Single sign on with proxy services
First Claim
1. A method, comprising:
- receiving an authentication request from a principal;
authenticating the principal; and
supplying an authentication message for use by an identity service on behalf of the principal, wherein the authentication message serves as a new authentication request and as a new authentication response for single sign-on access of the principal to the identity service.
11 Assignments
0 Petitions
Accused Products
Abstract
Techniques for proxing services with a single sign on are provided. A principal authenticates to a first identity service. The first identity service is in a trusted relationship with a second identity service. An authentication request is sent to the second identity service and the request includes an authentication response supplied by the first identity service in response to successful authentication of the principal to the first identity service. In response to the authentication request and the accompanying response, the principal is authenticated for access to the second identity service. Furthermore, targeted services accessible to the second identity service are proxied from and to the principal during interactions between the principal and an external service of that principal.
46 Citations
25 Claims
-
1. A method, comprising:
-
receiving an authentication request from a principal; authenticating the principal; and supplying an authentication message for use by an identity service on behalf of the principal, wherein the authentication message serves as a new authentication request and as a new authentication response for single sign-on access of the principal to the identity service. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method, comprising:
-
receiving an authentication request and an authentication response as a single sign-on transaction from a principal; detecting, from an identity service, an instruction, which is represented in the authentication response; and taking an action in response to the instruction to authenticate the principal for access to targeted services. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A method, comprising:
-
receiving a request for access from a principal or an external service associated with the principal, wherein the request includes a first authentication token, the first authentication token indicating the principal is currently already authenticated to a first identity service and a second authentication token indicating the principal is also currently authenticated to a second identity service; acquiring a service token for a targeted service that can be made accessible to the first identity service or external service; and supplying the first identity service or external service with the service token for accessing the targeted service, wherein the first identity service passes the service token to the external service thereby making the targeted service accessible from and to the principal via the external service or the first identity service via the service token. - View Dependent Claims (15, 16, 17)
-
-
18. A system, comprising:
-
a first identity service; and a second identity service, wherein the first identity service is to authenticate a principal for access to the first identity service and is to facilitate authentication of the principal to the second identity service by formulating a second identity service authentication request on behalf of the principal, wherein the second identity authentication request also includes an authentication response that is to be included with the second identity authentication request, and wherein the authentication response is relied upon by the second identity service to determine authentication of the principal to the second identity service. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25)
-
Specification