that each individually correspond to one of the plurality of platforms, and each of the plurality of platform adapters is individually operable with a corresponding type of management credential of the only one of the plurality of corresponding subsets of the plurality of types of management credentials for the one of the plurality of platforms; generate, by the identified specific platform adapter, a response that requests a management credential having the corresponding type of management credential of the only one of the plurality of corresponding subsets of the plurality of types of management credentials; send to the mobile device the response; receive the requested management credential from the mobile device; determine that the received management credential is valid for the identity assertion; and send the identity assertion to the mobile device in response to determining that the management credential is valid for the identity assertion. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system, comprising:
-
at least one computing device; and an identity provider service executable by the at least one computing device, the identity provider service configured to cause the at least one computing device to at least; receive a request for an identity assertion from an application executed in a mobile device, the request including a user-agent string; determine that the application corresponds to a webview of a native application rather than a browser by examining the user-agent string; detect that the requesting mobile device includes a specific platform selected from a plurality of platforms, wherein each of the plurality of platforms is operable to work with only one of a plurality of corresponding subsets of a plurality of types of management credentials, and the only one of the corresponding subsets of the plurality of types of management credentials differs for each of the plurality of platforms; identify a specific platform adapter individually corresponding to the detected specific platform, wherein the specific platform adapter is selected from a plurality of platform adapters that each individually correspond to one of the plurality of platforms, and each of the plurality of platform adapters is individually operable with a corresponding type of management credential of the only one of the plurality of corresponding subsets of the plurality of types of management credentials for the one of the plurality of platforms; generate, by the identified specific platform adapter, a response that requests a management credential having the corresponding type of management credential of the only one of the plurality of corresponding subsets of the plurality of types of management credentials; send to the mobile device the response; receive the management credential from the mobile device; determine that the management credential is valid for the identity assertion; and send the identity assertion to the mobile device in response to determining that the management credential is valid for the identity assertion. - View Dependent Claims (9, 10, 11)
-
-
12. A method, comprising:
-
receiving a request for an identity assertion from an application executed in a client device; detecting that the requesting client device includes a specific platform selected from a plurality of platforms, wherein each of the plurality of platforms is operable to work with only one of a plurality of corresponding subsets of a plurality of types of management credentials, and the only one of the corresponding subsets of the plurality of types of management credentials differs for each of the plurality of platforms; identifying a specific platform adapter individually corresponding to the detected specific platform, wherein the specific platform adapter is selected from a plurality of platform adapters that each individually correspond to one of the plurality of platforms, and each of the plurality of platform adapters is individually operable with a corresponding type of management credential of the only one of the plurality of corresponding subsets of the plurality of types of management credentials for the one of the plurality of platforms; generating, by the identified specific platform adapter, a response that requests a management credential having the corresponding type of management credential of the only one of the plurality of corresponding subsets of the plurality of types of management credentials; sending to the client device the response; receiving the management credential from the client device; determining that the management credential is valid for the identity assertion; and sending the identity assertion to the client device in response to determining that the management credential is valid for the identity assertion. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
-
Specification