USING A SERVICE-PROVIDER PASSWORD TO SIMULATE F-SSO FUNCTIONALITY
First Claim
1. A method for Single-Use Federated Single Sign-On (SU-F-SSO) functionality, the method comprising:
- a processor of a computer system receiving, from an Identity Provider of an F-SSO federation, a single sign-on request, where the Service Provider'"'"'s authentication process does not provide single sign-on functionality to the secured service, and where the trusted data confirms a user'"'"'s identity and further confirms that the user'"'"'s privileges and authorization to access secured services at the Service Provider;
the processor, as a Single-Use F-SSO implementation, identifying the user and the user'"'"'s privileges as a function of the authenticated data;
the processor creating an on-demand password;
the processor storing a copy of the on-demand password in an information repository secured by the Service Provider;
the processor transmitting the on-demand password to the user;
the processor redirecting the user to the Service Provider'"'"'s logon portal;
the logon portal receiving from the user the on-demand password as part of a sign-on procedure of the logon portal;
the logon portal confirming the user'"'"'s identity by matching the returned password to the copy of the on-demand password stored in the repository; and
the logon portal as a function of the confirming, granting the user access to the secured service.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method for using a Service-Provider password to simulate F-SSO functionality. A processor receives from an F-SSO Identity Provider authentication data for a user who has requested access to a secured service. The service is managed by an F-SSO Service Provider that does not offer F-SSO functionality for that service. Upon receiving the data, the processor redirects the user to an SU-F-SSO portal of the Service Provider, which uses the received authentication data to authenticate the user. The processor sends the user an on-demand password and, when the user uses that password to sign on, the processor matches the entered password with a stored copy of the password that was sent to the user. If they match, the processor grants the user access to the requested service. In some embodiments, the on-demand password may be a single-use password or may be sent to the user via an out-of-band communication.
-
Citations
20 Claims
-
1. A method for Single-Use Federated Single Sign-On (SU-F-SSO) functionality, the method comprising:
-
a processor of a computer system receiving, from an Identity Provider of an F-SSO federation, a single sign-on request, where the Service Provider'"'"'s authentication process does not provide single sign-on functionality to the secured service, and where the trusted data confirms a user'"'"'s identity and further confirms that the user'"'"'s privileges and authorization to access secured services at the Service Provider; the processor, as a Single-Use F-SSO implementation, identifying the user and the user'"'"'s privileges as a function of the authenticated data; the processor creating an on-demand password; the processor storing a copy of the on-demand password in an information repository secured by the Service Provider; the processor transmitting the on-demand password to the user; the processor redirecting the user to the Service Provider'"'"'s logon portal; the logon portal receiving from the user the on-demand password as part of a sign-on procedure of the logon portal; the logon portal confirming the user'"'"'s identity by matching the returned password to the copy of the on-demand password stored in the repository; and the logon portal as a function of the confirming, granting the user access to the secured service. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A Single-Use SU-F-SSO system comprising a processor, a memory coupled to the processor, and a computer-readable hardware storage device coupled to the processor, the storage device containing program code configured to be run by the processor via the memory to implement a method for using a Service-Provider password to simulate F-SSO functionality, the method comprising:
-
the processor receiving, from an Identity Provider of an F-SSO federation, a single sign-on request, where the Service Provider'"'"'s authentication process does not provide single sign-on functionality to the secured service, and where the trusted data confirms a user'"'"'s identity and further confirms that the user'"'"'s privileges and authorization to access secured services at the Service Provider; the processor, as a Single-Use F-SSO implementation, identifying the user and the user'"'"'s privileges as a function of the authenticated data; the processor creating an on-demand password; the processor storing a copy of the on-demand password in an information repository secured by the Service Provider; the processor transmitting the on-demand password to the user; the processor redirecting the user to the Service Provider'"'"'s logon portal; the logon portal receiving from the user the on-demand password as part of a sign-on procedure of the logon portal; the logon portal confirming the user'"'"'s identity by matching the returned password to the copy of the on-demand password stored in the repository; and the logon portal as a function of the confirming, granting the user access to the secured service. - View Dependent Claims (13, 14, 15, 16)
-
-
17. A computer program product, comprising a computer-readable hardware storage device having a computer-readable program code stored therein, the program code configured to be executed by a system comprising a processor, a memory coupled to the processor, and a computer-readable hardware storage device coupled to the processor, the storage device containing program code configured to be run by the processor via the memory to implement a method for using a Service-Provider password to simulate F-SSO functionality, the method comprising:
-
the processor receiving, from an Identity Provider of an F-SSO federation, a single sign-on request, where the Service Provider'"'"'s authentication process does not provide single sign-on functionality to the secured service, and where the trusted data confirms a user'"'"'s identity and further confirms that the user'"'"'s privileges and authorization to access secured services at the Service Provider; the processor, as a Single-Use F-SSO implementation, identifying the user and the user'"'"'s privileges as a function of the authenticated data; the processor creating an on-demand password; the processor storing a copy of the on-demand password in an information repository secured by the Service Provider; the processor transmitting the on-demand password to the user; the processor redirecting the user to the Service Provider'"'"'s logon portal; the logon portal receiving from the user the on-demand password as part of a sign-on procedure of the logon portal; the logon portal confirming the user'"'"'s identity by matching the returned password to the copy of the on-demand password stored in the repository; and the logon portal as a function of the confirming, granting the user access to the secured service. - View Dependent Claims (18, 19, 20)
-
Specification