SIMPLIFYING ADDITION OF WEB SERVERS WHEN AUTHENTICATION SERVER REQUIRES REGISTRATION

US 20110078437A1
Filed: 09/29/2009
Published: 03/31/2011
Est. Priority Date: 09/29/2009
Status: Active Grant

First Claim

Patent Images

1. A computing system comprising:

an authentication server requiring registration prior to providing authentication services to server systems;

a backend server registered with said authentication server, said backend server to receive a redirected request and forward said redirected request to said authentication server, said backend server to receive an authentication result from said authentication server as a response to forwarding said redirected request; and

a server system to receive a request to access a resource from a user at a client system, said server system to redirect said request as said redirected request if access to said resource by said user is not yet authenticated, said server system to receive said authentication result as a response to said redirect,said server system permitting said user to access said resource if said authentication result indicates that said user at said client system is authenticated.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An aspect of the present invention simplifies addition of new server systems which serve web pages to client systems, when an authentication server requires registration before providing authentication services. In an embodiment, a backend server is provided, which is registered with an authentication server. The server systems are implemented to redirect unauthorized access requests to the backend server, and the configurations performed during registration of the backend server system are used for authenticating a user and receiving an authentication result. The backend server communicates the authentication result and other information received from the authentication server to the server system. According to another aspect, such simplification is performed in a single sign-on (SSO) environment.

Citations

14 Claims

1. A computing system comprising:
- an authentication server requiring registration prior to providing authentication services to server systems;
  
  a backend server registered with said authentication server, said backend server to receive a redirected request and forward said redirected request to said authentication server, said backend server to receive an authentication result from said authentication server as a response to forwarding said redirected request; and
  
  a server system to receive a request to access a resource from a user at a client system, said server system to redirect said request as said redirected request if access to said resource by said user is not yet authenticated, said server system to receive said authentication result as a response to said redirect,said server system permitting said user to access said resource if said authentication result indicates that said user at said client system is authenticated.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The computing system of claim 1, wherein said server system controls access to a plurality of resources,wherein said server system permits said user to access to any of said plurality of resources if said authentication result indicates that said user at said client system is authenticated, thereby providing a single sign-on (SSO) feature,wherein the access to each of said plurality of resources is received in the form of a corresponding one of a first plurality of web pages, and a response is sent by said server system as a corresponding one of a second plurality of web pages.
  - 3. The computing system of claim 2, wherein each of said plurality of resources is a corresponding one of a plurality of applications, the access to which is controlled by said server system.
  - 4. The computing system of claim 3, wherein said plurality of applications comprise electronic mail (Email), social networking, managing photos, and wherein said server system permits access to at least one application without requiring authentication.
  - 5. The computing system of claim 2, wherein said server system forms a user cookie and sends said user cookie as a response to said request if said authentication result indicates that said user is authenticated, wherein said user cookie is received with each of the accesses to any of said plurality of resources for said SSO feature.
  - 6. The computing system of claim 5, wherein said authentication server contains a list of systems authorized to request authentication of users, wherein said backend server is included in said list of systems and said server system is not included in said list of systems.
  - 7. The computing system of claim 6, wherein said backend server is added to said list of systems in a registration task, wherein said authentication server further generates a configuration file during said registration task, said configuration file containing a plurality of values which are required for using authentication services provided by said authentication server, said configuration file being provided to said backend server, but not to said server system.
  - 8. The computing system of claim 7, wherein said plurality of values comprise an identifier of said authentication server, a key, a login Uniform Resource Locator (URL), and a protocol version,wherein said identification is used to determine an IP address of said authentication server to send said redirected request,wherein said key is used to establish a secure channel with said authentication server to receive said authentication result,wherein said protocol version specifies a protocol using which communication with said authentication server is to be performed.
  - 9. The computing system of claim 8, wherein said redirected request from said server system to said backend server contains a resource identifier of said resource sought to be accessed, a source address identifying said client system,wherein said redirected request from said backend server to said authentication server contains said login URL and an encrypted parameter associated with said login URL, wherein said encrypted parameter is formed in encrypted form using said key in said plurality of values,said encrypted parameter further contains said resource identifier, said source address, an identifier of said backend server.

10. A machine readable medium storing one or more sequences of instructions for causing a backend server to simplify addition of new server systems to a computing system, wherein execution of said one or more sequences of instructions by one or more processors contained in said backend server causes said backend server to perform the actions of:
- receiving a redirected request from a server system, wherein said redirected request contains a resource identifier and a source address, said resource identifier identifying a resource sought to be accessed by an unauthenticated user, and said source address identifying a client system from which an access request is received by said server system, wherein said redirected request is generated by said server system upon receiving said access request;
  
  examining a configuration information received based on registration of said backend server with an authentication server to determine a plurality of values;
  
  communicating with said authentication server using said plurality of values to receive an authentication result; and
  
  forwarding said authentication result to said server system as a response to receiving said redirected request.
- View Dependent Claims (11, 12)
- - 11. The machine readable medium of claim 10, wherein said plurality of values comprise an identifier of said authentication server, a key, a login Uniform Resource Locator (URL), and a protocol version,wherein said identifier is used to determine an IP address of said authentication server to send said redirected request to said authentication server,wherein said key is used to establish a secure channel with said authentication server to receive said authentication result,wherein said protocol version specifies a protocol using which said communicating with said authentication server is performed.
  - 12. The machine readable medium of claim 11, wherein said redirected request received from said server system by said backend server contains a resource identifier of said resource sought to be accessed, said source address identifying said client system,wherein said redirected request from said backend server to said authentication server contains said login URL and an encrypted parameter associated with said login URL, wherein said encrypted parameter is formed in encrypted form using said key in said plurality of values,said encrypted parameter further contains said resource identifier, said source address, an identifier of said backend server.

13. A method of simplifying addition of server systems in a computing system, wherein said computing system contains an authentication server requiring registration of requesting server before providing authentication services, said method comprising:
- registering a backend server with said authentication server;
  
  receiving, in a server system, an access request from a user to access a resource, wherein said user is not authenticated when said access request is received;
  
  redirecting unauthenticated requests from said server system to said backend server, whereby said authentication server authenticates users sending said unauthenticated requests by virtue of said registering, whereby said backend server receives an authentication result from said authentication server by virtue of said registering;
  
  forwarding said authentication result, from said backend server to said server system; and
  
  allowing, in said server system, access to said resource upon receiving said authentication result, if said authentication result indicates that said user authenticated.
- View Dependent Claims (14)
- - 14. The method of claim 13, wherein said server system is designed to control access to a plurality of resources, said method further comprising:
    - allowing, in said server system, access to any of said plurality of resources to said user after receiving said authentication result if said authentication result indicates that said user is authenticated, whereby single sign on (SSO) feature is provided to said user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Reddy, Balannagari Rajashekar

Granted Patent

US 8,433,896 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/155
CPC Class Codes

H04L 63/0815 providing single-sign-on or...

SIMPLIFYING ADDITION OF WEB SERVERS WHEN AUTHENTICATION SERVER REQUIRES REGISTRATION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

SIMPLIFYING ADDITION OF WEB SERVERS WHEN AUTHENTICATION SERVER REQUIRES REGISTRATION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links