Extending Single-Sign-On to Relying Parties of Federated Logon Providers
First Claim
1. An enterprise identity provider server comprising:
- at least one processor;
a communication interface;
memory storing instructions that, when executed by the at least one processor, cause the enterprise identity provider server to;
receive, via the communication interface, from an enterprise server integrated with an enterprise identity service provided by the enterprise identity provider server, a first authentication token previously issued to the enterprise server by the enterprise identity provider server;
in response to receiving the first authentication token, retrieve, from a token store maintained by the enterprise identity provider server, a second authentication token associated with a federated identity service provided by a federated identity provider server;
refresh the second authentication token with the federated identity service provided by the federated identity provider server to obtain a refreshed authentication token; and
send, via the communication interface, to the enterprise server, the refreshed authentication token, wherein sending the refreshed authentication token to the enterprise server enables user devices manages by the enterprise server to access one or more resources provided by a third party system using the federated identity service.
8 Assignments
0 Petitions
Accused Products
Abstract
Aspects of the disclosure relate to extending single-sign-on to relying parties for federated logon providers. An enterprise identity provider server may receive a first authentication token previously issued to an enterprise server by the enterprise identity provider server. Subsequently, the enterprise identity provider server may retrieve, from a token store, a second authentication token associated with a federated identity service provided by a federated identity provider server. The enterprise identity provider server may refresh the second authentication token with the federated identity service provided by the federated identity provider server to obtain a refreshed authentication token. Finally, the enterprise identity provider server may send the refreshed authentication token to the enterprise server, which may enable user devices managed by the enterprise server to access one or more resources provided by a third party system using the federated identity service.
-
Citations
20 Claims
-
1. An enterprise identity provider server comprising:
-
at least one processor; a communication interface; memory storing instructions that, when executed by the at least one processor, cause the enterprise identity provider server to; receive, via the communication interface, from an enterprise server integrated with an enterprise identity service provided by the enterprise identity provider server, a first authentication token previously issued to the enterprise server by the enterprise identity provider server; in response to receiving the first authentication token, retrieve, from a token store maintained by the enterprise identity provider server, a second authentication token associated with a federated identity service provided by a federated identity provider server; refresh the second authentication token with the federated identity service provided by the federated identity provider server to obtain a refreshed authentication token; and send, via the communication interface, to the enterprise server, the refreshed authentication token, wherein sending the refreshed authentication token to the enterprise server enables user devices manages by the enterprise server to access one or more resources provided by a third party system using the federated identity service. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method comprising:
at an enterprise identity provider comprising at least one processor, memory, and a communication interface; receiving, via the communication interface, from an enterprise server integrated with an enterprise identity service provided by the enterprise identity provider server, a first authentication token previously issued to the enterprise server by the enterprise identity provider server; in response to receiving the first authentication token, retrieving, from a token store maintained by the enterprise identity provider server, a second authentication token associated with a federated identity service provided by a federated identity provider server; refreshing the second authentication token with the federated identity service provided by the federated identity provider server to obtain a refreshed authentication token; and sending, via the communication interface, to the enterprise server, the refreshed authentication token, wherein sending the refreshed authentication token to the enterprise server enables user devices managed by the enterprise server to access one or more resources provided by a third party system using the federated identity service. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
20. One or more non-transitory computer-readable media storing instructions that, when executed by a computing platform comprising at least one processor, memory, and a communication interface, cause the computing platform to:
-
receive, via the communication interface, from an enterprise server integrated with an enterprise identity service provided by the enterprise identity provider server, a first authentication token previously issued to the enterprise server by the enterprise identity provider server; in response to receiving the first authentication token, retrieve, from a token store maintained by the enterprise identity provider server, a second authentication token associated with a federated identity service provided by a federated identity provider server; refresh the second authentication token with the federated identity service provided by the federated identity provider server to obtain a refreshed authentication token; and send, via the communication interface, to the enterprise server, the refreshed authentication token, wherein sending the refreshed authentication token to the enterprise server enables user devices managed by the enterprise server to access one or more resources provided by a third party system using the federated identity service.
-
Specification