System and Method for Single Sign-On Session Management Without Central Server
2 Assignments
0 Petitions
Accused Products
Abstract
A method and system for single sign-on session management. Functions of session management and client log-in, normally handled by separate system servers, are incorporated as plug-in modules on individual web content servers. In this manner, network traffic to grant and validate client user credentials is reduced or minimized.
31 Citations
66 Claims
-
1-45. -45. (canceled)
-
46. A computer-implemented method for single sign-on session management, the method comprising
intercepting by plug in modules residing on a processor controlled web server, a first request to grant a client browser access to a first protected resource, the plug-in modules residing between the client browser and multiple protected resources; -
collecting at the plug-in modules credentials of the client browser; determining at the plug-in modules whether the client browser is authenticated and authorized; granting the first request and initiating creation of session credentials if the client browser is authenticated and authorized at the plug-in modules; providing the client browser with a cryptographically generated cookie including the session credentials; intercepting at the plug-in modules a second request from the client browser for a second resource from the multiple protected resources, the second request including the cryptographically generated cookie; decrypting the cryptographically generated cookie using a key and checking for validity of the cookie; and granting access to the second resource if the cookie is valid. - View Dependent Claims (47, 48, 49, 50, 51, 52)
-
-
53. A computer-implemented method for single sign-on session management, the method comprising:
-
intercepting by at least one plug-in module residing on a processor controlled web server, a request to grant a client browser access to a protected resource accessible from the processor controlled web server, the plug-in module residing between the client browser and multiple protected resources, the request comprising a session credential associated with a decryption key, the session credential including at least a session start timestamp and a maximum session idle time for a session initiated prior to the request and in response to authentication of the customer browser for access to another of the protected resources; decrypting the session credential using the decryption key and checking for validity of the session credential; and granting the request if the session credential is validated and updating the session credentials. - View Dependent Claims (54, 55, 56, 57)
-
-
58. A computer-implemented system for single sign-on session management, the system comprising:
-
multiple protected web resources; plug-in modules in residing between the multiple protected web resources and a client browser, the plug-in modules residing on a processor controlled server and operable to; intercept at the plug-in modules residing on the processor controlled web server, a first request to grant the client browser access to a first protected resource; collect at the plug-in modules credentials of the client browser; determine at the plug-in modules whether the client browser is authenticated and authorized; grant the first request and initiate creation of session credentials if the client browser is authenticated and authorized at the plug-in modules; provide the client browser with a cryptographically generated cookie including the session credentials; intercept at the plug-in module a second request from the client browser for a second resource from the multiple protected resources, the second request including the cryptographically generated cookie; decrypt the cryptographically generated cookie using a key and checking for validity of the cookie; and grant access to the second resource if the cookie is valid. - View Dependent Claims (59, 60, 61, 62, 63, 64, 65, 66)
-
Specification