Coordinating user target logons in a single sign-on (SSO) environment
First Claim
1. A method of single sign-on to multiple target resources in a computer enterprise environment, wherein at least some target resources normally require a given logon process to access applications on the target resource, comprising the steps of:
- for each of a set of target resources having different logon processes, storing configuration directives identifying the given logon process and methods required to access a particular application on the target resource;
for each of a set of users, storing user-specific information that enables the user to access and logon to one or more of the target resources; and
during a logon attempt by a given user with respect to a target application on one of the set of target resources, coordinating given user information with at least one given configuration directive to enable the given user to logon to the target application without specifying the given logon process.
1 Assignment
0 Petitions
Accused Products
Abstract
A single sign-on (SSO) mechanism to enable a given user to access a target application on a target resource in a distributed computer enterprise. One or more configuration directives each identifying a given logon process and any associated methods required to access the target application on the target resource are stored in a preferably global-accessible database (CIM). For each of a set of users, a preferably global-accessible database (PKM) stores user-specific and application-specific information enabling the user to access and logon to one or more target resources. During a particular session, a logon coordinator (LC) mechanism coordinates given user information with the configuration directive to enable the given user to perform a given action with respect to the target application without specifying the given logon process and the application-specific information.
481 Citations
22 Claims
-
1. A method of single sign-on to multiple target resources in a computer enterprise environment, wherein at least some target resources normally require a given logon process to access applications on the target resource, comprising the steps of:
-
for each of a set of target resources having different logon processes, storing configuration directives identifying the given logon process and methods required to access a particular application on the target resource;
for each of a set of users, storing user-specific information that enables the user to access and logon to one or more of the target resources; and
during a logon attempt by a given user with respect to a target application on one of the set of target resources, coordinating given user information with at least one given configuration directive to enable the given user to logon to the target application without specifying the given logon process. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method of enabling single sign-on access to a target application on a target resource in a distributed computer enterprise, comprising the steps of:
-
generating a configuration directive identifying a given logon process and any associated methods required to access the target application on the target resource;
for each of a set of users, storing user-specific and application-specific information that enables the user to access and logon to one or more target resources; and
during a session, coordinating given user information with the configuration directive to enable the given user to perform a given action with respect to the target application without specifying the given logon process and the application-specific information. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A system architecture for enabling access to a target application on a target resource in a distributed computer enterprise, comprising:
-
means for storing at least one configuration directive identifying a given logon process and any associated methods required to access the target application on the target resource;
means for storing user-specific identifying information for each of a set of users, the user-specific identifying information enabling a given user to access and logon to one or more target resources; and
means for coordinating given user-specific identifying information with the configuration directive to enable the given user to perform a given action with respect to the target application without specifying the given logon process. - View Dependent Claims (16, 17, 18, 19, 20)
-
-
21. A computer program product in a computer-readable medium operable on a computer for enabling access to a target application on a target resource in a distributed computer enterprise, comprising:
-
means running on the computer for storing at least one configuration directive identifying a given logon process and any associated methods required to access the target application on the target resource;
means for retrieving user-specific identifying information for a given user to enable the given user to access and logon to one or more target resources; and
means for coordinating the retrieved user-specific identifying information with the configuration directive to enable the given user to perform a given action with respect to the target application without specifying the given logon process.
-
-
22. A computer connectable in a distributed computer enterprise, comprising:
-
at least one processor;
a memory;
a computer program supported in the memory and executable by the at least one processor for enabling access to a target application on a target resource in the distributed computer enterprise, the computer program comprising;
means for storing in the memory at least one configuration directive identifying a given logon process and any associated methods required to access the target application on the target resource;
means for retrieving user-specific identifying information for a given user to enable the given user to access and logon to one or more target resources; and
means for coordinating the retrieved user-specific identifying information with the configuration directive to enable the given user to perform a given action with respect to the target application without specifying the given logon process.
-
Specification