METHOD AND SYSTEM FOR IDENTITY PROVIDER MIGRATION USING FEDERATED SINGLE-SIGN-ON OPERATION
First Claim
1. A method for operating a federated computational environment, wherein a first user account for a user is managed at a first identity provider, wherein a second user account for the user is managed at a second identity provider, wherein a third user account for the user is managed at a service provider, wherein the first identity provider, the second identity provider, and the service provider operate within the federated computational environment, the computer-implemented method comprising:
- receiving at the service provider a request to access by the user a protected resource that is managed by the service provider;
performing, after receiving the request to access the protected resource, a federated single-sign-on operation for the user between the service provider and the first identity provider;
modifying, prior to sending a response to the request to access the protected resource, information in the third user account to indicate that the service provider relies upon the second identity provider to authenticate the user on behalf of the service provider rather than the first identity provider; and
sending a response for the request to access the protected resource.
2 Assignments
0 Petitions
Accused Products
Abstract
A method is presented for performing an identity provider migration operation with respect to a user within a federated computational environment, wherein the user has a first user account at a first identity provider, a second user account at a second identity provider, and a third user account at a service provider. A request to access a resource is received by the service provider, after which a federated single-sign-on operation for the user is performed between the service provider and the first identity provider. Prior to sending a response to the request to access the protected resource, information in the third user account is modified to indicate that the service provider relies upon the second identity provider to authenticate the user on behalf of the service provider rather than the first identity provider. A response for the request to access the resource is then returned by the service provider.
-
Citations
45 Claims
-
1. A method for operating a federated computational environment, wherein a first user account for a user is managed at a first identity provider, wherein a second user account for the user is managed at a second identity provider, wherein a third user account for the user is managed at a service provider, wherein the first identity provider, the second identity provider, and the service provider operate within the federated computational environment, the computer-implemented method comprising:
-
receiving at the service provider a request to access by the user a protected resource that is managed by the service provider; performing, after receiving the request to access the protected resource, a federated single-sign-on operation for the user between the service provider and the first identity provider; modifying, prior to sending a response to the request to access the protected resource, information in the third user account to indicate that the service provider relies upon the second identity provider to authenticate the user on behalf of the service provider rather than the first identity provider; and sending a response for the request to access the protected resource. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A computer program product on a computer readable storage medium for use in a data processing system for operating a federated computational environment, wherein a first user account for a user is managed at a first identity provider, wherein a second user account for the user is managed at a second identity provider, wherein a third user account for the user is managed at a service provider, wherein the first identity provider, the second identity provider, and the service provider operate within the federated computational environment, the computer program product comprising:
-
instructions for receiving at the service provider a request to access by the user a protected resource that is managed by the service provider; instructions for performing, after receiving the request to access the protected resource, a federated single-sign-on operation for the user between the service provider and the first identity provider; instructions for modifying, prior to sending a response to the request to access the protected resource, information in the third user account to indicate that the service provider relies upon the second identity provider to authenticate the user on behalf of the service provider rather than the first identity provider; and instructions for sending a response for the request to access the protected resource. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
-
-
31. An apparatus for operating a federated computational environment, wherein a first user account for a user is managed at a first identity provider, wherein a second user account for the user is managed at a second identity provider, wherein a third user account for the user is managed at a service provider, wherein the first identity provider, the second identity provider, and the service provider operate within the federated computational environment, the apparatus comprising:
-
instructions for receiving at the service provider a request to access by the user a protected resource that is managed by the service provider; instructions for performing, after receiving the request to access the protected resource, a federated single-sign-on operation for the user between the service provider and the first identity provider; instructions for modifying, prior to sending a response to the request to access the protected resource, information in the third user account to indicate that the service provider relies upon the second identity provider to authenticate the user on behalf of the service provider rather than the first identity provider; and instructions for sending a response for the request to access the protected resource. - View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45)
-
Specification