SINGLE LOGOUT FUNCTIONALITY FOR A MULTI-TENANT IDENTITY AND DATA SECURITY MANAGEMENT CLOUD SERVICE

US 20180077144A1
Filed: 09/14/2017
Published: 03/15/2018
Est. Priority Date: 09/14/2016
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer readable medium having instructions stored thereon that, when executed by a processor, cause the processor to provide cloud-based identity and access management, the providing comprising:

receiving a first request for an identity management service configured to allow for accessing applications;

sending the first request to a first microservice, wherein the first microservice performs the identity management service by generating a token, wherein the first microservice generates the token at least in part by sending a second request to a single sign-on (SSO) microservice, wherein the SSO microservice is configured to provide SSO functionality across different microservices that are based on different protocols;

wherein the SSO microservice implements an SSO and generates a cookie that includes a global state and is used for communicating with different microservices;

receiving a single log-out (SLO) of the SSO; and

using the cookie to iteratively log-out of the applications, wherein, after each log-out of an application of a first protocol, a redirect is performed to the SSO microservice to trigger log-out of applications of a different protocol.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A cloud-based identity and access management system that implements single sign-on (“SSO”) receives a first request for an identity management service configured to allow for accessing applications. Embodiments send the first request to a first microservice, where the first microservice performs the identity management service by generating a token. The first microservice generates the token at least in part by sending a second request to a SSO. The SSO microservice implements an SSO and generates a cookie that includes a global state and is used for communicating with different microservices. Embodiments receive a single log-out (SLO) of the SSO and use the cookie to iteratively log-out of the applications, where, after each log-out of an application of a first protocol, a redirect is performed to the SSO microservice to trigger log-out of applications of a different protocol.

Citations

20 Claims

1. A non-transitory computer readable medium having instructions stored thereon that, when executed by a processor, cause the processor to provide cloud-based identity and access management, the providing comprising:
- receiving a first request for an identity management service configured to allow for accessing applications;
  
  sending the first request to a first microservice, wherein the first microservice performs the identity management service by generating a token, wherein the first microservice generates the token at least in part by sending a second request to a single sign-on (SSO) microservice, wherein the SSO microservice is configured to provide SSO functionality across different microservices that are based on different protocols;
  
  wherein the SSO microservice implements an SSO and generates a cookie that includes a global state and is used for communicating with different microservices;
  
  receiving a single log-out (SLO) of the SSO; and
  
  using the cookie to iteratively log-out of the applications, wherein, after each log-out of an application of a first protocol, a redirect is performed to the SSO microservice to trigger log-out of applications of a different protocol.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer readable medium of claim 1, wherein the cookie indicates applications that are signed into the SSO.
  - 3. The computer readable medium of claim 1, further comprising:
    - receiving the token from the first microservice; and
      
      providing the token to an application, wherein the token allows for accessing the application.
  - 4. The computer readable medium of claim 1, wherein the first microservice is configured to provide an authentication functionality based on the protocol.
  - 5. The computer readable medium of claim 4, wherein the protocol is OAuth or Security Assertion Markup Language (SAML), wherein the SSO microservice is configured to provide SSO functionality across both OAuth and SAML.
  - 6. The computer readable medium of claim 5, wherein the SSO microservice generates a global session configured as a session cookie and provides the global session to the first microservice.
  - 7. The computer readable medium of claim 6, wherein the first microservice converts the global session into the token.

8. A method of providing cloud-based identity and access management comprising:
- receiving a first request for an identity management service configured to allow for accessing applications;
  
  sending the first request to a first microservice, wherein the first microservice performs the identity management service by generating a token, wherein the first microservice generates the token at least in part by sending a second request to a single sign-on (SSO) microservice, wherein the SSO microservice is configured to provide SSO functionality across different microservices that are based on different protocols;
  
  wherein the SSO microservice implements an SSO and generates a cookie that includes a global state and is used for communicating with different microservices;
  
  receiving a single log-out (SLO) of the SSO; and
  
  using the cookie to iteratively log-out of the applications, wherein, after each log-out of an application of a first protocol, a redirect is performed to the SSO microservice to trigger log-out of applications of a different protocol.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, wherein the cookie indicates applications that are signed into the SSO.
  - 10. The method of claim 8, further comprising:
    - receiving the token from the first microservice; and
      
      providing the token to an application, wherein the token allows for accessing the application.
  - 11. The method of claim 8, wherein the first microservice is configured to provide an authentication functionality based on the protocol.
  - 12. The method of claim 11, wherein the protocol is OAuth or Security Assertion Markup Language (SAML), wherein the SSO microservice is configured to provide SSO functionality across both OAuth and SAML.
  - 13. The method of claim 12, wherein the SSO microservice generates a global session configured as a session cookie and provides the global session to the first microservice.
  - 14. The method of claim 13, wherein the first microservice converts the global session into the token.

15. A system for providing cloud based identity and access management, comprising:
- a plurality of tenants;
  
  a plurality of microservices; and
  
  one or more processors that;
  
  receive a first request for an identity management service configured to allow for accessing applications;
  
  send the first request to a first microservice, wherein the first microservice performs the identity management service by generating a token, wherein the first microservice generates the token at least in part by sending a secondrequest to a single sign-on (SSO) microservice, wherein the SSO microservice is configured to provide SSO functionality across different microservices that are based on different protocols;
  
  wherein the SSO microservice implements an SSO and generates a cookie that includes a global state and is used for communicating with different microservices;
  
  receive a single log-out (SLO) of the SSO; and
  
  use the cookie to iteratively log-out of the applications, wherein, after each log-out of an application of a first protocol, a redirect is performed to the SSO microservice to trigger log-out of applications of a different protocol.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system of claim 15, wherein the cookie indicates applications that are signed into the SSO.
  - 17. The system of claim 15, further comprising:
    - receiving the token from the first microservice; and
      
      providing the token to an application, wherein the token allows for accessing the application.
  - 18. The system of claim 15, wherein the first microservice is configured to provide an authentication functionality based on the protocol.
  - 19. The system of claim 18, wherein the protocol is OAuth or Security Assertion Markup Language (SAML), wherein the SSO microservice is configured to provide SSO functionality across both OAuth and SAML.
  - 20. The system of claim 19, wherein the SSO microservice generates a global session configured as a session cookie and provides the global session to the first microservice.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
GANGAWANE, Jay Vijay, JOSEPH, Binoy, SANKESARA, Bhavik, UCHIL, Mrudul Pradeep

Granted Patent

US 10,511,589 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0815   providing single-sign-on or...

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

SINGLE LOGOUT FUNCTIONALITY FOR A MULTI-TENANT IDENTITY AND DATA SECURITY MANAGEMENT CLOUD SERVICE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SINGLE LOGOUT FUNCTIONALITY FOR A MULTI-TENANT IDENTITY AND DATA SECURITY MANAGEMENT CLOUD SERVICE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links