Passive client single sign-on for Web applications
First Claim
Patent Images
1. A method comprising:
- receiving a resource challenge from a resource server of a resource realm through a Web-based client of an account realm, the resource challenge being generated responsive to a request for access to a Web application provided by the resource server, the resource realm and the account realm sharing a trust policy in a federation;
sending a security token service challenge to an account security token service module of the account realm through the Web-based client, responsive to receiving the resource challenge;
verifying an account security token received from the account security token service module through the Web-based client, responsive to the sending of the security token service challenge, the account security token being formatted in accordance with the trust policy in the federation; and
sending a resource security token generated by the resource security token service module through the Web-based client to the resource server to authenticate the user for access to the Web application, responsive to verifying the account security token.
2 Assignments
0 Petitions
Accused Products
Abstract
A system provides single sign-on capabilities for accessing a Web application through a passive client across multiple realms within a federation. A federation refers to different organizations or realms that have employed agreements, standards, and/or cooperative technologies to make user identity and entitlements portable between the organizations. Communications are redirected through a client in one realm to obtain a security token that can allow the resource server in the other realm to authenticate the user for access to the Web application.
222 Citations
58 Claims
-
1. A method comprising:
-
receiving a resource challenge from a resource server of a resource realm through a Web-based client of an account realm, the resource challenge being generated responsive to a request for access to a Web application provided by the resource server, the resource realm and the account realm sharing a trust policy in a federation;
sending a security token service challenge to an account security token service module of the account realm through the Web-based client, responsive to receiving the resource challenge;
verifying an account security token received from the account security token service module through the Web-based client, responsive to the sending of the security token service challenge, the account security token being formatted in accordance with the trust policy in the federation; and
sending a resource security token generated by the resource security token service module through the Web-based client to the resource server to authenticate the user for access to the Web application, responsive to verifying the account security token. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method comprising:
-
receiving a resource security token generated by a resource security token service module of a resource realm, responsive to verification by the resource security token service module of an account security token received from an account realm, wherein the resource realm and the account realm share a trust policy in a federation; and
authenticating a user of the account realm for access to a Web application provided by a resource server of the resource realm, based on the resource security token. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A method comprising:
-
receiving a security token service challenge of an account realm from a security token service module of a resource realm through a Web-based client of an account realm, the security token service challenge being generated responsive to a request by a user for access to a Web application provided by a resource server of the resource realm, the resource realm and the account realm sharing a trust policy in a federation; and
sending an account security token to the resource security token service module of the resource realm through the Web-based client, responsive to receiving the security token service challenge, to authenticate the user for access to the Web application. - View Dependent Claims (23, 24, 25, 26, 27)
-
-
28. A computer program product encoding a computer program for executing on a computer system a computer process, the computer process comprising:
-
receiving a resource challenge from a resource server of a resource realm through a Web-based client of an account realm, the resource challenge being generated responsive to a request for access to a Web application provided by the resource server, the resource realm and the account realm sharing a trust policy in a federation;
sending a security token service challenge to an account security token service module of the account realm through the Web-based client, responsive to receiving the resource challenge;
verifying an account security token received from the account security token service module through the Web-based client, responsive to the sending of the security token service challenge, the account security token being formatted in accordance with the trust policy in the federation; and
sending a resource security token generated by the resource security token service module through the Web-based client to the resource server to authenticate the user for access to the Web application, responsive to verifying the account security token. - View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
-
-
40. A computer program product encoding a computer program for executing on a computer system a computer process, the computer process comprising:
-
receiving a resource security token generated by a resource security token service module of a resource realm, responsive to verification by the resource security token service module of an account security token received from an account realm, wherein the resource realm and the account realm share a trust policy in a federation; and
authenticating a user of the account realm for access to a Web application provided by a resource server of the resource realm, based on the resource security token. - View Dependent Claims (41, 42, 43, 44, 45, 46, 47, 48)
-
-
49. A computer program product encoding a computer program for executing on a computer system a computer process, the computer process comprising:
-
receiving a security token service challenge of an account realm from a security token service module of a resource realm through a Web-based client of an account realm, the security token service challenge being generated responsive to a request by a user for access to a Web application provided by a resource server of the resource realm, the resource realm and the account realm sharing a trust policy in a federation; and
sending an account security token to the resource security token service module of the resource realm through the Web-based client, responsive to receiving the security token service challenge, to authenticate the user for access to the Web application. - View Dependent Claims (50, 51, 52, 53, 54)
-
-
55. A system comprising:
-
a Web-based client in an account realm to generate a request for access to a Web application provided by a resource server of a resource realm, wherein the account realm and the resource realm share a trust policy in a federation;
the resource server to send a resource challenge through the Web-based client to a resource security token service module of the resource realm, the resource challenge being generated by the resource server responsive to the request, the request being received through the Web-based client from a user of the account realm;
the resource security token service module to generate a security token service challenge, responsive to receipt of the resource challenge;
an account security token service module of the account realm to receive the security token service challenge from the resource security token service through the Web-based client and to generate an account security token in accordance with the trust policy in the federation;
the resource security token service module to verify the account security token received from the account security token service of the account realm through the Web-based client and to generate a resource security token;
the resource server to verify the resource security token generated by the resource security token service module to authenticate the user for access to the Web application.
-
-
56. A system comprising:
-
a resource security token service module of a resource realm to receive a resource challenge from a resource server through a Web-based client, wherein the resource challenge is generated responsive to a request by a user for access to a Web application provided by the resource server of the resource realm and the resource realm and the account realm share a trust policy in a federation; and
the resource security token server module to send a resource security token to an account security token service module of the account realm through the Web-based client, responsive to receiving the resource challenge, in order to authenticate the user for access to the Web application.
-
-
57. A system comprising:
-
a resource server to receive a resource security token generated by a resource security token service module of a resource realm, responsive to verification by the resource security token service module of an account security token received from an account realm, wherein the resource realm and the account realm share a trust policy in a federation; and
the resource server to authenticate a user of the account realm for access to a Web application provided by a resource server of the resource realm, based on the resource security token.
-
-
58. A system comprising:
-
an account security token service module of an account realm to receive a security token service challenge of an account realm from a security token service module of a resource realm through a Web-based client, wherein the security token service challenge is generated responsive to a request by a user for access to a Web application provided by a resource server of the resource realm and the resource realm and the account realm share a trust policy in a federation; and
the account security token service module to send an account security token to the resource security token service module of the resource realm through the Web-based client, responsive to receiving the security token service challenge, to authenticate the user for access to the Web application.
-
Specification