SINGLE SIGN-ON METHOD FOR WEB-BASED APPLICATIONS

US 20090126000A1
Filed: 01/06/2009
Published: 05/14/2009
Est. Priority Date: 04/29/2003
Status: Active Grant

First Claim

Patent Images

1. A method for single-sign on of a user on a client machine to one or more target applications on target application servers in a computer information-processing network, comprising:

accessing an access server from a browser on said client machine;

entering into said browser user-specific access server logon credentials for logon and access to said access server and logging onto said access server;

selecting a link to a target application of said one or more target applications from a linkpage presented to said browser by said access server, user-specific target application logon credentials for said target application having been previously stored in a registration database;

after said selecting said link, said access server presenting to said target application said stored user-specific target application logon credentials for logon and access to said target application in a form and according to a protocol recognizable by said target application and thereby logging into said target application on behalf of the user and establishing a target application session; and

establishing a target application session, bypassing said access server, between said client machine and said target application.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for single-sign on of a user on a client machine to one or more target applications on target application servers in a computer information-processing network, including: accessing an access server from the client machine; entering user-specific access server logon credentials for logon and access to the access server; selecting a target application; presenting to the target application by the access server, previously stored user-specific target application logon credentials for logon and access to the target application in a form and according to a protocol recognizable by the target application thereby logging into the target application on behalf of the user and establishing a target application session; sending from the access server to the client machine, information for establishing a connection from the client machine to the target application; and establishing a target application session, bypassing the access server, between the client machine and the target application.

77 Citations

View as Search Results

33 Claims

1. A method for single-sign on of a user on a client machine to one or more target applications on target application servers in a computer information-processing network, comprising:
- accessing an access server from a browser on said client machine;
  
  entering into said browser user-specific access server logon credentials for logon and access to said access server and logging onto said access server;
  
  selecting a link to a target application of said one or more target applications from a linkpage presented to said browser by said access server, user-specific target application logon credentials for said target application having been previously stored in a registration database;
  
  after said selecting said link, said access server presenting to said target application said stored user-specific target application logon credentials for logon and access to said target application in a form and according to a protocol recognizable by said target application and thereby logging into said target application on behalf of the user and establishing a target application session; and
  
  establishing a target application session, bypassing said access server, between said client machine and said target application.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further including, for a new target application not having links on said linkpage:
    - selecting a target application;
      
      entering a new user-specific target application logon credential for logon and access to said new target application, and recording said new user-specific application logon credential using a network traffic recorder;
      
      generating logon code for said new target application based on network traffic recorded by said traffic recorder and a logon sequence type;
      
      storing said logon code and said user-specific target application logon credentials for said new target application in said registration database; and
      
      adding a link on said linkpage for said new target application.
  - 3. The method of claim 2, further including:
    - selecting said new target application from a list of enabled target applications.
  - 4. The method of claim 3, further including:
    - determining a logon sequence type for said new user-specific target application logon credentials.
  - 5. The method of claim 4, wherein said logon sequence type is selected from the group consisting of (i) a HTTP request for a logon page, (ii) a HTTP response containing a form and a first cookie, (iii) a HTTP request with form fields set and said first cookie and (iv) a HTTP response with said first cookie and a second cookie, (v) a HTTP response with a first cookie, a second cookie and a HTTP redirect, and (vi) a HTTP request with form fields set and both said first and second cookies.
  - 6. The method of claim 1, wherein said information for establishing a connection from said client machine to said target application further includes cookies and rewritten universal resource locators or combinations thereof.
  - 7. The method of claim 1, wherein said information-processing network is an intranet, The Internet or a combination thereof.
  - 8. The method of claim 1, wherein said access server is a portal server or an HTTP proxy server.
  - 9. The method of claim 1, wherein said user-specific access server logon credentials include a user ID, a password or both a user ID and a password.
  - 10. The method of claim 1, wherein said user-specific target application logon credentials include a user ID, a password or both a user ID and a password.

11. A computer system for single-sign on of a user on a client machine to one or more target applications on target application servers in a computer information-processing network, comprising:
- means for accessing an access server from a browser on said client machine;
  
  means for entering into said browser user-specific access server logon credentials for logon and access to said access server and logging onto said access server;
  
  means for selecting a link to a target application of said one or more target applications from a linkpage presented to said browser by said access server, user-specific target application logon credentials for said target application having been previously stored in a registration database;
  
  means for presenting, after said selecting said link, to said target application by said access server said stored user-specific target application logon credentials for logon and access to said target application in a form and according to a protocol recognizable by said target application and thereby logging into said target application on behalf of the user and establishing a target application session; and
  
  means for establishing a target application session, bypassing said access server, between said client machine and said target application.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The computer system of claim 11, further including, for a new target application not having links on said linkpage:
    - means for selecting a target application;
      
      means for entering a new user-specific target application logon credential for logon and access to said new target application, and recording said new user-specific application logon credential using a network traffic recorder;
      
      means for generating logon code for said new target application based on network traffic recorded by said traffic recorder and a logon sequence type;
      
      means for storing said logon code and said user-specific target application logon credentials for said new target application in said registration database; and
      
      means for adding a link on said linkpage for said new target application.
  - 13. The computer system of claim 12, further including:
    - means for selecting said new target application from a list of enabled target applications.
  - 14. The computer system of claim 13, further including:
    - means for determining a logon sequence type for said new user-specific target application logon credentials.
  - 15. The computer system of claim 14, wherein said logon sequence type is selected from the group consisting of (i) a HTTP request for a logon page, (ii) a HTTP response containing a form and a first cookie, (iii) a HTTP request with form fields set and said first cookie and (iv) a HTTP response with said first cookie and a second cookie, (v) a HTTP response with a first cookie, a second cookie and a HTTP redirect, and (vi) a HTTP request with form fields set and both said first and second cookies.
  - 16. The computer system of claim 11, wherein said information for establishing a connection from said client machine to said target application further includes cookies and rewritten universal resource locators or combinations thereof.
  - 17. The computer system of claim 11, wherein said information-processing network is an intranet, The Internet or a combination thereof.
  - 18. The computer system of claim 11, wherein said access server is a portal server or an HTTP proxy server.
  - 19. The computer system of claim 11, wherein said user-specific access server logon credentials include a user ID, a password or both a user ID and a password.
  - 20. The computer system of claim 11, wherein said user-specific target application logon credentials include a user ID, a password or both a user ID and a password.

21. A program storage device readable by machine, tangibly embodying a program of instructions executable by the machine to perform method steps for single-sign on of a user on a client machine to one or more target applications on target application servers in a computer information-processing network, said method steps comprising:
- accessing an access server from a browser on said client machine;
  
  entering into said browser user-specific access server logon credentials for logon and access to said access server and logging onto said access server;
  
  selecting a link to a target application of said one or more target applications from a linkpage presented to said browser by said access server, user-specific target application logon credentials for said target application having been previously stored in a registration database;
  
  after said selecting said link, said access server presenting to said target application said stored user-specific target application logon credentials for logon and access to said target application in a form and according to a protocol recognizable by said target application and thereby logging into said target application on behalf of the user and establishing a target application session; and
  
  establishing a target application session, bypassing said access server, between said client machine and said target application.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 22. The program storage device of claim 21, further including, for a new target application not having links on said linkpage:
    - selecting a target application;
      
      entering a new user-specific target application logon credential for logon and access to said new target application, and recording said new user-specific application logon credential using a network traffic recorder;
      
      generating logon code for said new target application based on network traffic recorded by said traffic recorder and a logon sequence type;
      
      storing said logon code and said user-specific target application logon credentials for said new target application in said registration database; and
      
      adding a link on said linkpage for said new target application.
  - 23. The program storage device of claim 22, further including:
    - selecting said new target application from a list of enabled target applications.
  - 24. The program storage device of claim 23, further including:
    - determining a logon sequence type for said new user-specific target application logon credentials.
  - 25. The program storage device of claim 24, wherein said logon sequence type is selected from the group consisting of (i) a HTTP request for a logon page, (ii) a HTTP response containing a form and a first cookie, (iii) a HTTP request with form fields set and said first cookie and (iv) a HTTP response with said first cookie and a second cookie, (v) a HTTP response with a first cookie, a second cookie and a HTTP redirect, and (vi) a HTTP request with form fields set and both said first and second cookies.
  - 26. The program storage device of claim 21, wherein said information for establishing a connection from said client machine to said target application further includes cookies and rewritten universal resource locators or combinations thereof.
  - 27. The program storage device of claim 21, wherein said information-processing network is an intranet, The Internet or a combination thereof.
  - 28. The program storage device of claim 21, wherein said access server is a portal server or an HTTP proxy server.
  - 29. The program storage device of claim 21, wherein said user-specific access server logon credentials include a user ID, a password or both a user ID and a password.
  - 30. The program storage device of claim 21, wherein said user-specific target application logon credentials include a user ID, a password or both a user ID.

31. An access server connectable in an information processing network, comprising:
- at least one processor;
  
  a memory;
  
  a computer program supported in said memory for enabling access to a target application on a target application server linked to said information-processing network, the computer program comprising;
  
  means for accessing an access server from a browser on said client machine;
  
  means for entering into said browser user-specific access server logon credentials for logon and access to said access server and logging onto said access server;
  
  means for selecting a link to a target application of said one or more target applications from a linkpage presented to said browser by said access server, user-specific target application logon credentials for said target application having been previously stored in a registration database;
  
  means for presenting, after said selecting said link, to said target application by said access server said stored user-specific target application logon credentials for logon and access to said target application in a form and according to a protocol recognizable by said target application and thereby logging into said target application on behalf of the user and establishing a target application session; and
  
  means for establishing a target application session, bypassing said access server, between said client machine and said target application.
- View Dependent Claims (32, 33)
- - 32. The access server of claim 31, wherein said means for accessing said access server includes a respective portlet for each target application of said one or more target application.
  - 33. The access server of claim 31, wherein said means for establishing said target application session includes one or more single sign-on logon type servlets and one or more single sign-on application-specific logon procedure servlets.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Rakuten Group, Inc.
Original Assignee
Dmitry Andreev, Gregory Vilshansky
Inventors
Andreev, Dmitry, Vilshansky, Gregory

Granted Patent

US 7,958,547 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/8
CPC Class Codes

H04L 63/0815 providing single-sign-on or...

SINGLE SIGN-ON METHOD FOR WEB-BASED APPLICATIONS

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

77 Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

SINGLE SIGN-ON METHOD FOR WEB-BASED APPLICATIONS

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

77 Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links