Method and apparatus for end-to-end identity propagation
First Claim
1. A method for end-to-end identity propagation to a backend-tier application that is not single sign-on enabled, comprising:
- receiving a request from a user at a middle-tier application to access private data from the backend-tier application;
redirecting the user to a single sign-on server;
receiving a token from the single sign-on server, wherein the token is used to verify the user'"'"'s identity;
presenting the token to the backend-tier application to prove that the middle-tier is authorized to act on behalf of the user;
accessing the private data from the backend-tier application; and
providing the private data to the user.
0 Assignments
0 Petitions
Accused Products
Abstract
One embodiment of the present invention provides a system that facilitates end-to-end identity propagation to a backend-tier application that is not single sign-on enabled. During operation, the system receives request from a user at a middle-tier application to access private data from the backend-tier application. Upon receiving this request, the system redirects the user to a single sign-on server that verifies authentication credentials of the user. The middle-tier application then receives a token from the single sign-on server authorizing access to a backend-tier application. Next, the middle-tier application uses the token to access the private data from the backend-tier application, and then provides the private data to the user.
24 Citations
24 Claims
-
1. A method for end-to-end identity propagation to a backend-tier application that is not single sign-on enabled, comprising:
-
receiving a request from a user at a middle-tier application to access private data from the backend-tier application;
redirecting the user to a single sign-on server;
receiving a token from the single sign-on server, wherein the token is used to verify the user'"'"'s identity;
presenting the token to the backend-tier application to prove that the middle-tier is authorized to act on behalf of the user;
accessing the private data from the backend-tier application; and
providing the private data to the user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A storage device storing instructions that when executed by a computer cause the computer to perform a method for end-to-end identity propagation to a backend-tier application that is not single sign-on enabled, wherein the storage device does not include computer instruction signals embodied in a transmission medium, the method comprising:
-
receiving a request from a user at a middle-tier application to access private data from the backend-tier application;
redirecting the user to a single sign-on server;
receiving a token from the single sign-on server, wherein the token is used to verify the user'"'"'s identity;
presenting the token to the backend-tier application to prove that the middle-tier is authorized to act on behalf of the user;
accessing the private data from the backend-tier application; and
providing the private data to the user. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. An apparatus for end-to-end identity propagation to a backend-tier application that is not single sign-on enabled, comprising:
-
a receiving mechanism configured to receive a request from a user at a middle-tier application to access private data from the backend-tier application;
a redirecting mechanism configured to redirect the user to a single sign-on server;
wherein the receiving mechanism is further configured to receive a token from the single sign-on server, wherein the token is used to verify the user'"'"'s identity;
an access mechanism configured to present the token to the backend-tier application to prove that the middle-tier is authorized to act on behalf of the user and to access the private data from the backend-tier application; and
a providing mechanism configured to provide the private data to the user. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
Specification