SINGLE SIGN-ON FOR MANAGED MOBILE DEVICES
First Claim
1. A non-transitory computer-readable medium embodying a program executable in a client device, the program, when executed by the client device, being configured to cause the client device to at least:
- send an access request to a service provider;
receive a redirection from the service provider to an identity provider;
send an identity assertion request to the identity provider based at least in part on the redirection;
receive a response from the identity provider, the response requesting authentication by a management credential, the management credential corresponding to a secure certificate or a Kerberos profile;
obtain the management credential from a device management application;
send data associated with the management credential to the identity provider;
receive an identity assertion from the identity provider based at least in part on the data associated with the management credential; and
authenticate with the service provider by way of the identity assertion.
3 Assignments
0 Petitions
Accused Products
Abstract
Disclosed are various examples for providing a single sign-on experience for managed mobile devices. A management application executed in a computing device receives a single sign-on request from a managed client application executed by the same computing device. The management application determines that the client application is permitted to access a management credential for single sign-on use. The management application provides the management credential to the client application in response to the single sign-on request.
-
Citations
20 Claims
-
1. A non-transitory computer-readable medium embodying a program executable in a client device, the program, when executed by the client device, being configured to cause the client device to at least:
-
send an access request to a service provider; receive a redirection from the service provider to an identity provider; send an identity assertion request to the identity provider based at least in part on the redirection; receive a response from the identity provider, the response requesting authentication by a management credential, the management credential corresponding to a secure certificate or a Kerberos profile; obtain the management credential from a device management application; send data associated with the management credential to the identity provider; receive an identity assertion from the identity provider based at least in part on the data associated with the management credential; and authenticate with the service provider by way of the identity assertion. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system, comprising:
-
a computing device; and a management application executable by the computing device, the management application configured to cause the computing device to at least; receive a single sign-on request from a client application executed by the computing device; determine that the client application is permitted to access a management credential for single sign-on use; and provide the management credential to the client application. - View Dependent Claims (7, 8, 9, 10, 11, 12)
-
-
13. A method, comprising:
-
sending an access request to a service provider; receiving a redirection from the service provider to an identity provider; sending an identity assertion request to the identity provider based at least in part on the redirection; receiving a response from the identity provider, the response requesting authentication by a management credential; obtaining the management credential from a device management application; sending data generated by the management credential to the identity provider; receiving an identity assertion from the identity provider; and authenticating with the service provider by way of the identity assertion. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
Specification