User Authentication
First Claim
1. A method for authenticating a user for a plurality of domains in a network-based system, comprising the steps of:
- receiving a request for a protected resource, said resource is in a first domain;
redirecting said request to a second domain; and
authenticating said user for said first domain at said second domain.
5 Assignments
0 Petitions
Accused Products
Abstract
The present invention authenticates a user for multiple resources distributed across multiple domains through the performance of a single authentication. User access requests for a protected resource in a first domain are received and redirected to a second domain. User authentication is performed at the second domain. In one embodiment, the system transmits an authentication cookie for the second domain to the user after authentication at the second domain. In another embodiment, the system further redirects subsequent resource requests for resources in the first domain or a third domain to the second domain. The second domain confirms the user'"'"'s authentication for applicable portions of the first, second, and third domains using the cookie.
-
Citations
46 Claims
-
1. A method for authenticating a user for a plurality of domains in a network-based system, comprising the steps of:
-
receiving a request for a protected resource, said resource is in a first domain;
redirecting said request to a second domain; and
authenticating said user for said first domain at said second domain. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 28, 29, 30, 31, 32, 33, 34, 35, 36, 38, 39, 40, 41, 42, 43, 44, 45, 46)
-
-
26. A method for authenticating a user for a plurality of domains in an Access System, comprising the steps of:
-
receiving a request for a protected resource, said resource is in a first domain;
determining whether said first and second domains reside on a single Web Server;
redirecting said request to a second domain, said second domain is a preferred host;
authenticating said user for said first domain at said second domain according to an authentication rule associated with said second domain, said step of authenticating comprising the steps of;
receiving entered user data, accessing user identity profile information from a Directory Server, and comparing said entered user data with said user identity profile information;
transmitting an encrypted authentication cookie for said second domain to said user;
authorizing said user for said resource;
redirecting a subsequent resource request for a resource in a third domain to said second domain, said first and second steps of redirecting being transparent to said user, said first, second, and third domains residing on a single Web Server;
transmitting said cookie to said second domain; and
confirming authentication of said user for said third domain using said cookie.
-
-
27. One or more processor readable storage devices having processor readable code embodied on said processor readable storage devices, said processor readable code for programming one or more processors to perform a method comprising the steps of:
-
receiving a user request for a protected resource, said resource is in a first domain;
redirecting said request to a second domain; and
authenticating said user at said second domain.
-
-
37. An apparatus, comprising:
-
a communication interface;
one or more storage devices; and
one or more processors in communication with said one or more storage devices and said communication interface, said one or more processors programmed to preform a method comprising the steps of;
receiving a user request for a protected resource, said resource is in a first domain, redirecting said request to a second domain, and authenticating said user at said second domain.
-
Specification