Single Sign-On Method for Appliance Secure Shell
First Claim
1. An authentication system comprising:
- a third-party identity provider (IDP) configured to authenticate a plurality of users through a series of one or more Hypertext Transfer Protocol (HTTP) redirections;
a storage device hosting an application; and
a client device configured to;
send requests for establishing both a secure HTTP session and a secure shell (SSH) session with the storage device in order to access the application; and
send a given request to establish a SSH session, wherein the request comprises at least a first access token corresponding to a secure HTTP session previously established using the third-party IDP; and
wherein in response to receiving the given request, the storage device is configured to authorize the client device to establish the SSH session although the given request lacks a password, in further response to verifying the first access token corresponds to the previously established secure HTTP session.
7 Assignments
0 Petitions
Accused Products
Abstract
A system and method for efficiently establishing a secure shell connection for accessing Web resources. A user attempts to establish a secure Hypertext Transfer Protocol (HTTP) session between a client computing device and a remote storage device. The storage device redirects the Web browser of the client computing device to a single sign-on (SSO) third-party identity provider for authorizing the user. After successful authorization, the client computing device receives information to use to maintain a secure HTTP session. This information is stored on the storage device. The user attempts to establish a text-based secure shell session. The user is not prompted for login credentials. However, the user is authenticated using the previously stored information and a text-based secure shell session is established.
41 Citations
20 Claims
-
1. An authentication system comprising:
-
a third-party identity provider (IDP) configured to authenticate a plurality of users through a series of one or more Hypertext Transfer Protocol (HTTP) redirections; a storage device hosting an application; and a client device configured to; send requests for establishing both a secure HTTP session and a secure shell (SSH) session with the storage device in order to access the application; and send a given request to establish a SSH session, wherein the request comprises at least a first access token corresponding to a secure HTTP session previously established using the third-party IDP; and wherein in response to receiving the given request, the storage device is configured to authorize the client device to establish the SSH session although the given request lacks a password, in further response to verifying the first access token corresponds to the previously established secure HTTP session. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for executing on a processor, the method comprising:
-
authenticating with a third-party identity provider (IDP) a plurality of users through a series of one or more Hypertext Transfer Protocol (HTTP) redirections; hosting an application on a storage device; sending requests from a client device for establishing both a secure HTTP session and a secure shell (SSH) session with the storage device in order to access the application; sending a given request from the client device to the storage device to establish a SSH session, wherein the given request comprises at least a first access token corresponding to a secure HTTP session previously established using the third-party IDP; and authorizing the client device to establish the SSH session although the given request lacks a password, in response to verifying the first access token corresponds to the previously established secure HTTP session. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A storage device comprising:
-
a processor; and a memory configured to; store an application; and store program instructions executable by the processor to; send requests to a third-party identity provider (IDP) configured to authenticate a plurality of users through a series of one or more Hypertext Transfer Protocol (HTTP) redirections; receive a given request from a client device to establish a secure shell (SSH) session, wherein the given request comprises at least a first access token corresponding to a secure HTTP session previously established for the client device using the third-party IDP; and authorize the client device to establish the SSH session although the given request lacks a password, in further response to verifying the first access token corresponds to the previously established secure HTTP session. - View Dependent Claims (18, 19, 20)
-
Specification