SECURE MOBILE CLIENT WITH ASSERTIONS FOR ACCESS TO SERVICE PROVIDER APPLICATIONS
First Claim
1. A method comprising:
- receiving from a client device a request to access a Software-as-a-Service (SaaS) application, the request including an assertion created by a SaaS access control application on the client device;
evaluating the assertion; and
generating a response to the client device based on the evaluating.
0 Assignments
0 Petitions
Accused Products
Abstract
A Software-as-a-Service (SaaS) access control application on a client device is configured with a certificate that identifies a user, and with configuration information for one or more SaaS applications to access, and including an IDP identifier for the SaaS application. The SaaS access control application includes software to be inserted into a network software stack of the client device and software configured to serve as an identity provider for assertions. A request, made by an application on the client device to a SaaS service provider identified by a Universal Resource Locator (URL) provided during configuration of the SaaS access control application, is intercepted within the network software stack of the client device. The SaaS access control application generates an assertion based on the certificate and configuration information. The requesting application is caused to make a request to the SaaS service provider with the assertion embedded in the request.
6 Citations
20 Claims
-
1. A method comprising:
-
receiving from a client device a request to access a Software-as-a-Service (SaaS) application, the request including an assertion created by a SaaS access control application on the client device; evaluating the assertion; and generating a response to the client device based on the evaluating. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An apparatus comprising:
-
a network interface unit configured to enable communications over a network including a client device that is seeking access to a Software-as-a-Service (SaaS) application; and a processor coupled to the network interface unit, wherein the processor is configured to; receive from the client device a request to access the SaaS application, the request including an assertion created by a SaaS access control application on the client device; evaluate the assertion; and generate a response to the client device based on the evaluation of the assertion. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. One or more non-transitory computer readable storage media encoded with executable instructions that, when executed by a processor, cause the processor to:
-
receive from a client device a request to access a Software-as-a-Service (SaaS) application, the request including an assertion created by a SaaS access control application on the client device; evaluate the assertion; and generate a response to the client device based on the evaluation. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification