SYSTEMS AND METHODS FOR SYSTEM LOGIN AND SINGLE SIGN-ON
First Claim
1. A method comprising:
- receiving at a first application of a first system a request to access a protected application of a second system;
generating in response to the request an assertion that asserts an identity in the first system of a user generating the request;
validating the assertion and extracting first account information corresponding to the assertion, wherein the first account information is information of a first account of the user in the first system;
determining second account information that is information of a second account of the user in the second system; and
generating a mapping between the first account and the second account using the first account information and the second account information.
6 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for system login and single sign-on are described. A first application of a first system receives a request to access a protected application of a second system. An assertion is generated in response to the request. The assertion asserts an identity in the first system of a user generating the request. The assertion is validated and first account information corresponding to the assertion is extracted. The first account information is information of a first account of the user in the first system. Second account information is determined that is information of a second account of the user in the second system. A mapping is generated between the first account and the second account using the first account information and the second account information. The mapping is used to provide access to the protected application by the requestor.
-
Citations
44 Claims
-
1. A method comprising:
-
receiving at a first application of a first system a request to access a protected application of a second system; generating in response to the request an assertion that asserts an identity in the first system of a user generating the request; validating the assertion and extracting first account information corresponding to the assertion, wherein the first account information is information of a first account of the user in the first system; determining second account information that is information of a second account of the user in the second system; and generating a mapping between the first account and the second account using the first account information and the second account information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A method comprising:
-
receiving at a first application of a first system a request to access a protected application of a second system; generating an assertion in response to the request, wherein the assertion asserts an identity in the first system of a user generating the request; validating the assertion and extracting first account information corresponding to the assertion, wherein the first account information is information of a first account of the user in the first system; in response to the first account information, generating a prompt for second account information that is information of a second account of the user in the second system; and generating a mapping between the first account and the second account in response to receipt of the second account information, wherein the mapping uses the first account information and the second account information.
-
-
23. A method comprising:
-
receiving at a partner system a request to access a protected application of a host system, wherein the partner system is remote to the host system; generating a query string parameter in response to the request, wherein the query string parameter includes an assertion of an identity in the partner system of a user generating the request; propagating the query string parameter to an access application and validating the assertion using a key provided by the partner system; extracting first account information corresponding to the assertion, wherein the first account information is information of a partner system account corresponding to the user; generating a prompt for second account information that is information of a host system account corresponding to the user; generating a logical link between the first account information and the second account information in response to receipt of the second account information; and providing access to the protected application by the user via the logical link.
-
-
24. A method comprising:
-
receiving at a first application of a first system a request to access a protected application of a second system; generating an assertion in response to the request, wherein the assertion asserts an identity in the first system of a user generating the request; validating the assertion and extracting first account information corresponding to the assertion, wherein the first account information is information of a first account of the user in the first system; in response to the first account information, generating a prompt for second account information that is information of a second account of the user in the second system; receiving the second account information and determining that the second account information is associated with a plurality of organizations; determining an organization of the plurality of organizations with which the user is affiliated for purposes of the request; and generating a mapping between the first account and the second account in response to receipt of the second account information, wherein the mapping uses the first account information and the second account information and includes the organization.
-
- 25. A system comprising a first application of a first system coupled to a second application of a second system, wherein the first application receives a request for access to the second application and in response generates an assertion that asserts an identity in the first system of a user corresponding to the request, wherein an access application coupled to the first application and the second application receives and validates the assertion and extracts first account information corresponding to the assertion, wherein the first account information is information of a first account of the user in the first system, wherein the access application determines second account information that is information of a second account of the user in the host system, wherein the access application generates a mapping between the first account and the second account using the first account information and the second account information.
-
44. A system comprising a processor running an access application that receives an assertion from a first system, wherein the assertion is generated in response to a request to access a protected component of a second system, wherein the assertion asserts an identity in the first system of a user corresponding to the request, wherein the access application validates the assertion and extracts first account information corresponding to the assertion, wherein the first account information is information of a first account of the user in the first system, wherein the access application determines second account information that is information of a second account of the user in the second system, wherein the application generates a mapping between the first account and the second account using the first account information and the second account information and provides access to the protected component via the mapping.
Specification