Systems and Methods for Providing Single Sign On Access to Enterprise SAAS and Cloud Hosted Applications

US 20110277026A1
Filed: 05/06/2011
Published: 11/10/2011
Est. Priority Date: 05/07/2010
Status: Active Grant

First Claim

Patent Images

1. A method for providing via an intermediary device single sign on across one or more disparately hosted applications, the method comprising:

(a) intercepting, by a device intermediary to a plurality of clients and a plurality of servers, a first request of a client to access a login page of a third-party hosted application of a plurality of disparately hosted applications accessible via the device using a single set of authentication credentials;

(b) redirecting, by the device, the client to a single sign on system providing single sign on access to one or more third-party hosted applications of the plurality of disparately hosted applications;

(c) intercepting, by the device, a second request from the client to sign on to a fully qualified domain name corresponding to a domain of the third-party hosted application;

(d) redirecting, by the device responsive to a policy applied to content of the second request, the second request to the single sign on system; and

(e) forwarding, by the device to the domain of the third-party hosted application. the second request redirected by the single sign on system to the domain.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The solution of the present application addresses the problem of authentication across disparately hosted systems by providing a single authentication domain across SaaS and cloud hosted applications as well as traditional enterprise hosted applications. An application delivery controller intermediary to a plurality of clients and the disparately hosted applications providing single sign on management, integration and control. A user may log in via an interface provided, controlled or managed by the ADC, which in turns, authenticates the user to the application in accordance with policy and the host of the application. As such, the user may login once to gain access to a plurality of disparately hosted applications. From the user'"'"'s perspective, the user seamlessly and transparently gains access to different hosted systems with different passwords and authentication via the remote access provided by the system of the present solution

Citations

20 Claims

1. A method for providing via an intermediary device single sign on across one or more disparately hosted applications, the method comprising:
- (a) intercepting, by a device intermediary to a plurality of clients and a plurality of servers, a first request of a client to access a login page of a third-party hosted application of a plurality of disparately hosted applications accessible via the device using a single set of authentication credentials;
  
  (b) redirecting, by the device, the client to a single sign on system providing single sign on access to one or more third-party hosted applications of the plurality of disparately hosted applications;
  
  (c) intercepting, by the device, a second request from the client to sign on to a fully qualified domain name corresponding to a domain of the third-party hosted application;
  
  (d) redirecting, by the device responsive to a policy applied to content of the second request, the second request to the single sign on system; and
  
  (e) forwarding, by the device to the domain of the third-party hosted application. the second request redirected by the single sign on system to the domain.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein step (a) further comprises providing, via the device, access to the plurality of disparately hosted applications comprising a first application hosted by a server of an enterprise of the device and at least one of a second application of the enterprise hosted via a cloud computing service or a third application hosted by a third party application provider.
  - 3. The method of claim 1, wherein step (b) further comprises generating, by a responder of the device, a redirect response to the first request of the client.
  - 4. The method of claim 1, wherein step (b) further comprises generating, by a responder of the device a redirect response to the first request of the client responsive to content of the first request matching a responder policy, a redirect response to the first request of the client, the responder policy configured to identify at least a portion of a uniform resource locator of the login page of the third-party hosted application
  - 5. The method of claim 1, wherein step (c) further comprises intercepting, by the device, the second request from the client responsive to the single sign on system redirecting the client to send the second request to the domain of the third-party hosted application.
  - 6. The method of claim 5, further comprising redirecting the second request to the domain of first third-party hosted application to set one or more cookies for the domain.
  - 7. The method of claim 1, wherein step (d) further comprises redirecting, by a content redirection virtual server of the device, the second request responsive to the policy matching one or more keywords to a uniform resource locator of the second request.
  - 8. The method of claim 1, wherein step (d) further comprises redirecting, by a content redirection virtual server of the device, the second request responsive to the policy identifying the second request as a single sign on request.
  - 9. The method of claim 1, wherein step (e) further comprises intercepting, by the device, the second request that is redirected by the single sign on system to the domain of the third-party hosted application.
  - 10. The method of claim 1, wherein step (e) further comprises intercepting, by the device, the second request and bypassing, a content redirection virtual server of the device.

11. A system for providing a single sign on across one or more disparately hosted applications, the method comprising:
- a device intermediary to a plurality of clients and a plurality of servers and providing access to a plurality of disparately hosted applications using a single set of authentication credentials, the device receiving a first request of a client to access a login page of a third party hosted application of the plurality of disparately hosted applications;
  
  a responder of the device redirecting the client to a single sign on system providing single sign on access to one or more third-party hosted applications of the plurality of disparately hosted applications;
  
  a content redirection virtual server of the device intercepting a second request from the client to sign on to a fully qualified domain name corresponding to a domain of the third-party hosted application and redirecting, responsive to a policy applied to content of the second request, the second request to the single sign on system; and
  
  wherein the device forwards to the domain of the third-party hosted application. the second request redirected by the single sign on system to the domain.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The system of claim 11, wherein the device provides access to the plurality of disparately hosted applications comprising a first application hosted by a server of an enterprise of the device and at least one of a second application of the enterprise hosted via a cloud computing service or a third application hosted by a third party application provider.
  - 13. The system of claim 11, wherein the responder generates a redirect response to the first request of the client.
  - 14. The system of claim 11, wherein the responder generates a redirect response responsive to content of the first request matching a responder policy, a redirect response to the first request of the client, the responder policy configured to identify at least a portion of a uniform resource locator of the login page of the third-party hosted application
  - 15. The system of claim 11, wherein the device intercepts the second request from the client responsive to the single sign on system redirecting the client to send the second request to the domain of the third-party hosted application.
  - 16. The system of claim 15, where the second request is redirected to the domain of first third-party hosted application to set one or more cookies for the domain.
  - 17. The system of claim 11, wherein the content redirection virtual server of the device redirects the second request responsive to the policy matching one or more keywords to a uniform resource locator of the second request.
  - 18. The system of claim 11, wherein the content redirection virtual server of the device redirects the second request responsive to the policy identifying the second request as a single sign on request.
  - 19. The system of claim 11, wherein the device intercepts the second request that is redirected by the single sign on system to the domain of the third-party hosted application.
  - 20. The system of claim 11, wherein the device intercepts the second request and bypasses the content redirection virtual server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Soni, Ajay, Shah, Nirdosh, Agarwal, Mugdha, Kumar, Arkesh, Agarwal, Puneet, Choudhary, Akshat

Granted Patent

US 9,282,097 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/8
CPC Class Codes

G06F 21/31   User authentication

G06F 21/41   where a single sign-on prov...

G06F 21/554   involving event detection a...

H04L 63/0815   providing single-sign-on or...

H04L 63/0884   by delegation of authentica...

Systems and Methods for Providing Single Sign On Access to Enterprise SAAS and Cloud Hosted Applications

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and Methods for Providing Single Sign On Access to Enterprise SAAS and Cloud Hosted Applications

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links