SINGLE SIGN-ON FOR MANAGED MOBILE DEVICES
First Claim
1. A non-transitory computer-readable medium embodying a program executable in a server computing device, the program, when executed by the server computing device, being configured to cause the server computing device to at least:
- receive a request for an identity assertion from an application executed in a mobile device;
detect a platform associated with the mobile device;
send to the mobile device a response to the request based at least in part on the platform, the response requesting authentication by a management credential;
receive data generated by the management credential from the mobile device;
determine that the management credential is valid for the identity assertion; and
send the identity assertion to the mobile device in response to determining that the management credential is valid for the identity assertion.
1 Assignment
0 Petitions
Accused Products
Abstract
Disclosed are various examples for single-sign on by way of managed mobile devices. For example, an identity provider service can receive a request for an identity assertion from an application executed in a client device. The identity provider service can then detect a platform associated with the client device. A response to the request can be sent based at least in part on the platform, where the response requests authentication by a management credential. Data generated by the management credential is received from the client device, and the management credential is determined to be valid for the identity assertion. The identity assertion is then sent to the client device in response to determining that the management credential is valid for the identity assertion.
49 Citations
20 Claims
-
1. A non-transitory computer-readable medium embodying a program executable in a server computing device, the program, when executed by the server computing device, being configured to cause the server computing device to at least:
-
receive a request for an identity assertion from an application executed in a mobile device; detect a platform associated with the mobile device; send to the mobile device a response to the request based at least in part on the platform, the response requesting authentication by a management credential; receive data generated by the management credential from the mobile device; determine that the management credential is valid for the identity assertion; and send the identity assertion to the mobile device in response to determining that the management credential is valid for the identity assertion. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system, comprising:
-
at least one computing device; and an identity provider service executable by the at least one computing device, the identity provider service configured to cause the at least one computing device to at least; receive a request for an identity assertion from an application executed in a mobile device; determine that the application corresponds to a webview of a native application rather than a browser; send to the mobile device a response, the response requesting authentication by a management credential; receive data generated by the management credential from the mobile device; determine that the management credential is valid for the identity assertion; and send the identity assertion to the mobile device in response to determining that the management credential is valid for the identity assertion. - View Dependent Claims (8, 9, 10, 11)
-
-
12. A method, comprising:
-
receiving a request for an identity assertion from an application executed in a client device; detecting a platform associated with the client device; sending to the client device a response to the request based at least in part on the platform, the response requesting authentication by a management credential, the management credential corresponding to a secure certificate or a Kerberos profile; receiving data generated by the management credential from the client device; determining that the management credential is valid for the identity assertion; and sending the identity assertion to the client device in response to determining that the management credential is valid for the identity assertion. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
-
Specification