SINGLE SIGN-ON FOR UNMANAGED MOBILE DEVICES
First Claim
1. A non-transitory computer-readable medium embodying a program executable in a client device, the program, when executed by the client device, being configured to cause the client device to at least:
- receive a first request for an identity assertion from a client application executed in the client device, the first request being redirected from an identity provider;
authenticate with the identity provider using at least one security credential;
send a second request for the identity assertion to the identity provider;
receive the identity assertion from the identity provider; and
return the identity assertion to the client application.
2 Assignments
0 Petitions
Accused Products
Abstract
Disclosed are various examples for providing a single sign-on experience for mobile applications that may or may not be managed. A first application executed in a client device sends an access request to a service provider. The first application receives a redirection response from the service provider that redirects the first application to an identity provider. The first application then receives a further redirection response from the identity provider that causes the first application to request an identity assertion from a second application executed in the client device. The first application receives the identity assertion from the second application. The first authentication then authenticates with the service provider using the identity assertion.
-
Citations
20 Claims
-
1. A non-transitory computer-readable medium embodying a program executable in a client device, the program, when executed by the client device, being configured to cause the client device to at least:
-
receive a first request for an identity assertion from a client application executed in the client device, the first request being redirected from an identity provider; authenticate with the identity provider using at least one security credential; send a second request for the identity assertion to the identity provider; receive the identity assertion from the identity provider; and return the identity assertion to the client application. - View Dependent Claims (2, 3, 4)
-
-
5. A system, comprising:
-
a computing device; a first client application executable by the computing device; a second client application executable by the computing device; and the first client application is configured to cause the computing device to at least; send an access request to a service provider; receive a first redirection response to an identity provider from the service provider; receive a second redirection response to the second client application from the identity provider; request an identity assertion from the second client application; receive the identity assertion from the second client application; and authenticate with the service provider using the identity assertion. - View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method, comprising:
-
sending, by a first application executed in a client device, an access request to a service provider; receiving, by the first application, a first redirection response from the service provider; receiving, by the first application, a second redirection response from an identity provider; requesting, by the first application, an identity assertion from a second application executed in the client device; receiving, by the first application, the identity assertion from the second application; and authenticating the first application with the service provider using the identity assertion. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification