Method and apparatus for end-to-end identity propagation
First Claim
1. A method for end-to-end identity propagation to a backend-tier application that is not single sign-on enabled, comprising:
- receiving a request from a user at a middle-tier application to access private data from the backend-tier application;
redirecting the user to a single sign-on server, wherein the single sign-on server verifies an authentication credential of the user;
receiving a token from the single sign-on server, wherein the token authorizes access to the backend-tier application;
accessing the private data from the backend-tier application using the token; and
providing the private data to the user.
1 Assignment
0 Petitions
Accused Products
Abstract
One embodiment of the present invention provides a system that facilitates end-to-end identity propagation to a backend-tier application that is not single sign-on enabled. During operation, the system receives request from a user at a middle-tier application to access private data from the backend-tier application. Upon receiving this request, the system redirects the user to a single sign-on server that verifies authentication credentials of the user. The middle-tier application then receives a token from the single sign-on server authorizing access to a backend-tier application. Next, the middle-tier application uses the token to access the private data from the backend-tier application, and then provides the private data to the user.
43 Citations
24 Claims
-
1. A method for end-to-end identity propagation to a backend-tier application that is not single sign-on enabled, comprising:
-
receiving a request from a user at a middle-tier application to access private data from the backend-tier application;
redirecting the user to a single sign-on server, wherein the single sign-on server verifies an authentication credential of the user;
receiving a token from the single sign-on server, wherein the token authorizes access to the backend-tier application;
accessing the private data from the backend-tier application using the token; and
providing the private data to the user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform a method for end-to-end identity propagation to a backend-tier application that is not single sign-on enabled, the method comprising:
-
receiving a request from a user at a middle-tier application to access private data from the backend-tier application;
redirecting the user to a single sign-on server, wherein the single sign-on server verifies an authentication credential of the user;
receiving a token from the single sign-on server, wherein the token authorizes access to the backend-tier application;
accessing the private data from the backend-tier application using the token; and
providing the private data to the user. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. An apparatus for end-to-end identity propagation to a backend-tier application that is not single sign-on enabled, comprising:
-
a receiving mechanism configured to receive a request from a user at a middle-tier application to access private data from the backend-tier application;
a redirecting mechanism configured to redirect the user to a single sign-on server, wherein the single sign-on server verifies an authentication credential of the user;
wherein the receiving mechanism is further configured to receive a token from the single sign-on server, wherein the token authorizes access to the backend-tier application;
an accessing mechanism configured to access the private data from the backend-tier application using the token; and
a providing mechanism configured to provide the private data to the user. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
Specification