EFFICIENT SINGLE SIGN-ON AND IDENTITY PROVIDER CONFIGURATION AND DEPLOYMENT IN A DATABASE SYSTEM

US 20140013387A1
Filed: 09/11/2013
Published: 01/09/2014
Est. Priority Date: 03/19/2010
Status: Abandoned Application

First Claim

Patent Images

1. A method of deploying an identity provider service for a computer-implemented system, the method comprising:

receiving a user command;

in response to receiving the user command, and without processing any additional user commands, user instructions, or user-entered data at the computer-implemented system, creating the identity provider service at the computer-implemented system; and

after creating the identity provider service, and without processing any additional user commands, user instructions, or user-entered data at the computer-implemented system, configuring the identity provider service to allow the computer-implemented system to publish electronic identity information for its users.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Various techniques and procedures related to user authentication, identity providers, and single sign-on (SSO) are presented here. One approach creates an SSO link between two organizations in a streamlined manner using an internal cross-user systemwide digital certificate, and without processing any user-created, user-uploaded, or user-assigned digital certificates. Another approach presented here configures an identity provider service for an entity or organization by processing a single user command. The identity provider service is automatically configured in the background without processing any additional user commands, user instructions, or user-entered data.

Citations

18 Claims

1. A method of deploying an identity provider service for a computer-implemented system, the method comprising:
- receiving a user command;
  
  in response to receiving the user command, and without processing any additional user commands, user instructions, or user-entered data at the computer-implemented system, creating the identity provider service at the computer-implemented system; and
  
  after creating the identity provider service, and without processing any additional user commands, user instructions, or user-entered data at the computer-implemented system, configuring the identity provider service to allow the computer-implemented system to publish electronic identity information for its users.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising providing a graphical user interface (GUI) element, wherein the user command is issued in response to activation of the GUI element.
  - 3. The method of claim 2, further comprising providing a markup language document for presentation to a user, the markup language document defining the GUI element.
  - 4. The method of claim 3, wherein the markup language document defines a webpage.
  - 5. The method of claim 1, wherein creating the identity provider service comprises:
    - creating a self-signed digital certificate; and
      
      associating the self-signed digital certificate with the identity provider service.
  - 6. The method of claim 5, wherein creating the self-signed digital certificate comprises:
    - retrieving, with the computer-implemented system, descriptive data for an entity hosting the identity provider service; and
      
      populating data fields of the self-signed certificate with at least some of the descriptive data.
  - 7. The method of claim 6, wherein creating the self-signed digital certificate further comprises constructing a name for the self-signed digital certificate, using at least some of the descriptive data.

8. A computer-implemented method of publishing electronic identity information for a user, the method comprising:
- providing a first markup language document for presentation to the user, the first markup language document defining an active graphical user interface (GUI) element;
  
  receiving a user command that indicates activation of the active GUI element;
  
  in response to receiving the user command, and without requiring any additional user commands, user instructions, or user-entered data, creating an identity provider service at the computer-implemented system; and
  
  thereafter, providing a second markup language document for presentation to the user, the second markup language document confirming successful configuration of the identity provider service.
- View Dependent Claims (9, 10, 11)
- - 9. The method of claim 8, further comprising authenticating the user before providing the first markup language document.
  - 10. The method of claim 8, wherein:
    - the first markup language document comprises a first web page that includes the active GUI element; and
      
      the second markup language document comprises a second web page that includes a confirmation notification.
  - 11. The method of claim 8, wherein creating the identity provider service comprises:
    - retrieving, with the computer-implemented system, descriptive data for an entity hosting the identity provider service;
      
      creating a self-signed digital certificate from at least some of the descriptive data; and
      
      associating the self-signed digital certificate with the identity provider service.

13. A computer system comprising a processor and a memory, wherein the memory comprises computer-executable instructions that, when executed by the processor, cause the computer system to:
- receive a user command;
  
  in response to receiving the user command, and without processing any additional user commands, user instructions, or user-entered data at the computer system, create the identity provider service at the computer-implemented system; and
  
  after creating the identity provider service, and without processing any additional user commands, user instructions, or user-entered data at the computer system, configure the identity provider service to allow the computer system to publish electronic identity information for its users.
- View Dependent Claims (12, 14, 15, 16, 17, 18)
- - 12. The method of claim 18, further comprising operating the identity provider service to assert electronic identity information for the user.
  - 14. The computer system of claim 13, wherein, when executed by the processor, the computer-executable instructions cause the computer system to provide a graphical user interface (GUI) element, wherein the user command is issued in response to activation of the GUI element.
  - 15. The computer system of claim 14, wherein, when executed by the processor, the computer-executable instructions cause the computer system to provide a markup language document for presentation to a user, the markup language document defining the GUI element.
  - 16. The computer system of claim 14, wherein creating the identity provider service comprises:
    - creating a self-signed digital certificate; and
      
      associating the self-signed digital certificate with the identity provider service.
  - 17. The computer system of claim 16, wherein creating the self-signed digital certificate comprises:
    - retrieving, with the computer system, descriptive data for an entity hosting the identity provider service; and
      
      populating data fields of the self-signed certificate with at least some of the descriptive data.
  - 18. The computer system of claim 17, wherein creating the self-signed digital certificate further comprises constructing a name for the self-signed digital certificate, using at least some of the descriptive data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Salesforce.com, Inc.
Original Assignee
Salesforce.com, Inc.
Inventors
Vangpat, Alan, Chabbewal, Harsimranjit

Application Number

US14/024,486
Publication Number

US 20140013387A1
Time in Patent Office

Days
Field of Search
US Class Current

726/2
CPC Class Codes

G06F 21/31   User authentication

G06F 21/41   where a single sign-on prov...

H04L 63/0815   providing single-sign-on or...

EFFICIENT SINGLE SIGN-ON AND IDENTITY PROVIDER CONFIGURATION AND DEPLOYMENT IN A DATABASE SYSTEM

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

EFFICIENT SINGLE SIGN-ON AND IDENTITY PROVIDER CONFIGURATION AND DEPLOYMENT IN A DATABASE SYSTEM

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links