Certificate-based single sign-on (SSO) from mobile applications over the Internet
First Claim
1. A method to establish a secure session to a network-accessible application from a mobile device executing a native app, comprising:
- configuring the network-accessible application for access by mobile device users by associating a set of one or more enterprise users with the network-accessible application;
receiving a request to validate that an enterprise user seeking access to the network-accessible application is associated with the network-accessible application, the request to validate having been generated by the network-accessible application in response to a login request initiated from the native app to the network-accessible application from a mobile device of the enterprise user, wherein a certificate for the network-accessible application is not available to the native app executing on the mobile device; and
upon validating that the enterprise user is associated with the network-accessible application, returning to the network-accessible application an authentication token, the authentication token evidencing that the enterprise user is permitted to access the network-accessible application for a session;
wherein upon receipt of the authentication token, access to the network-accessible application from the native app executing on the mobile device is enabled for the session.
1 Assignment
0 Petitions
Accused Products
Abstract
A technique to establish a secure session to a network-accessible application from a mobile device executing a native app. Initially, the network-accessible application is provisioned for access by an enterprise associating a set of one or more of its enterprise users with the network-accessible application. Thereafter, access to the application is enabled via an identity provider. In operation, the identity provider receives a request to validate that an enterprise user seeking access to the network-accessible application is associated with the application. The request is generated by the application in response to a login request initiated from the native app from a mobile device, wherein a certificate for the application is not available to the native app. Upon validating that the enterprise user is associated with the network-accessible application, the identity provider returns to the application an authentication token evidencing that the enterprise user is permitted to access the network-accessible application for a session.
-
Citations
21 Claims
-
1. A method to establish a secure session to a network-accessible application from a mobile device executing a native app, comprising:
-
configuring the network-accessible application for access by mobile device users by associating a set of one or more enterprise users with the network-accessible application; receiving a request to validate that an enterprise user seeking access to the network-accessible application is associated with the network-accessible application, the request to validate having been generated by the network-accessible application in response to a login request initiated from the native app to the network-accessible application from a mobile device of the enterprise user, wherein a certificate for the network-accessible application is not available to the native app executing on the mobile device; and upon validating that the enterprise user is associated with the network-accessible application, returning to the network-accessible application an authentication token, the authentication token evidencing that the enterprise user is permitted to access the network-accessible application for a session; wherein upon receipt of the authentication token, access to the network-accessible application from the native app executing on the mobile device is enabled for the session. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An apparatus configured as an identity provider (IdP) to facilitate establishment of a secure session to a network-accessible application from a mobile device executing a native app, comprising:
-
a processor; computer memory holding computer program instructions executed by the processor, the computer program instructions comprising program code configured to; configure the network-accessible application for access by mobile device users by associating a set of one or more enterprise users with the network-accessible application; receive a request to validate that an enterprise user seeking access to the network-accessible application is associated with the network-accessible application, the request to validate having been generated by the network-accessible application in response to a login request initiated from the native app to the network-accessible application from a mobile device of the enterprise user, wherein a certificate for the network-accessible application is not available to the native app executing on the mobile device; and upon validating that the enterprise user is associated with the network-accessible application, return to the network-accessible application an authentication token, the authentication token evidencing that the enterprise user is permitted to access the network-accessible application for a session; wherein upon receipt of the authentication token, access to the network-accessible application from the native app executing on the mobile device is enabled for the session. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer program product in a non-transitory computer readable medium for use in a data processing system configured as an identity provider (IdP), the identity provider configured to facilitate establishment of a secure session to a network-accessible application from a mobile device executing a native app, the computer program product holding computer program instructions executed by the data processing system, the computer program instructions comprising program code configured to:
-
configure the network-accessible application for access by mobile device users by associating a set of one or more enterprise users with the network-accessible application; receive a request to validate that an enterprise user seeking access to the network-accessible application is associated with the network-accessible application, the request to validate having been generated by the network-accessible application in response to a login request initiated from the native app to the network-accessible application from a mobile device of the enterprise user, wherein a certificate for the network-accessible application is not available to the native app executing on the mobile device; and upon validating that the enterprise user is associated with the network-accessible application, return to the network-accessible application an authentication token, the authentication token evidencing that the enterprise user is permitted to access the network-accessible application for a session; wherein upon receipt of the authentication token, access to the network-accessible application from the native app executing on the mobile device is enabled for the session. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification