SINGLE LOGOUT FUNCTIONALITY FOR A MULTI-TENANT IDENTITY AND DATA SECURITY MANAGEMENT CLOUD SERVICE
First Claim
1. A non-transitory computer readable medium having instructions stored thereon that, when executed by a processor, cause the processor to provide cloud-based identity and access management, the providing comprising:
- receiving a first request for an identity management service configured to allow for accessing applications;
sending the first request to a first microservice, wherein the first microservice performs the identity management service by generating a token, wherein the first microservice generates the token at least in part by sending a second request to a single sign-on (SSO) microservice, wherein the SSO microservice is configured to provide SSO functionality across different microservices that are based on different protocols;
wherein the SSO microservice implements an SSO and generates a cookie that includes a global state and is used for communicating with different microservices;
receiving a single log-out (SLO) of the SSO; and
using the cookie to iteratively log-out of the applications, wherein, after each log-out of an application of a first protocol, a redirect is performed to the SSO microservice to trigger log-out of applications of a different protocol.
1 Assignment
0 Petitions
Accused Products
Abstract
A cloud-based identity and access management system that implements single sign-on (“SSO”) receives a first request for an identity management service configured to allow for accessing applications. Embodiments send the first request to a first microservice, where the first microservice performs the identity management service by generating a token. The first microservice generates the token at least in part by sending a second request to a SSO. The SSO microservice implements an SSO and generates a cookie that includes a global state and is used for communicating with different microservices. Embodiments receive a single log-out (SLO) of the SSO and use the cookie to iteratively log-out of the applications, where, after each log-out of an application of a first protocol, a redirect is performed to the SSO microservice to trigger log-out of applications of a different protocol.
-
Citations
20 Claims
-
1. A non-transitory computer readable medium having instructions stored thereon that, when executed by a processor, cause the processor to provide cloud-based identity and access management, the providing comprising:
-
receiving a first request for an identity management service configured to allow for accessing applications; sending the first request to a first microservice, wherein the first microservice performs the identity management service by generating a token, wherein the first microservice generates the token at least in part by sending a second request to a single sign-on (SSO) microservice, wherein the SSO microservice is configured to provide SSO functionality across different microservices that are based on different protocols; wherein the SSO microservice implements an SSO and generates a cookie that includes a global state and is used for communicating with different microservices; receiving a single log-out (SLO) of the SSO; and using the cookie to iteratively log-out of the applications, wherein, after each log-out of an application of a first protocol, a redirect is performed to the SSO microservice to trigger log-out of applications of a different protocol. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method of providing cloud-based identity and access management comprising:
-
receiving a first request for an identity management service configured to allow for accessing applications; sending the first request to a first microservice, wherein the first microservice performs the identity management service by generating a token, wherein the first microservice generates the token at least in part by sending a second request to a single sign-on (SSO) microservice, wherein the SSO microservice is configured to provide SSO functionality across different microservices that are based on different protocols; wherein the SSO microservice implements an SSO and generates a cookie that includes a global state and is used for communicating with different microservices; receiving a single log-out (SLO) of the SSO; and using the cookie to iteratively log-out of the applications, wherein, after each log-out of an application of a first protocol, a redirect is performed to the SSO microservice to trigger log-out of applications of a different protocol. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A system for providing cloud based identity and access management, comprising:
-
a plurality of tenants; a plurality of microservices; and one or more processors that; receive a first request for an identity management service configured to allow for accessing applications; send the first request to a first microservice, wherein the first microservice performs the identity management service by generating a token, wherein the first microservice generates the token at least in part by sending a second request to a single sign-on (SSO) microservice, wherein the SSO microservice is configured to provide SSO functionality across different microservices that are based on different protocols; wherein the SSO microservice implements an SSO and generates a cookie that includes a global state and is used for communicating with different microservices; receive a single log-out (SLO) of the SSO; and use the cookie to iteratively log-out of the applications, wherein, after each log-out of an application of a first protocol, a redirect is performed to the SSO microservice to trigger log-out of applications of a different protocol. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification