Single sign-on (SSO) for non-SSO-compliant applications

US 20060041933A1
Filed: 08/23/2004
Published: 02/23/2006
Est. Priority Date: 08/23/2004
Status: Active Grant

First Claim

Patent Images

1. A method for providing SSO authentication when accessing non-SSO-compliant applications, the method comprising:

forwarding a user name and a password received from a non-SSO-compliant application to an SSO proxy;

encapsulating said user name and password in a request to access a protected application;

authenticating said user name and password responsive to said request using SSO authentication; and

generating an SSO token if said authentication step is successful.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for providing SSO authentication when accessing non-SSO-compliant applications, the method including forwarding a user name and a password received from a non-SSO-compliant application to an SSO proxy, encapsulating the user name and password in a request to access a protected application, authenticating the user name and password responsive to the request using SSO authentication, and generating an SSO token if said authentication step is successful.

Citations

38 Claims

1. A method for providing SSO authentication when accessing non-SSO-compliant applications, the method comprising:
- forwarding a user name and a password received from a non-SSO-compliant application to an SSO proxy;
  
  encapsulating said user name and password in a request to access a protected application;
  
  authenticating said user name and password responsive to said request using SSO authentication; and
  
  generating an SSO token if said authentication step is successful.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. A method according to claim 1 and further comprising providing said SSO token, said user name, and a notification of said successful authentication to a server.
  - 3. A method according to claim 1 and further comprising providing said SSO token and said user name to said protected application.
  - 4. A method according to claim 1 and further comprising providing said token and a notification of said successful authentication to said SSO proxy.
  - 5. A method according to claim 1 and further comprising configuring said SSO proxy as an HTTP client.
  - 6. A method according to claim 1 and further comprising configuring said encapsulated request as an HTTP request.
  - 7. A method according to claim 1 and further comprising sending said request to a J2EE server.
  - 8. A method according to claim 1 and further comprising configuring said protected application as a protected HTTP servlet residing on a J2EE server.

9. A system for SSO authentication for use with non-SSO-compliant applications, the system comprising:
- an SSO proxy operative to receive a user name and password from a non-SSO-compliant application and encapsulate said user name and password in a request to access a protected application; and
  
  an authenticator operative to authenticate said user name and password responsive to said request using SSO authentication and generate an SSO token if said authentication is successful.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. A system according to claim 9 wherein said authenticator is operative to provide said SSO token, said user name, and a notification of said successful authentication to a server.
  - 11. A system according to claim 10 wherein said server is operative to provide said SSO token and said user name to said protected application.
  - 12. A system according to claim 9 wherein said protected application is operative to provide said token and a notification of said successful authentication to said SSO proxy.
  - 13. A system according to claim 9 wherein said SSO proxy is an HTTP client.
  - 14. A system according to claim 9 wherein said encapsulated request is an HTTP request.
  - 15. A system according to claim 10 wherein said server is a J2EE server.
  - 16. A system according to claim 9 wherein said protected application is a protected HTTP servlet residing on a J2EE server.

17. A method for providing SSO authentication when accessing non-SSO-compliant applications, the method comprising:
- forwarding a user name and token received from a non-SSO-compliant application to an SSO proxy;
  
  encapsulating said user name and token in a request to access a protected application;
  
  authenticating said token responsive to said request using SSO authentication; and
  
  generating a security context for said request if said authentication step is successful.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 18. A method according to claim 17 wherein said generating step comprises generating said security context to include said authenticated token and said user name.
  - 19. A method according to claim 17 and further comprising passing said request, said user name, and a notification of said successful authentication to a server.
  - 20. A method according to claim 17 and further comprising passing said request, said user name, and a notification of said successful authentication to said protected application.
  - 21. A method according to claim 17 and further comprising:
    - comparing said user name received with said request with said user name received with said security context of said request; and
      
      providing an affirmative response to said request if said user names match.
  - 22. A method according to claim 20 wherein said providing step comprises providing said affirmative response to said SSO proxy.
  - 23. A method according to claim 17 and further comprising configuring said SSO proxy as an HTTP client.
  - 24. A method according to claim 17 and further comprising configuring said encapsulated request as an HTTP request.
  - 25. A method according to claim 17 and further comprising sending said request to a J2EE server.
  - 26. A method according to claim 17 and further comprising configuring said protected application as a protected HTTP servlet residing on a J2EE server.

27. A system for SSO authentication for use with non-SSO-compliant applications, the system comprising:
- an SSO proxy operative to receive a user name and token from a non-SSO-compliant application and encapsulate said user name and token in a request to access a protected application; and
  
  an authenticator operative to authenticate said user name and token responsive to said request using SSO authentication and generate a security context for said request if said authentication step is successful.
- View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36)
- - 28. A system according to claim 27 wherein said security context includes said authenticated token and said user name.
  - 29. A system according to claim 27 wherein said authenticator is operative to pass said request, said user name, and a notification of said successful authentication to a server.
  - 30. A system according to claim 29 wherein said server is operative to pass said request, said user name, and a notification of said successful authentication to said protected application.
  - 31. A system according to claim 27 wherein said protected application is operative to:
    - compare said user name received with said request with said user name received with said security context of said request; and
      
      provide an affirmative response to said request if said user names match.
  - 32. A system according to claim 30 wherein said protected application is operative to provide said affirmative response to said SSO proxy.
  - 33. A system according to claim 27 wherein said SSO proxy is an HTTP client.
  - 34. A system according to claim 27 wherein said encapsulated request is an HTTP request.
  - 35. A system according to claim 29 wherein said server is a J2EE server.
  - 36. A system according to claim 27 wherein said protected application is a protected HTTP servlet residing on a J2EE server.

37. A method for implementing SSO authentication in support of non-SSO-compliant application access, the method comprising:
- providing a SSO proxy operative to receive a user name and a password from a non-SSO-compliant application; and
  
  configuring said SSO proxy to a) encapsulate said user name and password in a request to access a protected application, and b) send said request to a computer operative to c) authenticate said user name and password responsive to said request using SSO authentication; and
  
  d) generate an SSO token if said authentication is successful.

38. A computer program embodied on a computer-readable medium, the computer program comprising:
- a first code segment operative to forward a user name and a password received from a non-SSO-compliant application to an SSO proxy;
  
  a second code segment operative to encapsulate said user name and password in a request to access a protected application;
  
  a third code segment operative to authenticate said user name and password responsive to said request using SSO authentication; and
  
  a fourth code segment operative to generate an SSO token if said authentication is successful.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Dropbox, Inc.
Original Assignee
International Business Machines Corporation
Inventors
Dror, Yaffe, Yakov, Kupherstein

Granted Patent

US 7,698,734 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/8
CPC Class Codes

G06F 21/41 where a single sign-on prov...

H04L 63/0815 providing single-sign-on or...

Single sign-on (SSO) for non-SSO-compliant applications

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

38 Claims

Specification

Solutions

Use Cases

Quick Links

Single sign-on (SSO) for non-SSO-compliant applications

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

38 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links