Web-based interface integration for single sign-on

US 10,693,865 B2
Filed: 01/10/2019
Issued: 06/23/2020
Est. Priority Date: 09/20/2013
Status: Active Grant

First Claim

Patent Images

1. A method for web-based access management through a single sign-on service system, the method comprising:

receiving, by a first tunnel proxy of a single sign-on service system, from a second tunnel proxy of a single sign-on gateway, a management operation request, wherein;

the single sign-on service system includes a data manager that transparently manages data access to a plurality of data repositories that store a plurality of single sign-on data,the second tunnel proxy converts a first request, received from a client device via a web interface associated with the single sign-on service system, from a first protocol to an access protocol to generate the management operation request, andthe management operation request identifies a management operation that is one of a credential management operation or a policy management operation;

in response to receiving the management operation request, converting, by the first tunnel proxy, the management operation request from the access protocol to the first protocol to obtain the first request;

in response to obtaining the first request, providing the first request to a first single sign-on service of the single sign-on service system;

in response to receiving the first request, performing, by the first single sign-on service, the management operation, wherein performing the management operation comprises;

generating an operation request to perform the management operation,determining, by the data manager, that single sign-on data associated with the management operation request is associated with a first data repository of the plurality of data repositories, andgenerating, by the data manager, a first response to the first request based on querying the first data repository using the operation request, wherein the first response is defined according to the first protocol;

converting, by the first tunnel proxy, the first response from the first protocol to the access protocol to generate a second response; and

transmitting the second response from the first tunnel proxy to the second tunnel proxy that facilitates providing the first response to the client device via the web interface.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Web-based single sign-on can enable a user to log in to a single interface (such as through a web browser or thin client) and then provide SSO services to the user for one or more web applications. The web-based SSO system can be extended to support one or more different access control methods, such as form-fill, Federated (OIF), SSO Protected (OAM), and other policies. The web-based SSO system can include a user interface through which the user can access different web applications, systems, etc. and manage their credentials. Each SSO service can be associated with a web interface allowing the SSO services to be accessed over the web. The web interfaces can provide CRUD (create, read, update, delete) functionality for each SSO service. To support different access policy types, the web-based SSO system can include an extensible data manager that can manage data access to different types of repositories transparently.

55 Citations

View as Search Results

20 Claims

1. A method for web-based access management through a single sign-on service system, the method comprising:
- receiving, by a first tunnel proxy of a single sign-on service system, from a second tunnel proxy of a single sign-on gateway, a management operation request, wherein;
  
  the single sign-on service system includes a data manager that transparently manages data access to a plurality of data repositories that store a plurality of single sign-on data,the second tunnel proxy converts a first request, received from a client device via a web interface associated with the single sign-on service system, from a first protocol to an access protocol to generate the management operation request, andthe management operation request identifies a management operation that is one of a credential management operation or a policy management operation;
  
  in response to receiving the management operation request, converting, by the first tunnel proxy, the management operation request from the access protocol to the first protocol to obtain the first request;
  
  in response to obtaining the first request, providing the first request to a first single sign-on service of the single sign-on service system;
  
  in response to receiving the first request, performing, by the first single sign-on service, the management operation, wherein performing the management operation comprises;
  
  generating an operation request to perform the management operation,determining, by the data manager, that single sign-on data associated with the management operation request is associated with a first data repository of the plurality of data repositories, andgenerating, by the data manager, a first response to the first request based on querying the first data repository using the operation request, wherein the first response is defined according to the first protocol;
  
  converting, by the first tunnel proxy, the first response from the first protocol to the access protocol to generate a second response; and
  
  transmitting the second response from the first tunnel proxy to the second tunnel proxy that facilitates providing the first response to the client device via the web interface.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method for web-based access management through a single sign-on service system of claim 1, wherein the first request is a policy management request.
  - 3. The method for web-based access management through a single sign-on service system of claim 2, wherein the policy management request includes one or more policy management operations and wherein generating the operation request comprises:
    - sending the policy management request to a policy manager; and
      
      generating the operation request based on the one or more policy management operations.
  - 4. The method for web-based access management through a single sign-on service system of claim 2, wherein the policy management request is formatted for a first interface and wherein a policy manager identifies a policy management plug-in associated with the policy management request and converts the policy management request to a format for a second interface based on the identified policy management plug-in.
  - 5. The method for web-based access management through a single sign-on service system of claim 1, wherein the first request is a credential management request.
  - 6. The method for web-based access management through a single sign-on service system of claim 5, wherein the credential management request includes one or more credential management operations and wherein generating the operation request comprises:
    - sending the credential management request to a credential manager; and
      
      generating the operation request based on the one or more credential management operations.
  - 7. The method for web-based access management through a single sign-on service system of claim 5, wherein the credential management request is formatted for a first interface and wherein a credential manager identifies a sub-manager associated with the credential management request and converts the credential management request to a format for a second interface based on the identified sub-manager.

8. A single sign-on service system for web-based access management, the single sign-on service system comprising:
- a first tunnel proxy configured to;
  
  receive, from a second tunnel proxy of a single sign-on gateway, a management operation request, wherein;
  
  the second tunnel proxy converts a first request, received from a client device via a web interface associated with the single sign-on service system, from a first protocol to an access protocol to generate the management operation request; and
  
  the management operation request identifies a management operation that is one of a credential management operation or a policy management operation;
  
  in response to receiving the management operation request, convert the management operation request from the access protocol to the first protocol to obtain the first request;
  
  in response to obtaining the first request, provide the first request to a first single sign-on service of the single sign-on service system;
  
  convert a first response from the first protocol to the access protocol to generate a second response; and
  
  transmit the second response to the second tunnel proxy that facilitates providing the first response to the client device via the web interface;
  
  a first single sign-on service configured to;
  
  receive the first request from the first tunnel proxy; and
  
  in response to receiving the first request, generate an operation request to perform the management operation; and
  
  a data manager that transparently manages data access to a plurality of data repositories that store a plurality of single sign-on data, the data manager configured to;
  
  determine that single sign-on data associated with the management operation request is associated with a first data repository of the plurality of data repositories; and
  
  generate the first response to the first request based on querying the first data repository using the operation request, wherein the first response is defined according to the first protocol.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The single sign-on service system for web-based access management of claim 8, wherein the first request is a policy management request.
  - 10. The single sign-on service system for web-based access management of claim 9, wherein the policy management request includes one or more policy management operations and wherein generating the operation request comprises:
    - sending the policy management request to a policy manager; and
      
      generating the operation request based on the one or more policy management operations.
  - 11. The single sign-on service system for web-based access management of claim 9, wherein the policy management request is formatted for a first interface and wherein a policy manager identifies a policy management plug-in associated with the policy management request and converts the policy management request to a format for a second interface based on the identified policy management plug-in.
  - 12. The single sign-on service system for web-based access management of claim 8, wherein the first request is a credential management request.
  - 13. The single sign-on service system for web-based access management of claim 12, wherein the credential management request includes one or more credential management operations and wherein generating the operation request comprises:
    - sending the credential management request to a credential manager; and
      
      generating the operation request based on the one or more credential management operations.
  - 14. The single sign-on service system for web-based access management of claim 12, wherein the credential management request is formatted for a first interface and wherein a credential manager identifies a sub-manager associated with the credential management request and converts the credential management request to a format for a second interface based on the identified sub-manager.

15. A non-transitory computer readable storage medium including instructions stored thereon which, when executed by a processor, cause the processor to perform a method of operations comprising:
- first tunnel proxy operations comprising;
  
  receiving, from a second tunnel proxy of a single sign-on gateway, a management operation request, wherein;
  
  the second tunnel proxy converts a first request, received from a client device via a web interface, from a first protocol to an access protocol to generate the management operation request; and
  
  the management operation request identifies a management operation that is one of a credential management operation or a policy management operation;
  
  in response to receiving the management operation request, converting the management operation request from the access protocol to the first protocol to obtain the first request;
  
  converting a first response from the first protocol to the access protocol to generate a second response; and
  
  transmitting the second response to the second tunnel proxy that facilitates providing the first response to the client device via the web interface;
  
  single sign-on service operations comprising;
  
  generating an operation request to perform the management operation; and
  
  data manager operations comprising;
  
  transparently managing data access to a plurality of data repositories that store a plurality of single sign-on data, the transparently managing comprising;
  
  determining that single sign-on data associated with the management operation request is associated with a first data repository of the plurality of data repositories; and
  
  generating the first response to the first request based on querying the first data repository using the operation request, wherein the first response is defined according to the first protocol.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory computer readable storage medium of claim 15, wherein the first request is a policy management request.
  - 17. The non-transitory computer readable storage medium of claim 16, wherein the policy management request includes one or more policy management operations and wherein generating the operation request comprises:
    - sending the policy management request to a policy manager; and
      
      generating the operation request based on the one or more policy management operations.
  - 18. The non-transitory computer readable storage medium of claim 16, wherein the policy management request is formatted for a first interface and wherein a policy manager identifies a policy management plug-in associated with the policy management request and converts the policy management request to a format for a second interface based on the identified policy management plug-in.
  - 19. The non-transitory computer readable storage medium of claim 15, wherein the first request is a credential management request comprising one or more credential management operations and wherein generating the operation request comprises:
    - sending the credential management request to a credential manager; and
      
      generating the operation request based on the one or more credential management operations.
  - 20. The non-transitory computer readable storage medium of claim 19, wherein the credential management request is formatted for a first interface and wherein a credential manager identifies a sub-manager associated with the credential management request and converts the credential management request to a format for a second interface based on the identified sub-manager.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Manza, Marc B., Uchil, Mrudul, Cornwell, Smith William, Kuppala, Siva Sundeep
Primary Examiner(s)
Shaw, Peter C

Application Number

US16/245,018
Publication Number

US 20190166115A1
Time in Patent Office

530 Days
Field of Search

726 8
US Class Current
CPC Class Codes

G06F 21/41   where a single sign-on prov...

H04L 63/0815   providing single-sign-on or...

H04L 63/0838   using one-time-passwords

H04L 63/0884   by delegation of authentica...

H04L 63/10   for controlling access to d...

H04L 63/20   for managing network securi...

Web-based interface integration for single sign-on

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

55 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Web-based interface integration for single sign-on

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

55 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others