Method and system for a single-sign-on mechanism within application service provider (ASP) aggregation
First Claim
1. A method for access management in a distributed data processing system, the method comprising:
- receiving from a client a request to access a resource protected by an application service provider (ASP) aggregator service, wherein the ASP aggregator service provides single-sign-on functionality for a plurality of net-sourced applications, wherein at least one of the net-sourced applications is hosted by an ASP;
in response to a determination that the client or a user of the client has not been properly authenticated by the ASP aggregator service for a current client session, requiring the client or the user of the client to successfully complete an authentication process; and
sending to the client a response to the request received from the client, wherein the response is accompanied by an aggregator token, wherein the aggregator token comprises a logon resource identifier.
2 Assignments
0 Petitions
Accused Products
Abstract
A methodology for providing a single-sign-on mechanism within an ASP aggregator service is presented. An aggregator token is generated by an ASP aggregator service and sent to a client device after its user has been successfully authenticated during a single-sign-on operation that is provided by the ASP aggregator service. The aggregator token then accompanies any request from the client to aggregated applications within the ASP aggregator service'"'"'s infrastructure. The aggregator token comprises an indication of an address or resource identifier within the ASP aggregator service to which a client/user can be redirected when the client/user needs to be authenticated by the ASP aggregator service. In other words, the address/identifier is associated with a logon resource; when a request from a client is sent to this address, the ASP aggregator service responds with an authentication challenge to force the user to complete a single-sign-on operation.
-
Citations
38 Claims
-
1. A method for access management in a distributed data processing system, the method comprising:
-
receiving from a client a request to access a resource protected by an application service provider (ASP) aggregator service, wherein the ASP aggregator service provides single-sign-on functionality for a plurality of net-sourced applications, wherein at least one of the net-sourced applications is hosted by an ASP;
in response to a determination that the client or a user of the client has not been properly authenticated by the ASP aggregator service for a current client session, requiring the client or the user of the client to successfully complete an authentication process; and
sending to the client a response to the request received from the client, wherein the response is accompanied by an aggregator token, wherein the aggregator token comprises a logon resource identifier. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method for access management in a distributed data processing system, the method comprising:
-
receiving from a client a request to access a net-sourced application hosted by an application service provider (ASP);
extracting a logon resource identifier from an aggregator token that accompanies the request, wherein the aggregator token originated from an ASP aggregator service, wherein the ASP aggregator service provides single-sign-on functionality for a plurality of net-sourced applications, wherein at least one of the net-sourced applications is the net-sourced application hosted by the ASP; and
sending to the client a response indicating the logon resource identifier as a redirectable destination. - View Dependent Claims (7, 8, 9, 10, 11, 12)
-
-
13. A method for access management in a distributed data processing system, the method comprising:
-
receiving from a client a request to access a logon resource identified by a logon resource identifier that has been extracted from an aggregator token, wherein access to the logon resource is protected by an application service provider (ASP) aggregator service, wherein the ASP aggregator service provides single-sign-on functionality for a plurality of net-sourced applications;
requiring the client or the user of the client to successfully complete an authentication process associated with the logon resource;
extracting an origination identifier from the request, wherein the origination identifier identifies a net-sourced application that is one of the plurality of net-sourced applications; and
sending a response to the client, wherein the response indicates the origination identifier as a redirectable destination. - View Dependent Claims (14, 15)
-
-
16. An apparatus for access management in a distributed data processing system, the apparatus comprising:
-
means for receiving from a client a request to access a resource protected by an application service provider (ASP) aggregator service, wherein the ASP aggregator service provides single-sign-on functionality for a plurality of net-sourced applications, wherein at least one of the net-sourced applications is hosted by an ASP;
means for requiring the client or the user of the client to successfully complete an authentication process in response to a determination that the client or a user of the client has not been properly authenticated by the ASP aggregator service for a current client session; and
means for sending to the client a response to the request received from the client, wherein the response is accompanied by an aggregator token, wherein the aggregator token comprises a logon resource identifier. - View Dependent Claims (17, 18, 19, 20)
-
-
21. An apparatus for access management in a distributed data processing system, the apparatus comprising:
-
means for receiving from a client a request to access a net-sourced application hosted by an application service provider (ASP);
means for extracting a logon resource identifier from an aggregator token that accompanies the request, wherein the aggregator token originated from an ASP aggregator service, wherein the ASP aggregator service provides single-sign-on functionality for a plurality of net-sourced applications, wherein at least one of the net-sourced applications is the net-sourced application hosted by the ASP; and
means for sending to the client a response indicating the logon resource identifier as a redirectable destination. - View Dependent Claims (22, 23, 24, 25, 26, 27)
-
-
28. An apparatus for access management in a distributed data processing system, the apparatus comprising:
-
means for receiving from a client a request to access a logon resource identified by a logon resource identifier that has been extracted from an aggregator token, wherein access to the logon resource is protected by an application service provider (ASP) aggregator service, wherein the ASP aggregator service provides single-sign-on functionality for a plurality of net-sourced applications;
means for requiring the client or the user of the client to successfully complete an authentication process associated with the logon resource;
means for extracting an origination identifier from the request, wherein the origination identifier identifies a net-sourced application that is one of the plurality of net-sourced applications; and
means for sending a response to the client, wherein the response indicates the origination identifier as a redirectable destination. - View Dependent Claims (29, 30)
-
-
31. A computer program product in a computer readable medium for use in a distributed data processing system for managing access to resources, the computer program product comprising:
-
instructions for receiving from a client a request to access a resource protected by an application service provider (ASP) aggregator service, wherein the ASP aggregator service provides single-sign-on functionality for a plurality of net-sourced applications, wherein at least one of the net-sourced applications is hosted by an ASP;
instructions for requiring the client or the user of the client to successfully complete an authentication process in response to a determination that the client or a user of the client has not been properly authenticated by the ASP aggregator service for a current client session; and
instructions for sending to the client a response to the request received from the client, wherein the response is accompanied by an aggregator token, wherein the aggregator token comprises a logon resource identifier. - View Dependent Claims (32, 33, 34)
-
-
35. A computer program product in a computer readable medium for use in a distributed data processing system for managing access to resources, the computer program product comprising:
-
instructions for receiving from a client a request to access a net-sourced application hosted by an application service provider (ASP);
instructions for extracting a logon resource identifier from an aggregator token that accompanies the request, wherein the aggregator token originated from an ASP aggregator service, wherein the ASP aggregator service provides single-sign-on functionality for a plurality of net-sourced applications, wherein at least one of the net-sourced applications is the net-sourced application hosted by the ASP; and
instructions for sending to the client a response indicating the logon resource identifier as a redirectable destination. - View Dependent Claims (36, 37)
-
-
38. A computer program product in a computer readable medium for use in a distributed data processing system for managing access to resources, the computer program product comprising:
-
instructions for receiving from a client a request to access a logon resource identified by a logon resource identifier that has been extracted from an aggregator token, wherein access to the logon resource is protected by an application service provider (ASP) aggregator service, wherein the ASP aggregator service provides single-sign-on functionality for a plurality of net-sourced applications;
instructions for requiring the client or the user of the client to successfully complete an authentication process associated with the logon resource;
instructions for extracting an origination identifier from the request, wherein the origination identifier identifies a net-sourced application that is one of the plurality of net-sourced applications; and
instructions for sending a response to the client, wherein the response indicates the origination identifier as a redirectable destination.
-
Specification