SINGLE SIGN-ON IN MULTI-TENANT ENVIRONMENTS

US 20140090037A1
Filed: 09/21/2012
Published: 03/27/2014
Est. Priority Date: 09/21/2012
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for authenticating a user, comprising:

identifying a first tenant associated with a first request for a first resource from the user;

obtaining an authentication policy for the first tenant;

using an authentication mechanism associated with the authentication policy to authenticate the user; and

upon authenticating the user, providing a first security token for enabling access to the first resource by the user.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The disclosed embodiments provide a system that authenticates a user. During operation, the system identifies a first tenant associated with a first request for a first resource from the user and obtains an authentication policy for the first tenant. Next, the system uses an authentication mechanism associated with the authentication policy to authenticate the user. Upon authenticating the user, the system provides a first security token for enabling access to the first resource by the user.

Citations

25 Claims

1. A computer-implemented method for authenticating a user, comprising:
- identifying a first tenant associated with a first request for a first resource from the user;
  
  obtaining an authentication policy for the first tenant;
  
  using an authentication mechanism associated with the authentication policy to authenticate the user; and
  
  upon authenticating the user, providing a first security token for enabling access to the first resource by the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The computer-implemented method of claim 1, further comprising:
    - identifying a second tenant associated with a second request for a second resource from the user;
      
      detecting a previous authentication of the user with the first tenant; and
      
      providing a second security token for enabling access to the second resource by the user without requiring additional authentication of the user.
  - 3. The computer-implemented method of claim 2, wherein the previous authentication of the user with the first tenant is detected using a cookie from a browser of the user.
  - 4. The computer-implemented method of claim 2, wherein each of the first and second tenants is associated with at least one of a software offering, a group of users, a set of resources, a group of tools, and a group of portals.
  - 5. The computer-implemented method of claim 1, wherein the authentication policy comprises at least one of a policy name, the authentication mechanism, and location information for authentication credentials associated with the authentication mechanism.
  - 6. The computer-implemented method of claim 5, wherein using the authentication mechanism associated with the authentication policy to authenticate the user involves:
    - using the authentication mechanism to obtain one or more user-provided authentication credentials from the user;
      
      using the location information to obtain the authentication credentials; and
      
      comparing the user-provided authentication credentials with the authentication credentials.
  - 7. The computer-implemented method of claim 5, wherein the location information comprises at least one of a repository, a configuration of the repository, and a mechanism for accessing the repository.
  - 8. The computer-implemented method of claim 1, wherein the first tenant is identified using a tenant identifier associated with the first request.

9. A system for authenticating a user, comprising:
- an identity provider and an authentication service,wherein the identity provider and the authentication service are configured to;
  
  identify a first tenant associated with a first request for a first resource from the user; and
  
  obtain an authentication policy for the first tenant;
  
  use an authentication mechanism associated with the authentication policy to authenticate the user; and
  
  upon authenticating the user, provide a first security token for enabling access to the first resource by the user.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
- - 10. The system of claim 9, further comprising:
    - a portal container configured to;
      
      build a security context using the first security token; and
      
      provide the first resource to the user.
  - 11. The system of claim 9, wherein the identity provider and the authentication service are further configured to:
    - identify a second tenant associated with a second request for a second resource from the user;
      
      detect a previous authentication of the user with the first tenant; and
      
      provide a second security token for enabling access to the second resource by the user without requiring additional authentication of the user.
  - 12. The system of claim 11, wherein the previous authentication of the user with the first tenant is detected using a cookie from a browser of the user.
  - 13. The system of claim 11, wherein each of the first and second tenants is associated with at least one of a software offering, a group of users, a set of resources, a group of tools, and a group of portals.
  - 14. The system of claim 9, wherein the authentication policy comprises at least one of a policy name, the authentication mechanism, and location information for authentication credentials associated with the authentication mechanism.
  - 15. The system of claim 14, wherein using the authentication mechanism associated with the authentication policy to authenticate the user involves:
    - using the authentication mechanism to obtain one or more user-provided authentication credentials from the user;
      
      using the location information to obtain the authentication credentials; and
      
      comparing the user-provided authentication credentials with the authentication credentials.
  - 16. The system of claim 14, wherein the location information comprises at least one of a repository, a configuration of the repository, and a mechanism for accessing the repository.
  - 17. The system of claim 9, wherein the first tenant is identified using a tenant identifier associated with the first request.

18. A computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform a method for authenticating a user, the method comprising:
- identifying a first tenant associated with a first request for a first resource from the user;
  
  obtaining an authentication policy for the first tenant;
  
  using an authentication mechanism associated with the authentication policy to authenticate the user; and
  
  upon authenticating the user, providing a first security token for enabling access to the first resource by the user.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25)
- - 19. The computer-readable storage medium of claim 18, the method further comprising:
    - identifying a second tenant associated with a second request for a second resource from the user;
      
      detecting a previous authentication of the user with the first tenant; and
      
      providing a second security token for enabling access to the second resource by the user without requiring additional authentication of the user.
  - 20. The computer-readable storage medium of claim 19, wherein the previous authentication of the user with the first tenant is detected using a cookie from a browser of the user.
  - 21. The computer-readable storage medium of claim 19, wherein each of the first and second tenants is associated with at least one of a software offering, a group of users, a set of resources, a group of tools, and a group of portals.
  - 22. The computer-readable storage medium of claim 18, wherein the authentication policy comprises at least one of a policy name, the authentication mechanism, and location information for authentication credentials associated with the authentication mechanism.
  - 23. The computer-readable storage medium of claim 22, wherein using the authentication mechanism associated with the authentication policy to authenticate the user involves:
    - using the authentication mechanism to obtain one or more user-provided authentication credentials from the user;
      
      using the location information to obtain the authentication credentials; and
      
      comparing the user-provided authentication credentials with the authentication credentials.
  - 24. The computer-readable storage medium of claim 22, wherein the location information comprises at least one of a repository, a configuration of the repository, and a mechanism for accessing the repository.
  - 25. The computer-readable storage medium of claim 18, wherein the first tenant is identified using a tenant identifier associated with the first request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intuit, Inc.
Original Assignee
Intuit, Inc.
Inventors
Singh, Servesh Pratap

Granted Patent

US 9,369,456 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/7
CPC Class Codes

G06F 21/31   User authentication

G06F 21/335   for accessing specific reso...

G06F 21/41   where a single sign-on prov...

G06F 21/6218   to a system of files or obj...

H04L 63/08   for authentication of entit...

H04L 63/0815   providing single-sign-on or...

H04L 63/205   involving negotiation or de...

SINGLE SIGN-ON IN MULTI-TENANT ENVIRONMENTS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

SINGLE SIGN-ON IN MULTI-TENANT ENVIRONMENTS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links