SYSTEM, METHOD AND PROGRAM PRODUCT FOR CONSOLIDATED AUTHENTICATION
First Claim
1. A method for authentication of a user at a first computer to an application at a second computer, said method comprising the steps of:
- said first computer sending a request to said second computer to access said application, and in response, said second computer determining that said user has not yet been authenticated to said application, and in response, said second computer redirecting said request to a third computer, and in response, said third computer determining that said user has been authenticated to said third computer, and in response, said third computer authenticating said user to said application and in response, said second computer returning a session key to said third computer for a session between said application and said user, said session have a scope of said second computer or said application but not a scope of a domain; and
in response to said authentication of said user to said second application and receipt by said third computer of said session key from said second computer for a session between said user and said second computer or said application, said third computer generating another session key with a scope of the domain and sending the domain-scope session key to said first computer; and
said first computer sending another request to said application with said domain-scope session key, and in response, said application recognizing a valid session between said user and said application based on said domain-scope session key and responding to said first computer in compliance with said other request; and
whereinsaid domain is a group of applications including said application in said second computer, or a group of computers including said second computer, which are owned or operated by a same entity or have a same domain name URL component.
1 Assignment
0 Petitions
Accused Products
Abstract
A first computer sends a request to the second computer to access the application. In response, the second computer determines that the user has not yet been authenticated to the application. In response, the second computer redirects the request to a third computer. In response, the third computer determines that the user has been authenticated to the third computer. In response, the third computer authenticates the user to the application. In response, the second computer returns a session key to the third computer for a session between the application and the user. The session has a scope of the second computer or the application but not a scope of a domain. In response to the authentication of the user to the second application and receipt by the third computer of the session key from the second computer for a session between the user and the second computer or the application, the third computer generates another session key with a scope of the domain and sends the domain-scope session key to the first computer. The first computer sends another request to the application with the domain-scope session key.
46 Citations
13 Claims
-
1. A method for authentication of a user at a first computer to an application at a second computer, said method comprising the steps of:
-
said first computer sending a request to said second computer to access said application, and in response, said second computer determining that said user has not yet been authenticated to said application, and in response, said second computer redirecting said request to a third computer, and in response, said third computer determining that said user has been authenticated to said third computer, and in response, said third computer authenticating said user to said application and in response, said second computer returning a session key to said third computer for a session between said application and said user, said session have a scope of said second computer or said application but not a scope of a domain; and in response to said authentication of said user to said second application and receipt by said third computer of said session key from said second computer for a session between said user and said second computer or said application, said third computer generating another session key with a scope of the domain and sending the domain-scope session key to said first computer; and said first computer sending another request to said application with said domain-scope session key, and in response, said application recognizing a valid session between said user and said application based on said domain-scope session key and responding to said first computer in compliance with said other request; and
whereinsaid domain is a group of applications including said application in said second computer, or a group of computers including said second computer, which are owned or operated by a same entity or have a same domain name URL component. - View Dependent Claims (2, 3)
-
-
4. A computer program product for authenticating a user at a first computer to an application at a second computer, said computer program product comprising:
-
a computer readable media; first program instructions for execution in said second computer, responsive to a request from said first computer to access said application, to determine whether said user has been authenticated to said application, and if not, redirect said request to a third computer; second program instructions, for execution in said third computer, responsive to said redirected request from said third computer, to determine if said user has been authenticated to said third computer, and if so, authenticate said user to said application; third program instructions, for execution in said second computer, responsive to said authentication of said user by said third computer, to initiate return of a session key to said third computer for a session between said application and said user, said session have a scope of said second computer or said application but not a scope of a domain; and fourth program instructions, for execution in said third computer, responsive to said authentication of said user to said second application and receipt by said third computer of said session key from said second computer for a session between said user and said second computer or said application, to generate another session key with a scope of said domain and initiate sending of the domain-scope session key to said first computer; and fifth program instructions, for execution in said second computer, responsive to another request from said first computer to access said application, said other request including said domain-scope session key, to recognize a valid session between said user and said application based on said domain-scope session key and initiate a response by said application to said first computer in compliance with said other request; and
whereinsaid domain is a group of applications including said application in said second computer and/or a group of computers including said second computer, which are owned or operated by a same entity or have a same domain name URL component; and said first, second, third, fourth and fifth program instructions are stored on said computer readable storage media. - View Dependent Claims (5, 6, 7, 8)
-
-
9. A computer system for authenticating a user at a first computer to an application at a second computer, said computer system comprising:
-
said second computer with a first central processing unit; a third computer with a second central processing unit; first program instructions, stored in said second computer for execution by said first central processing unit, responsive to a request from said first computer to access said application, to determine whether said user has been authenticated to said application, and if not, redirect said request to a third computer; second program instructions, stored in said third computer for execution by said second central processing unit, responsive to said redirected request from said third computer, to determine if said user has been authenticated to said third computer, and if so, authenticate said user to said application; third program instructions, stored in said second computer for execution by said first central processing unit, responsive to said authentication of said user by said third computer, to initiate return of a session key to said third computer for a session between said application and said user, said session have a scope of said second computer or said application but not a scope of a domain; and fourth program instructions, stored in said third computer for execution by said second central processing unit, responsive to said authentication of said user to said second application and receipt by said third computer of said session key from said second computer for a session between said user and said second computer or said application, to generate another session key with a scope of said domain and initiate sending of the domain-scope session key to said first computer; and fifth program instructions, stored in said second computer for execution by said first central processing unit, responsive to another request from said first computer to access said application, said other request including said domain-scope session key, to recognize a valid session between said user and said application based on said domain-scope session key and initiate a response by said application to said first computer in compliance with said other request; and
whereinsaid domain is a group of applications including said application in said second computer and/or a group of computers including said second computer, which are owned or operated by a same entity or have a same domain name URL component. - View Dependent Claims (10, 11, 12, 13)
-
Specification