CLIENT/SERVER SYSTEM FOR COMMUNICATING ACCORDING TO THE STANDARD PROTOCOL OPC UA AND HAVING SINGLE SIGN-ON MECHANISMS FOR AUTHENTICATING, AND METHOD FOR PERFORMING SINGLE SIGN-ON IN SUCH A SYSTEM
First Claim
1. A method for integrating single sign-on (SOS) mechanisms in a client/server system with communication according to the OPC UA protocol and for performing SOS for user authentication in the system, wherein the system includes an OPC UA client which is connected to an OPC UA aggregating server, which in turn is connected to subordinate OPC UA servers by means of a communication network, the method comprising:
- providing, in order to integrate SOS mechanisms, the OPC UA aggregating server with an SSO component for mapping user legitimation data, which are used in a service call, to identities in a form in which the identities are stored in the subordinate OPC UA servers; and
utilizing, in order to perform SOS with the aid of the SOS component, user legitimation data belonging to a service call to automatically look for corresponding mapped identities and for affected OPC UA servers and, for each match, to call an ActivateSession service in the respective OPC UA server using the mapped identity, after which the data access desired with the user'"'"'s service call is established.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and device are provided for integrating single sign-on (SOS) mechanisms in a client/server system using communication according to the standard protocol OPC UA, and for performing SOS for user authentication and authorization in the system. A client is connected to an aggregating server, and the aggregating server is connected to subordinated servers via a communication network. To integrate SOS mechanisms, the aggregating server is provided with an SSO component for mapping user legitimation data used in a service call to identities in the form in which the identities are stored in the subordinate servers. To perform SOS using the SSO component, user legitimation data associated with a service call are used to automatically search for corresponding mapped identities and affected servers, and to call up an active session service for each match in each server via the mapped identity, to establish the desired access to data from the user'"'"'s service invocation.
-
Citations
8 Claims
-
1. A method for integrating single sign-on (SOS) mechanisms in a client/server system with communication according to the OPC UA protocol and for performing SOS for user authentication in the system, wherein the system includes an OPC UA client which is connected to an OPC UA aggregating server, which in turn is connected to subordinate OPC UA servers by means of a communication network, the method comprising:
-
providing, in order to integrate SOS mechanisms, the OPC UA aggregating server with an SSO component for mapping user legitimation data, which are used in a service call, to identities in a form in which the identities are stored in the subordinate OPC UA servers; and utilizing, in order to perform SOS with the aid of the SOS component, user legitimation data belonging to a service call to automatically look for corresponding mapped identities and for affected OPC UA servers and, for each match, to call an ActivateSession service in the respective OPC UA server using the mapped identity, after which the data access desired with the user'"'"'s service call is established. - View Dependent Claims (2)
-
-
3. A client/server system which is set up for communication according to the OPC UA protocol and for single sign-on (SOS), the system comprising:
-
an OPC UA client; an OPC UA aggregating server connected to the OPC UA client via a first communication network; and subordinate OPC UA servers connected to the OPC UA aggregating server via a second communication network, wherein the OPC UA aggregating server comprises a SSO component configured to perform user authentication with SSO mechanisms. - View Dependent Claims (4, 5, 6, 7, 8)
-
Specification