System and Method for Multi-Tenant SSO With Dynamic Attribute Retrieval

US 20180167378A1
Filed: 11/22/2017
Published: 06/14/2018
Est. Priority Date: 11/23/2016
Status: Active Grant

First Claim

Patent Images

1. A system for multi-tenant single sign-on (SSO) identity management with dynamic attribute retrieval, the system comprising:

at least one service provider comprising a service provider SSO module, the at least one service provider configured to provide at least one software service;

at least one service provider plug-in corresponding to the at least one service provider, the at least one service provider plug-in operably connected to the at least one service provider via the service provider SSO module; and

,a service automation platform communicatively coupled to the service provider plug-in and the service provider, the service automation platform further comprising a single sign-on (SSO) dispatcher.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for multi-tenant single sign-on (SSO) identity management with dynamic attribute retrieval, the system includes at least one service provider, at least one service provider plug-in, and a service automation platform. A method for multi-tenant SSO identity management with dynamic attribute retrieval, includes the steps of receiving a link to a service provider at an SSO dispatcher, the SSO dispatcher identifying a service, requesting at the SSO dispatcher, user attributes for the at least one service provider, assembling at a service provider handler implementation, a response query, retrieving identity provider credentials from the service automation platform, signing at the SSO dispatcher, a package for a user'"'"'s authentication, and redirecting the package to the service provider.

93 Citations

View as Search Results

17 Claims

1. A system for multi-tenant single sign-on (SSO) identity management with dynamic attribute retrieval, the system comprising:
- at least one service provider comprising a service provider SSO module, the at least one service provider configured to provide at least one software service;
  
  at least one service provider plug-in corresponding to the at least one service provider, the at least one service provider plug-in operably connected to the at least one service provider via the service provider SSO module; and
  
  ,a service automation platform communicatively coupled to the service provider plug-in and the service provider, the service automation platform further comprising a single sign-on (SSO) dispatcher.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The system of claim 1, further comprising a service provider handler operably connected to the service automation platform, and the at least one service provider plug-in.
  - 3. The system of claim 1, wherein the service automation platform comprises a virtual identity provider, the virtual identity provider further comprising a virtualized public identity provider, and a virtualized managed identity provider.
  - 4. The system of claim 2, wherein the service automation platform further comprises a user interface.
  - 5. The system of claim 1, wherein the service provider plug-in comprises a virtualized user data storage, a user data storage, a virtualized exclusive identity provider, and service provisioning module.
  - 6. The system of claim 1, wherein the SSO dispatcher further comprises a request handler, a virtualized identity provider accessor, a signature and encryption module, an attribute packer, a plug-in accessor, and a response packer.
  - 7. The system of claim 5, wherein the service provider plug-in further comprises a user interface.
  - 8. The system of claim 5, wherein the virtualized user data storage further comprises a service provider handler implementation.
  - 9. The system of claim 1, wherein the least one service provider plug-in is configured to store user attributes and to provision a subscription to the at least one software service.
  - 10. The system of claim 1, wherein the least one service provider plug-in further comprises a SSO application programming interface (API).
  - 11. The system of claim 9, wherein the service provider plug-in comprises a user attribute schema comprising a set of user attributes.

12. A method for multi-tenant SSO identity management with dynamic attribute retrieval, the method utilizing a system comprising at least one service provider, at least one service provider plug-in, and a service automation platform, the method comprising the steps:
- a. activating a link to a service provided by the at least one service provider;
  
  b. receiving at an SSO dispatcher, the link, the SSO dispatcher identifying the service provided by the at least one service provider;
  
  c. requesting at the SSO dispatcher, user attributes for the at least one service provider from a service provider handler;
  
  d. assembling at a service provider handler implementation, a response query with the user attributes, the user attributes assembled according to a user attributes schema and service provider settings;
  
  e. checking at the SSO dispatcher, whether the response query is a success, and if successful, proceeding to the next step, and if unsuccessful, displaying a message;
  
  f. checking at the SSO dispatcher, whether the response query includes identification of an identity provider, and if the response query does not include identification of an identity provider, retrieving public identity provider credentials from the service automation platform, and if the response query is successful, proceeding to the next step;
  
  g. determining at the SSO dispatcher, whether the response query identifies a managed identity provider, or an exclusive identity provider, and requesting the respective identity provider'"'"'s credentials identified herein;
  
  h. signing at the SSO dispatcher, a package for a user'"'"'s authentication with the credentials;
  
  i. redirecting at the SSO dispatcher, the package to the service provider.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The method of claim 12, wherein the user attributes is selected from a group consisting of a username, email address, address, subscription id, tenant id, and zip-code.
  - 14. The method of claim 12, wherein the service provider settings are set by the service provider and stored in a user data storage.
  - 15. The method of claim 12, wherein the service provider settings comprises information about a virtualized identity provider selected from a group consisting of a virtualized public identity provider, virtualized managed identity provider, or virtualized exclusive identity provider.
  - 16. The method of claim 14, wherein the service provider settings further comprises of information about an SSO protocol.
  - 17. The method of claim 12 further comprising the step allowing a user to log in to the service provider, using the package.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cloudblue LLC
Original Assignee
Ingram Micro Incorporated (HNA Technology Co. Ltd.)
Inventors
Kostyukov, Andrey, Kuzkin, Maxim

Granted Patent

US 10,749,856 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 9/44526   Plug-ins; Add-ons

G06F 9/547   Remote procedure calls [RPC...

H04L 63/0815   providing single-sign-on or...

H04L 9/3263   involving certificates, e.g...

System and Method for Multi-Tenant SSO With Dynamic Attribute Retrieval

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

93 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

System and Method for Multi-Tenant SSO With Dynamic Attribute Retrieval

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

93 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links