SINGLE SIGN-ON FOR WEB APPLICATIONS

US 20100043065A1
Filed: 08/12/2008
Published: 02/18/2010
Est. Priority Date: 08/12/2008
Status: Abandoned Application

First Claim

Patent Images

1. A method for allowing access to a plurality of target applications after a single sign-on, the method comprising:

detecting, after the single sign-on, a request to access a target application of the plurality of target applications, the request including a federated single sign-on (FSSO) attributes cookie;

determining user attributes from the FSSO attributes cookie;

determining, based on the FSSO attributes cookie, a configuration associated with the target application, wherein the configuration indicates a format for one or more of the user attributes, and wherein the format is associated with the target application;

creating a data structure according to the configuration, wherein the data structure includes one or more of the user attributes arranged in the format; and

providing the data structure to the target application.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for providing identity and other attributes to sign-on web applications in configurable application specific formats are described herein. In some embodiments, a method for allowing access to a plurality of target applications after single sign-on includes detecting, after the single sign-on, a request to access a target application of the plurality of target applications, the request including a federated single sign-on (FSSO) attributes cookie. The method can also comprise determining user attributes from the FSSO attributes cookie and determining a configuration associated with the target application, wherein the configuration indicates a format for one or more of the user attributes, and wherein the format is associated with the target application. The method can also include creating a data structure according to the configuration, wherein the data structure includes one or more of the user attributes arranged in the format and providing the data structure to the target application.

Citations

20 Claims

1. A method for allowing access to a plurality of target applications after a single sign-on, the method comprising:
- detecting, after the single sign-on, a request to access a target application of the plurality of target applications, the request including a federated single sign-on (FSSO) attributes cookie;
  
  determining user attributes from the FSSO attributes cookie;
  
  determining, based on the FSSO attributes cookie, a configuration associated with the target application, wherein the configuration indicates a format for one or more of the user attributes, and wherein the format is associated with the target application;
  
  creating a data structure according to the configuration, wherein the data structure includes one or more of the user attributes arranged in the format; and
  
  providing the data structure to the target application.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the providing the data structure to the target application further includes:
    - stripping hypertext transport protocol headers from the request; and
      
      creating new headers, wherein the new headers include the data structure.
  - 3. The method of claim 1, wherein the user attributes are included in the FSSO attributes cookie, and wherein the user attributes include one or more of username, user id, password, email address, and source application internet protocol (IP) address.
  - 4. The method of claim 1 further comprising:
    - determining another configuration associated with another target application, wherein the other configuration indicates another format for one or more of the user attributes, and wherein the other format is associated with the other target application;
      
      creating another data structure according to the other configuration, wherein the other data structure includes one or more of the user attributes arranged in the other format; and
      
      providing the other data structure to the other target application.
  - 5. The method of claim 1, wherein the configuration resides in an extensible markup language (XML) file.
  - 6. The method of claim 1, wherein before provision to the target application, the data structure is embedded in one or more of hypertext transfer protocol headers, server variables, cookies, and environment variables.
  - 7. The method of claim 1 further comprising:
    - detecting an absence of the FSSO attributes cookie;
      
      requesting additional user attributes through a graphical user interface.

8. A system configured to allow access to a plurality of target applications after a single sign-on, the apparatus comprising:
- a service provider configured to host a plurality of target applications residing in one or more web environments;
  
  a federated single sign-on (FSSO) system configured to authenticate a user, establish the user'"'"'s credentials, and generate an FSSO attributes cookie,an FSSO adapter configured todetect, after the single sign-on, a request to access a target application of the plurality of target applications, the request including the federated single sign-on (FSSO) attributes cookie,determine user attributes for the FSSO attributes cookie,determine a configuration associated with the target application, wherein the configuration indicates a format for one or more of the user attributes, and wherein the format is associated with the target application,create a data structure according to the configuration, wherein the data structure includes one or more of the user attributes arranged in the format, andprovide the data structure to the target application.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, wherein the FSSO adapter is further configured to, for the provision of the data structure to the target application, strip hypertext transport protocol headers from the request, and create new headers, wherein the new headers include the data structure.
  - 10. The system of claim 8, wherein the user attributes are included in the F-SSO attributes cookie, and wherein the user attributes include one or more of username, user id, password, email address, and source application internet protocol (IP) address.
  - 11. The system of claim 8, wherein the FSSO adapter is further configured to:
    - determine another configuration associated with another target application, wherein the other configuration indicates another format for one or more of the user attributes, and wherein the other format is associated with the other target application,create another data structure according to the other configuration, wherein the other data structure includes one or more of the user attributes arranged in the other format, andprovide the other data structure to the other target application.
  - 12. The system of claim 8, wherein the configuration resides in an extensible markup language (XML) file.
  - 13. The system of claim 8, wherein the FSSO adapter is configured to embed, before provision to the target application, the data structure in one or more of hypertext transfer protocol headers, server variables, cookies, and environment variables.
  - 14. The system of claim 8 further comprising:
    - the target application configured to request additional user attributes through a graphical user interface.

15. One or more machine-readable media having stored therein a program product, which when executed, causes a set of one or more processor units to perform operations for allowing access to a plurality of target applications after a single sign-on, the operations comprising:
- detecting, after the single sign-on, a request to access a target application of the plurality of target applications, the request including a federated single sign-on (FSSO) attributes cookie;
  
  determining user attributes from the F-SSO attributes cookie;
  
  determining a configuration associated with the target application, wherein the configuration indicates a format for one or more of the user attributes, and wherein the format is associated with the target application;
  
  creating a data structure according to the configuration, wherein the data structure includes one or more of the user attributes arranged in the format; and
  
  providing the data structure to the target application.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The one or more machine-readable media of claim 15, wherein the providing the data structure to the target application further includes:
    - stripping hypertext transport protocol headers from the request; and
      
      creating new headers, wherein the new headers include the data structure.
  - 17. The one or more machine-readable media of claim 15, wherein the user attributes are included in the F-SSO attributes cookie, and wherein the user attributes include one or more of username, user id, password, email address, and source application internet protocol (IP) address.
  - 18. The one or more machine-readable media of claim 15, further comprising:
    - determining another configuration associated with another target application, wherein the other configuration indicates another format for one or more of the user attributes, and wherein the format is associated with the other target application;
      
      creating another data structure according to the other configuration, wherein the other data structure includes one or more of the user attributes arranged in the other format; and
      
      providing the other data structure to the other target application.
  - 19. The one or more machine-readable media of claim 15, wherein the configuration resides in an extensible markup language (XML) file.
  - 20. The one or more machine-readable media of claim 15, wherein before provision to the target application the data structure is embedded in one or more of hypertext transfer protocol headers, server variables, cookies, and environment variables.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Salmon, Parley A., Bray, Gavin G., Tuton, Peter J. K., Wardrop, Patrick R.

Application Number

US12/189,975
Publication Number

US 20100043065A1
Time in Patent Office

Days
Field of Search
US Class Current

726/8
CPC Class Codes

G06F 21/41 where a single sign-on prov...

H04L 63/0815 providing single-sign-on or...

SINGLE SIGN-ON FOR WEB APPLICATIONS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SINGLE SIGN-ON FOR WEB APPLICATIONS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links