Propagating Delegated Authorized Credentials Through Legacy Systems

US 20130318569A1
Filed: 05/22/2012
Published: 11/28/2013
Est. Priority Date: 05/22/2012
Status: Active Grant

First Claim

Patent Images

1. A method implemented by an information handling system comprising:

receiving, over an electronic data channel, an access token from a requestor;

validating the received access token;

generating an error in response to an unsuccessful validation; and

in response to a successful validation;

retrieving one or more legacy access tokens that correspond to the received access token; and

transmitting the one or more retrieved legacy access tokens to the requestor over the electronic data channel.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An approach is provided to access resources at legacy systems. In this approach, a resource request destined to a legacy system is receiving from a requestor with the resource request including an access token and being on behalf of a resource owner. A validation process is performed on the access token. If the access token is valid, the approach identifies the resource owner and one or more legacy access tokens used to access the legacy system. Another request is formed with the new request including the legacy access tokens. The new request is transmitted to the legacy system and a response is received back from the legacy system. The response received from the legacy system is transmitted back to the requestor.

Citations

25 Claims

1. A method implemented by an information handling system comprising:
- receiving, over an electronic data channel, an access token from a requestor;
  
  validating the received access token;
  
  generating an error in response to an unsuccessful validation; and
  
  in response to a successful validation;
  
  retrieving one or more legacy access tokens that correspond to the received access token; and
  
  transmitting the one or more retrieved legacy access tokens to the requestor over the electronic data channel.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 further comprising:
    - identifying a resource owner corresponding to the received access token, wherein the one or more legacy access tokens correspond to the identified resource owner.
  - 3. The method of claim 2 further comprising:
    - originating a request at a client application that is acting on behalf of the resource owner, wherein the client application receives the access token from the resource owner, wherein the request is designated to a legacy system, and wherein the request includes the access token.
  - 4. The method of claim 3 further comprising:
    - intercepting the request at a delegated authorization enforcement point; and
      
      transmitting the request to a Security Token Service (STS), wherein the STS performs the validating of the security token and the retrieval of the one or more legacy access tokens.
  - 5. The method of claim 1 further comprising:
    - formatting at least one of the retrieved legacy access tokens prior to transmitting the legacy access tokens to the requestor, wherein the formatted legacy access token is in a format suitable for use by a legacy system.
  - 6. The method of claim 1 further comprising:
    - identifying a legacy system type pertaining to a legacy system that is being accessed;
      
      identifying the one or more legacy access tokens used to access the identified legacy system type; and
      
      creating the legacy access tokens by transforming the access token to the legacy access tokens based on a format that corresponds to each of the legacy access tokens.
  - 7. The method of claim 6 wherein the steps performed in response to a successful validation further comprise:
    - identifying the resource owner corresponding to the access token; and
      
      identifying the one or more legacy access tokens based on the identified legacy access tokens being associated with the identified resource owner.
  - 8. The method of claim 7 further comprising:
    - retrieving a legacy format corresponding to a selected one of the identified legacy access tokens; and
      
      formatting the selected identified legacy access token based on the retrieved legacy format, wherein the formatted legacy access token is transmitted back to the requestor.

9. An information handling system comprising:
- one or more processors;
  
  a memory coupled to at least one of the processors;
  
  a network adapter that connects the information handling system to a computer network; and
  
  a set of instructions stored in the memory and executed by at least one of the processors, wherein the set of instructions perform actions of;
  
  receiving, over an electronic data channel, an access token from a requestor;
  
  validating the received access token;
  
  generating an error in response to an unsuccessful validation; and
  
  in response to a successful validation;
  
  retrieving one or more legacy access tokens that correspond to the received access token; and
  
  transmitting the one or more retrieved legacy access tokens to the requestor over the electronic data channel.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The information handling system of claim 9 wherein the actions further comprise:
    - identifying a resource owner corresponding to the received access token, wherein the one or more legacy access tokens correspond to the identified resource owner.
  - 11. The information handling system of claim 10 wherein the actions further comprise:
    - originating a request at a client application that is acting on behalf of the resource owner, wherein the client application receives the access token from the resource owner, wherein the request is designated to a legacy system, and wherein the request includes the access token.
  - 12. The information handling system of claim 11 wherein the actions further comprise:
    - intercepting the request at a delegated authorization enforcement point; and
      
      transmitting the request to a Security Token Service (STS), wherein the STS performs the validating of the security token and the retrieval of the one or more legacy access tokens.
  - 13. The information handling system of claim 9 wherein the actions further comprise:
    - formatting at least one of the retrieved legacy access tokens prior to transmitting the legacy access tokens to the requestor, wherein the formatted legacy access token is in a format suitable for use by a legacy system.
  - 14. The information handling system of claim 9 wherein the actions further comprise:
    - identifying a legacy system type pertaining to a legacy system that is being accessed;
      
      identifying the one or more legacy access tokens used to access the identified legacy system type; and
      
      creating the legacy access tokens by transforming the access token to the legacy access tokens based on a format that corresponds to each of the legacy access tokens.
  - 15. The information handling system of claim 14 wherein the actions performed in response to a successful validation further comprise:
    - identifying the resource owner corresponding to the access token; and
      
      identifying the one or more legacy access tokens based on the identified legacy access tokens being associated with the identified resource owner.
  - 16. The information handling system of claim 15 wherein the actions further comprise:
    - retrieving a legacy format corresponding to a selected one of the identified legacy access tokens; and
      
      formatting the selected identified legacy access token based on the retrieved legacy format, wherein the formatted legacy access token is transmitted back to the requestor.

17. A computer program product stored in a computer readable storage medium, comprising computer instructions that, when executed by an information handling system, causes the information handling system to perform actions that include:
- receiving, over an electronic data channel, an access token from a requestor;
  
  validating the received access token;
  
  generating an error in response to an unsuccessful validation; and
  
  in response to a successful validation;
  
  retrieving one or more legacy access tokens that correspond to the received access token; and
  
  transmitting the one or more retrieved legacy access tokens to the requestor over the electronic data channel.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The computer program product of claim 17 further comprising:
    - identifying a resource owner corresponding to the received access token, wherein the one or more legacy access tokens correspond to the identified resource owner.
  - 19. The computer program product of claim 18 further comprising:
    - originating a request at a client application that is acting on behalf of the resource owner, wherein the client application receives the access token from the resource owner, wherein the request is designated to a legacy system, and wherein the request includes the access token.
  - 20. The computer program product of claim 19 further comprising:
    - intercepting the request at a delegated authorization enforcement point; and
      
      transmitting the request to a Security Token Service (STS), wherein the STS performs the validating of the security token and the retrieval of the one or more legacy access tokens.
  - 21. The computer program product of claim 17 further comprising:
    - formatting at least one of the retrieved legacy access tokens prior to transmitting the legacy access tokens to the requestor, wherein the formatted legacy access token is in a format suitable for use by a legacy system.
  - 22. The computer program product of claim 17 further comprising:
    - identifying a legacy system type pertaining to a legacy system that is being accessed;
      
      identifying the one or more legacy access tokens used to access the identified legacy system type; and
      
      creating the legacy access tokens by transforming the access token to the legacy access tokens based on a format that corresponds to each of the legacy access tokens.
  - 23. The computer program product of claim 22 wherein the steps performed in response to a successful validation further comprise:
    - identifying the resource owner corresponding to the access token; and
      
      identifying the one or more legacy access tokens based on the identified legacy access tokens being associated with the identified resource owner.
  - 24. The computer program product of claim 23 further comprising:
    - retrieving a legacy format corresponding to a selected one of the identified legacy access tokens; and
      
      formatting the selected identified legacy access token based on the retrieved legacy format, wherein the formatted legacy access token is transmitted back to the requestor.

25. A method implemented by an information handling system comprising:
- receiving, from a requestor, a first resource request destined to a legacy system, wherein the first resource request includes an access token, and wherein the first resource request is on behalf of a resource owner;
  
  performing a validation process on the access token;
  
  returning an error in response to the access token being invalid; and
  
  in response to the access token being valid;
  
  identifying the resource owner corresponding to the access token;
  
  identifying one or more legacy access tokens used to access the legacy system;
  
  forming a second resource request that includes at least one of the one or more legacy access tokens;
  
  transmitting the second resource request to the legacy system;
  
  receiving a response from the legacy system; and
  
  transmitting the response to the requestor.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Canning, Simon Gilbert, Readshaw, Neil Ian, Viselli, Stephen, Weeden, Shane Bradley

Granted Patent

US 9,172,694 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

G06F 21/335 for accessing specific reso...

H04L 63/0815 providing single-sign-on or...

Propagating Delegated Authorized Credentials Through Legacy Systems

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Propagating Delegated Authorized Credentials Through Legacy Systems

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links