INFORMATION PROCESSING APPARATUS, CONTROL METHOD THEREOF, STORAGE MEDIUM, AND IMAGE PROCESSING APPARATUS
First Claim
1. An information processing apparatus comprising:
- an authentication unit configured to execute processing for user authentication using any one of a plurality of authentication methods;
a management unit configured to manage a user credential generated when said authentication unit authenticates a user;
a setting unit configured to record setting contents whether or not to permit the credential managed by said management unit to be used for a specific authentication method of the plurality of authentication methods of said authentication unit, to execute a function included in said information processing apparatus;
a decision unit configured to decide, when said authentication unit authenticates a user using the specific authentication method and the user instructs to execute the function included in said information processing apparatus, whether or not the function uses the user credential according to setting contents set by said setting unit; and
a control unit configured to control, when said decision unit decides to permit use of the credential, to execute the function using the credential, and to control, when said decision unit decides to inhibit use of the credential, to prompt the user to execute user authentication.
1 Assignment
0 Petitions
Accused Products
Abstract
A user credential sharing mechanism which can suitably implement a single sign-on function while preventing illicit accesses by accidental matches of authentication data in a mixed environment of an environment suitable for use of a single sign-on function and an unsuitable environment is provided. To accomplish this, when an information processing apparatus of this invention receives, from a user, an access request instruction to an external apparatus connected to be able to communicate with the information processing apparatus, if an authentication protocol related to user credentials generated at the time of a login operation is that which can limit a security domain, the apparatus accesses the external apparatus using the user credentials, and if that authentication protocol is that which cannot limit a security domain, the apparatus prompts the user to input an account accessible to the external apparatus.
-
Citations
15 Claims
-
1. An information processing apparatus comprising:
-
an authentication unit configured to execute processing for user authentication using any one of a plurality of authentication methods; a management unit configured to manage a user credential generated when said authentication unit authenticates a user; a setting unit configured to record setting contents whether or not to permit the credential managed by said management unit to be used for a specific authentication method of the plurality of authentication methods of said authentication unit, to execute a function included in said information processing apparatus; a decision unit configured to decide, when said authentication unit authenticates a user using the specific authentication method and the user instructs to execute the function included in said information processing apparatus, whether or not the function uses the user credential according to setting contents set by said setting unit; and a control unit configured to control, when said decision unit decides to permit use of the credential, to execute the function using the credential, and to control, when said decision unit decides to inhibit use of the credential, to prompt the user to execute user authentication. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A control method of an information processing apparatus, which includes an authentication unit configured to execute processing for user authentication using any one of a plurality of authentication methods and a management unit configured to manage a credential generated when the authentication unit authenticates a user, the method comprising:
-
a setting step of setting whether or not to permit the credential managed by the management unit to be used for a specific authentication method of the plurality of authentication methods of the authentication unit, to execute a function included in the information processing apparatus; a decision step of deciding, when the authentication unit authenticates a user using the specific authentication method and the user instructs to execute the function included in the information processing apparatus, whether or not the function uses the user credential according to setting contents set in the setting step; and a control step of controlling, when it is decided in the decision step to permit use of the credential, to execute the function using the credential, and controlling, when it is decided in the decision step to inhibit use of the credential, to prompt the user to execute user authentication. - View Dependent Claims (14)
-
-
15. An image processing apparatus having a single sign-on function, comprising:
-
an authentication unit configured to authenticate a user who logs in to said image processing apparatus; a storage unit configured to store a user credential including authentication information used in user authentication by said authentication unit and information indicating an authentication protocol related to the user credential in association with each other; a reading unit configured to read an image from an original; a determination unit configured to determine, when an instruction to transmit image data of an original read by said reading unit to an external apparatus connected to be able to communicate with said image processing apparatus is received from a user, whether or not the external apparatus is accessible using the user credential, based on the user credential of the user and the information indicating the authentication, which are stored in said storage unit; and a control unit configured to prompt, when said determination unit determines that the external apparatus is not accessible using the user credential, to input an account accessible to the external apparatus, and to transmit, when said determination unit determines that the external apparatus is accessible using the user credential, the image data of the original read by said reading unit to the external apparatus, wherein when the authentication protocol is an authentication protocol which is configured to limit a security domain, said determination unit determines that the external apparatus is accessible using the user credential, and when the authentication protocol is an authentication protocol which is not configured to limit a security domain, said determination unit determines that the external apparatus is not accessible using the user credential.
-
Specification