Client authentication distributor
First Claim
Patent Images
1. A method of managing client requests for authentication from an authentication provider comprising:
- receiving a client authentication request from a first client for a first authentication provider at a client authentication distributor (CAD);
determining a first authentication state between the client authentication distributor (CAD) and the first authentication provider, wherein if the CAD is authenticated to the first authentication provider, the CAD provides to the first client a reference to an authentication ticket for communication with a first server authenticated by the first authentication provider;
and if the CAD is not authenticated to the first authentication provider, determining whether first credentials for the first authentication provider are cached, and if the first credentials are cached, performing a sign in with the first authentication provider using the cached first credentials, and if the first credentials are not cached, receiving credentials from a user for the first authentication provider and performing a login with the first authentication provider using the received credentials for the first authentication provider.
2 Assignments
0 Petitions
Accused Products
Abstract
The claimed method and system provides a client authentication distributor component (CAD) that handles multiple client application requests for authentication to a common authentication provider. In one embodiment, only a single user sign on process may be required after which the CAD manages future authentication processes on behalf of the user without the user requiring to provide credentials.
-
Citations
20 Claims
-
1. A method of managing client requests for authentication from an authentication provider comprising:
-
receiving a client authentication request from a first client for a first authentication provider at a client authentication distributor (CAD); determining a first authentication state between the client authentication distributor (CAD) and the first authentication provider, wherein if the CAD is authenticated to the first authentication provider, the CAD provides to the first client a reference to an authentication ticket for communication with a first server authenticated by the first authentication provider; and if the CAD is not authenticated to the first authentication provider, determining whether first credentials for the first authentication provider are cached, and if the first credentials are cached, performing a sign in with the first authentication provider using the cached first credentials, and if the first credentials are not cached, receiving credentials from a user for the first authentication provider and performing a login with the first authentication provider using the received credentials for the first authentication provider. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A system of managing authentication state for a plurality of clients comprising:
-
a first client application; a second client application; a first authentication provider providing an authentication service for a first server application. a client authentication distributor (CAD) that receives an authentication request from at least one of the first and second client application for the first authentication provider and provides a first authentication ticket to the at least one of the first and second client application if the CAD is authenticated by the first authentication provider, otherwise the CAD determines whether client credentials for the first authentication provider are cached, and if the client credentials for the first authentication provider are cached, performing a login process with the first authentication provider and providing a first generated authentication ticket to the at least one of the first and second client application. - View Dependent Claims (15, 16)
-
-
17. A computing apparatus comprising:
-
a display unit that is capable of generating video images; an input device; a processing apparatus operatively coupled to the display unit and the input device, the processing apparatus comprising a processor and a memory operatively coupled to the processor; a network interface connected to a network and to the processing apparatus; the processing apparatus being programmed to; run a first client application requiring access to a first server application; run a second client application requiring access to the first server application; receive an authentication request from the first and second client application for a first authentication provider and if an authentication ticket exists in a cache providing authentication to the first authentication provider, providing the cached ticket to the first and second client application, otherwise, determining whether client credentials for the first authentication provider are cached, and if the client credentials are cached, performing a login process with the first authentication provider and providing an authentication ticket generated by the login process to the first and second client application. - View Dependent Claims (18, 19, 20)
-
Specification