FACILITATING SINGLE SIGN-ON TO SOFTWARE APPLICATIONS
First Claim
1. A computer-implemented method for facilitating single sign-on to third-party applications, the method comprising:
- receiving, by an identity provider (IDP) from a remote third-party application being used on a client device by a user, a request for identity verification of the user;
generating, by the IDP, a token comprising a public token portion and a corresponding private token portion;
providing, by the IDP to the remote third-party application, a client script implemented in a browser scripting language;
requesting, by the client script, the token;
receiving, by the client script from the IDP, the token;
invoking, by the client script, a trusted broker application executing on the client device, the invocation using an application uniform resource locator (URL) and including the public token portion;
verifying, by the trusted broker application, that the third-party application is authorized for use with single sign-on;
providing, by the trusted broker application, the public token portion to the IDP;
associating, by the IDP, the public token portion with the user; and
initiating, by the identity provider, authentication of the user by the third-party application, the initiating comprising sending an identifier indicating verification of an identity of the user to the third-party application.
1 Assignment
0 Petitions
Accused Products
Abstract
After an initial user sign-on with an identity provider, and in response to an intention of the user to use a third-party application executing on a client device of the user and requiring user sign-on, the identity provider provides a client script to the third-party application. The client script facilitates user and application authentication and invokes a trusted broker application that interacts with the identity provider to enable the user to use the third-party application. The use of the trusted broker application provided by the identity provider frees the authors of third-party applications from the need to modify their applications to explicitly sign in with the identify provider.
68 Citations
16 Claims
-
1. A computer-implemented method for facilitating single sign-on to third-party applications, the method comprising:
-
receiving, by an identity provider (IDP) from a remote third-party application being used on a client device by a user, a request for identity verification of the user; generating, by the IDP, a token comprising a public token portion and a corresponding private token portion; providing, by the IDP to the remote third-party application, a client script implemented in a browser scripting language; requesting, by the client script, the token; receiving, by the client script from the IDP, the token; invoking, by the client script, a trusted broker application executing on the client device, the invocation using an application uniform resource locator (URL) and including the public token portion; verifying, by the trusted broker application, that the third-party application is authorized for use with single sign-on; providing, by the trusted broker application, the public token portion to the IDP; associating, by the IDP, the public token portion with the user; and initiating, by the identity provider, authentication of the user by the third-party application, the initiating comprising sending an identifier indicating verification of an identity of the user to the third-party application.
-
-
2. A computer-implemented method for facilitating single sign-on to third-party applications, the method performed by a client device and comprising:
-
receiving a request from a user to initiate single sign-on to a third-party application; requesting an identity provider (IDP) to verify an identity of the user; and responsive to requesting the IDP to verify the identity of the user; receiving a client script from the IDP; obtaining, by the client script from the IDP, a token comprising a public token portion and a corresponding private token portion; verifying that the user is authorized to use single sign-on with the third-party application; and providing, to the IDP, the public token portion and an indication that the user is authorized to use single sign-on with the third-party application. - View Dependent Claims (3, 4, 5, 6, 7)
-
-
8. A computer-implemented method performed by an identity provider for facilitating single sign-on to a third-party application, the method comprising:
-
receiving a request of a remote client to verify of an identity of a user of a client device as being authorized to use single sign-on for the third-party application; generating a token comprising a public token portion and a corresponding private token portion; providing a client script to the client device; receiving, from the client script executing on the client device, a request for the token; providing the token to the client script; and verifying that the user is authorized to use single sign-on for the third-party application. - View Dependent Claims (9, 10)
-
-
11. A non-transitory computer-readable storage medium comprising instructions executable by a processor, the instructions comprising:
-
instructions for receiving a request from a user to initiate single sign-on to a third-party application; instructions for requesting an identity provider (IDP) to verify an identity of the user; and instructions for, responsive to requesting the IDP to verify the identity of the user; receiving a client script from the IDP; obtaining, by the client script from the IDP, a token comprising a public token portion and a corresponding private token portion; verifying that the user is authorized to use single sign-on with the third-party application; and providing, to the IDP, the public token portion and an indication that the user is authorized to use single sign-on with the third-party application. - View Dependent Claims (12, 13, 14, 15, 16)
-
Specification