SYSTEM AND METHOD FOR SINGLE SIGN-ON TO RESOURCES ACROSS A NETWORK
First Claim
1. A system for providing single sign on across a plurality of resources, comprising:
- an authentication connector configured to communicate with at least one authentication subsystem to authenticate a user;
at least one adaptor, each adaptor is configured to receive a credential set from a credential data store and, utilizing information from the credential set, communicate with the resource corresponding to the received credential set to authenticate the user to the resource; and
an SSO engine configured, responsive to a request from a user, to access a resource and detect whether the user was previously authenticated within a time window, and if not, authenticate the users with the authentication connector, and if the users was previously authenticated, the SSO engine is configured to retrieve the credential set corresponding to the resource requested by the user and provide the credential set to the adaptor to enable the adaptor authenticate the user to the resource without requiring the user to perform additional authentication for that resource.
10 Assignments
0 Petitions
Accused Products
Abstract
Systems, methods and apparatus for providing single sign on across a plurality of resources is disclosed. An exemplary method includes receiving a request from a user to access a particular one of the plurality of resources; establishing an SSO session for the user if an SSO session has not been established; determining if the user has been authenticated to the particular resource, and if not, retrieving credentials for the user that are specific to the resource; presenting the credentials to the resource so as to create a session with the resource; and presenting a user interface for a customer to configure which of the plurality of resources can be accessed by users.
171 Citations
20 Claims
-
1. A system for providing single sign on across a plurality of resources, comprising:
-
an authentication connector configured to communicate with at least one authentication subsystem to authenticate a user; at least one adaptor, each adaptor is configured to receive a credential set from a credential data store and, utilizing information from the credential set, communicate with the resource corresponding to the received credential set to authenticate the user to the resource; and an SSO engine configured, responsive to a request from a user, to access a resource and detect whether the user was previously authenticated within a time window, and if not, authenticate the users with the authentication connector, and if the users was previously authenticated, the SSO engine is configured to retrieve the credential set corresponding to the resource requested by the user and provide the credential set to the adaptor to enable the adaptor authenticate the user to the resource without requiring the user to perform additional authentication for that resource. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for providing single sign on across a plurality of resources, comprising:
-
receiving a request from a user to access a particular one of the plurality of resources; establishing an SSO session for the user if an SSO session has not been established; determining if the user has been authenticated to the particular resource, and if not, retrieving credentials for the user that are specific to the particular resource; presenting the credentials to the particular resource so as to create a session with the particular resource; and presenting a user interface for a customer to configure which of the plurality of resources can be accessed by users. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A system for providing single sign on across a plurality of resources, comprising:
-
an authentication connector configured to communicate with at least one authentication subsystem to authenticate a user; at least one adaptor, each adaptor is configured to receive a credential set from a credential data store and, utilizing information from the credential set, communicate with the resource corresponding to the received credential set to authenticate the user to the resource; and an SSO engine configured to receive a request from a user to access resources and detect whether the user was previously authenticated within a time window, and if not, authenticate the user with the authentication connector, and if the user was previously authenticated, the SSO engine is configured to retrieve the credential set corresponding to the resource requested by the user and provide the credential set to the adaptor to enable the adaptor authenticate the user to the resource without requiring the user to perform additional authentication for that resource; an admin server remotely located from an administrator and configured to present an interface, via the Internet to the administrator, so as to enable the administrator to configure which of the plurality of resources can be accessed by the user. an update handler that is configured to install software updates while the system conyinues to manage access to a plurality of resources. a user store connector configured to connect to one or more user stores to retrieve attributes; a policy engine configured to retrieve attributes corresponding to the user and use the attributes to evaluate access policies which are defined for protection of resources, to determine whether or not the user should be granted access to the resource; a request interceptor configured to receive the request from the user as a proxy address that differs from the actual address of the resource;
-
Specification