Web-based interface integration for single sign-on
First Claim
1. A method for web-based access management through a single sign-on service system, the method comprising:
- receiving, by a first tunnel proxy of a single sign-on service system, from a second tunnel proxy of a single sign-on gateway, a management operation request, wherein;
the single sign-on service system includes a data manager that transparently manages data access to a plurality of data repositories that store a plurality of single sign-on data,the second tunnel proxy converts a first request, received from a client device via a web interface associated with the single sign-on service system, from a first protocol to an access protocol to generate the management operation request, andthe management operation request identifies a management operation that is one of a credential management operation or a policy management operation;
in response to receiving the management operation request, converting, by the first tunnel proxy, the management operation request from the access protocol to the first protocol to obtain the first request;
in response to obtaining the first request, providing the first request to a first single sign-on service of the single sign-on service system;
in response to receiving the first request, performing, by the first single sign-on service, the management operation, wherein performing the management operation comprises;
generating an operation request to perform the management operation,determining, by the data manager, that single sign-on data associated with the management operation request is associated with a first data repository of the plurality of data repositories, andgenerating, by the data manager, a first response to the first request based on querying the first data repository using the operation request, wherein the first response is defined according to the first protocol;
converting, by the first tunnel proxy, the first response from the first protocol to the access protocol to generate a second response; and
transmitting the second response from the first tunnel proxy to the second tunnel proxy that facilitates providing the first response to the client device via the web interface.
1 Assignment
0 Petitions
Accused Products
Abstract
Web-based single sign-on can enable a user to log in to a single interface (such as through a web browser or thin client) and then provide SSO services to the user for one or more web applications. The web-based SSO system can be extended to support one or more different access control methods, such as form-fill, Federated (OIF), SSO Protected (OAM), and other policies. The web-based SSO system can include a user interface through which the user can access different web applications, systems, etc. and manage their credentials. Each SSO service can be associated with a web interface allowing the SSO services to be accessed over the web. The web interfaces can provide CRUD (create, read, update, delete) functionality for each SSO service. To support different access policy types, the web-based SSO system can include an extensible data manager that can manage data access to different types of repositories transparently.
55 Citations
20 Claims
-
1. A method for web-based access management through a single sign-on service system, the method comprising:
-
receiving, by a first tunnel proxy of a single sign-on service system, from a second tunnel proxy of a single sign-on gateway, a management operation request, wherein; the single sign-on service system includes a data manager that transparently manages data access to a plurality of data repositories that store a plurality of single sign-on data, the second tunnel proxy converts a first request, received from a client device via a web interface associated with the single sign-on service system, from a first protocol to an access protocol to generate the management operation request, and the management operation request identifies a management operation that is one of a credential management operation or a policy management operation; in response to receiving the management operation request, converting, by the first tunnel proxy, the management operation request from the access protocol to the first protocol to obtain the first request; in response to obtaining the first request, providing the first request to a first single sign-on service of the single sign-on service system; in response to receiving the first request, performing, by the first single sign-on service, the management operation, wherein performing the management operation comprises; generating an operation request to perform the management operation, determining, by the data manager, that single sign-on data associated with the management operation request is associated with a first data repository of the plurality of data repositories, and generating, by the data manager, a first response to the first request based on querying the first data repository using the operation request, wherein the first response is defined according to the first protocol; converting, by the first tunnel proxy, the first response from the first protocol to the access protocol to generate a second response; and transmitting the second response from the first tunnel proxy to the second tunnel proxy that facilitates providing the first response to the client device via the web interface. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A single sign-on service system for web-based access management, the single sign-on service system comprising:
-
a first tunnel proxy configured to; receive, from a second tunnel proxy of a single sign-on gateway, a management operation request, wherein; the second tunnel proxy converts a first request, received from a client device via a web interface associated with the single sign-on service system, from a first protocol to an access protocol to generate the management operation request; and the management operation request identifies a management operation that is one of a credential management operation or a policy management operation; in response to receiving the management operation request, convert the management operation request from the access protocol to the first protocol to obtain the first request; in response to obtaining the first request, provide the first request to a first single sign-on service of the single sign-on service system; convert a first response from the first protocol to the access protocol to generate a second response; and transmit the second response to the second tunnel proxy that facilitates providing the first response to the client device via the web interface; a first single sign-on service configured to; receive the first request from the first tunnel proxy; and in response to receiving the first request, generate an operation request to perform the management operation; and a data manager that transparently manages data access to a plurality of data repositories that store a plurality of single sign-on data, the data manager configured to; determine that single sign-on data associated with the management operation request is associated with a first data repository of the plurality of data repositories; and generate the first response to the first request based on querying the first data repository using the operation request, wherein the first response is defined according to the first protocol. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer readable storage medium including instructions stored thereon which, when executed by a processor, cause the processor to perform a method of operations comprising:
-
first tunnel proxy operations comprising; receiving, from a second tunnel proxy of a single sign-on gateway, a management operation request, wherein; the second tunnel proxy converts a first request, received from a client device via a web interface, from a first protocol to an access protocol to generate the management operation request; and the management operation request identifies a management operation that is one of a credential management operation or a policy management operation; in response to receiving the management operation request, converting the management operation request from the access protocol to the first protocol to obtain the first request; converting a first response from the first protocol to the access protocol to generate a second response; and transmitting the second response to the second tunnel proxy that facilitates providing the first response to the client device via the web interface; single sign-on service operations comprising; generating an operation request to perform the management operation; and data manager operations comprising; transparently managing data access to a plurality of data repositories that store a plurality of single sign-on data, the transparently managing comprising; determining that single sign-on data associated with the management operation request is associated with a first data repository of the plurality of data repositories; and generating the first response to the first request based on querying the first data repository using the operation request, wherein the first response is defined according to the first protocol. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification