Method and apparatus for end-to-end identity propagation

US 20050039008A1
Filed: 10/09/2003
Published: 02/17/2005
Est. Priority Date: 08/05/2003
Status: Active Grant

First Claim

Patent Images

1. A method for end-to-end identity propagation to a backend-tier application that is not single sign-on enabled, comprising:

receiving a request from a user at a middle-tier application to access private data from the backend-tier application;

redirecting the user to a single sign-on server, wherein the single sign-on server verifies an authentication credential of the user;

receiving a token from the single sign-on server, wherein the token authorizes access to the backend-tier application;

accessing the private data from the backend-tier application using the token; and

providing the private data to the user.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One embodiment of the present invention provides a system that facilitates end-to-end identity propagation to a backend-tier application that is not single sign-on enabled. During operation, the system receives request from a user at a middle-tier application to access private data from the backend-tier application. Upon receiving this request, the system redirects the user to a single sign-on server that verifies authentication credentials of the user. The middle-tier application then receives a token from the single sign-on server authorizing access to a backend-tier application. Next, the middle-tier application uses the token to access the private data from the backend-tier application, and then provides the private data to the user.

43 Citations

View as Search Results

24 Claims

1. A method for end-to-end identity propagation to a backend-tier application that is not single sign-on enabled, comprising:
- receiving a request from a user at a middle-tier application to access private data from the backend-tier application;
  
  redirecting the user to a single sign-on server, wherein the single sign-on server verifies an authentication credential of the user;
  
  receiving a token from the single sign-on server, wherein the token authorizes access to the backend-tier application;
  
  accessing the private data from the backend-tier application using the token; and
  
  providing the private data to the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the token includes the authentication credential of the user, and wherein the token is recognized as valid by a backend-tier application.
  - 3. The method of claim 2, wherein the backend-tier application can use the token to access applications in an additional tier of applications.
  - 4. The method of claim 1, wherein the token includes a security certificate, and wherein the security certificate is recognized as valid by a single sign-on enabled database application.
  - 5. The method of claim 4, wherein the single sign-on enabled database application can use the token to access applications in an additional tier of applications.
  - 6. The method of claim 1, wherein the token includes a user-name and a password that can be used by the middle-tier application to access a third-party service.
  - 7. The method of claim 6, wherein the token includes a standards based extensible markup language (XML) formatted token recognized by the third party service which complies with web standards.
  - 8. The method of claim 7, wherein the third-party service includes a web-based application.

9. A computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform a method for end-to-end identity propagation to a backend-tier application that is not single sign-on enabled, the method comprising:
- receiving a request from a user at a middle-tier application to access private data from the backend-tier application;
  
  redirecting the user to a single sign-on server, wherein the single sign-on server verifies an authentication credential of the user;
  
  receiving a token from the single sign-on server, wherein the token authorizes access to the backend-tier application;
  
  accessing the private data from the backend-tier application using the token; and
  
  providing the private data to the user.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The computer-readable storage medium of claim 9, wherein the token includes the authentication credential of the user, and wherein the token is recognized as valid by a backend-tier application.
  - 11. The computer-readable storage medium of claim 10, wherein the backend-tier application can use the token to access applications in an additional tier of applications.
  - 12. The computer-readable storage medium of claim 9, wherein the token includes a security certificate, and wherein the security certificate is recognized as valid by a single sign-on enabled database application.
  - 13. The computer-readable storage medium of claim 12, wherein the single sign-on enabled database application can use the token to access applications in an additional tier of applications.
  - 14. The computer-readable storage medium of claim 9, wherein the token includes a user-name and a password that can be used by the middle-tier application to access a third-party service.
  - 15. The computer-readable storage medium of claim 14, wherein the token includes a standards based extensible markup language (XML) formatted token recognized by the third party service which complies with web standards.
  - 16. The computer-readable storage medium of claim 15, wherein the third-party service includes a web-based application.

17. An apparatus for end-to-end identity propagation to a backend-tier application that is not single sign-on enabled, comprising:
- a receiving mechanism configured to receive a request from a user at a middle-tier application to access private data from the backend-tier application;
  
  a redirecting mechanism configured to redirect the user to a single sign-on server, wherein the single sign-on server verifies an authentication credential of the user;
  
  wherein the receiving mechanism is further configured to receive a token from the single sign-on server, wherein the token authorizes access to the backend-tier application;
  
  an accessing mechanism configured to access the private data from the backend-tier application using the token; and
  
  a providing mechanism configured to provide the private data to the user.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The apparatus of claim 17, wherein the token includes the authentication credential of the user, and wherein the token is recognized as valid by a backend-tier application.
  - 19. The apparatus of claim 18, wherein the backend-tier application can use the token to access applications in an additional tier of applications.
  - 20. The apparatus of claim 17, wherein the token includes a security certificate, and wherein the security certificate is recognized as valid by a single sign-on enabled database application.
  - 21. The apparatus of claim 20, wherein the single sign-on enabled database application can use the token to access applications in an additional tier of applications.
  - 22. The apparatus of claim 17, wherein the token includes a user-name and a password that can be used by the middle-tier application to access a third-party service.
  - 23. The apparatus of claim 22, wherein the token includes a standards based extensible markup language (XML) formatted token recognized by the third party service which complies with web standards.
  - 24. The apparatus of claim 23, wherein the third-party service includes a web-based application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Bhatia, Gaurav, Swaminathan, Arun

Granted Patent

US 7,249,375 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/170
CPC Class Codes

G06F 21/33   using certificates

G06F 21/335   for accessing specific reso...

G06F 21/41   where a single sign-on prov...

H04L 63/0815   providing single-sign-on or...

Method and apparatus for end-to-end identity propagation

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

43 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for end-to-end identity propagation

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

43 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links