System and method of providing credentials in a network
First Claim
1. A method for authentication in a network, the method comprising:
- creating a credential string which is derived from a session ID;
sending a UserID associated with the session ID and the credential string to a software application;
receiving a confirmation request which includes the credential string; and
sending a response in reply to the confirmation request to validate the credential string to authenticate the UserID.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system is provided to provide single sign on (SSO) functionality in a network that avoids storing a user'"'"'s credentials in persistent storage. A session may be initiated with a portal which sends a session ID derivative as a credential string instead of a user'"'"'s password to a target application. When the target application attempts to authenticate the user, by sending a request to a LDAP directory, the request is intercepted by a LDAP proxy that instead validates the UserID with the LDAP directory and the password is validated by a credential validator component which verifies with the portal that the credential string presented as the user password has been produced from the active session ID. In an embodiment, the credential string validator validates each short-living credential only once and upon detecting a second validation request for the same string, initiates a security breech process. A target application proxy may also be employed to terminate all sessions with the UserID when duplicate session requests occur.
-
Citations
22 Claims
-
1. A method for authentication in a network, the method comprising:
-
creating a credential string which is derived from a session ID;
sending a UserID associated with the session ID and the credential string to a software application;
receiving a confirmation request which includes the credential string; and
sending a response in reply to the confirmation request to validate the credential string to authenticate the UserID. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for authenticating a user request for a software application, the method comprising:
-
receiving a UserID and credential string at an authentication proxy server;
sending a confirmation request from the authentication proxy to a portal, the confirmation request includes the credential string;
receiving a response at the authentication proxy for the confirmation request; and
validating the UserID using a light weight directory access protocol (LDAP) lookup request and the response. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A system for authenticating a session, comprising:
-
an authentication proxy which receives requests to authenticate a UserID and credential string; and
a credential string validation component which receives requests to validate the credential string, wherein the credential string validation component checks whether the credential string has been previously received for validation within a predetermined time period. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
-
22. A computer program product comprising a computer usable medium having readable program code embodied in the medium, the computer program product including at least one program code to:
-
create a credential string which is derived from a session ID;
send a UserID associated with the session ID and the credential string to a software application;
receive a confirmation request which includes the credential string; and
send a response in reply to the confirmation request to validate the credential string to authenticate the UserID.
-
Specification