SINGLE SIGN-ON FOR MANAGED MOBILE DEVICES USING KERBEROS
First Claim
1. A non-transitory computer-readable medium embodying a program executable by a processor of a computing device to cause the computing device to at least:
- receive a certificate from a client device;
generate a ticket-granting ticket;
send the ticket-granting ticket to the client device;
receive a request for a service ticket from the client device, wherein the request for the service ticket includes the ticket-granting ticket;
generate the service ticket;
send the service ticket to the client device;
receive the service ticket from the client device; and
send a security assertion markup language (SAML) response to the client device, wherein the SAML response provides authentication credentials for a service provider associated with the service ticket.
1 Assignment
0 Petitions
Accused Products
Abstract
Disclosed are various examples for single-sign on by way of managed mobile devices using Kerberos. For example, a certificate is received from a client device. In response, a Kerberos ticket-granting ticket is generated and sent to the client device. A request for a service ticket is later received from the client device. The request for the service ticket can include the ticket-granting ticket. The service ticket is then generated and sent to the client device. Subsequently, the service ticket is received from the client device and a security assertion markup language (SAML) response is sent to the client device in reply. The SAML response can provide authentication credentials for a service provider associated with the service ticket.
87 Citations
20 Claims
-
1. A non-transitory computer-readable medium embodying a program executable by a processor of a computing device to cause the computing device to at least:
-
receive a certificate from a client device; generate a ticket-granting ticket; send the ticket-granting ticket to the client device; receive a request for a service ticket from the client device, wherein the request for the service ticket includes the ticket-granting ticket; generate the service ticket; send the service ticket to the client device; receive the service ticket from the client device; and send a security assertion markup language (SAML) response to the client device, wherein the SAML response provides authentication credentials for a service provider associated with the service ticket. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system, comprising:
-
a computing device comprising a processor and a memory; and machine readable instructions stored in the memory that, when executed by the processor, cause the computing device to at least; receive a certificate from a client device; generate a ticket-granting ticket; send the ticket-granting ticket to the client device; receive a request for a service ticket from the client device, wherein the request for the service ticket includes the ticket-granting ticket; generate the service ticket; send the service ticket to the client device; receive the service ticket from the client device; and send a security assertion markup language (SAML) response to the client device, wherein the SAML response provides authentication credentials for a service provider associated with the service ticket. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
-
14. A method, comprising:
-
receiving a certificate from a client device; generating a ticket-granting ticket; sending the ticket-granting ticket to the client device; receiving a request for a service ticket from the client device, wherein the request for the service ticket includes the ticket-granting ticket; generating the service ticket; sending the service ticket to the client device; receiving the service ticket from the client device; and sending a security assertion markup language (SAML) response to the client device, wherein the SAML response provides authentication credentials for a service provider associated with the service ticket. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification