Coordinating user target logons in a single sign-on (SSO) environment

US 6,178,511 B1
Filed: 04/30/1998
Issued: 01/23/2001
Est. Priority Date: 04/30/1998
Status: Expired due to Term

First Claim

Patent Images

1. A method of single sign-on to multiple target resources in a computer enterprise environment, wherein at least some target resources normally require a given logon process to access applications on the target resource, comprising the steps of:

for each of a set of target resources having different logon processes, storing configuration directives identifying the given logon process and methods required to access a particular application on the target resource;

for each of a set of users, storing user-specific information that enables the user to access and logon to one or more of the target resources; and

during a logon attempt by a given user with respect to a target application on one of the set of target resources, coordinating given user information with at least one given configuration directive to enable the given user to logon to the target application without specifying the given logon process.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A single sign-on (SSO) mechanism to enable a given user to access a target application on a target resource in a distributed computer enterprise. One or more configuration directives each identifying a given logon process and any associated methods required to access the target application on the target resource are stored in a preferably global-accessible database (CIM). For each of a set of users, a preferably global-accessible database (PKM) stores user-specific and application-specific information enabling the user to access and logon to one or more target resources. During a particular session, a logon coordinator (LC) mechanism coordinates given user information with the configuration directive to enable the given user to perform a given action with respect to the target application without specifying the given logon process and the application-specific information.

481 Citations

22 Claims

1. A method of single sign-on to multiple target resources in a computer enterprise environment, wherein at least some target resources normally require a given logon process to access applications on the target resource, comprising the steps of:
- for each of a set of target resources having different logon processes, storing configuration directives identifying the given logon process and methods required to access a particular application on the target resource;
  
  for each of a set of users, storing user-specific information that enables the user to access and logon to one or more of the target resources; and
  
  during a logon attempt by a given user with respect to a target application on one of the set of target resources, coordinating given user information with at least one given configuration directive to enable the given user to logon to the target application without specifying the given logon process.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method as described in claim 1 further including the step of validating a user id/password of the given user during the logon attempt.
  - 3. The method as described in claim 1 further including the step of storing state information associating the given user with the given target application.
  - 4. The method as described in claim 3 further including the step of using the state information stored to facilitate access to the target application in a subsequent session.
  - 5. The method as described in claim 3 further including the step of using the state information to determine whether the given user has authority to perform a given operation.
  - 6. The method as described in claim 5 wherein the given operation is a change password operation.
  - 7. The method as described in claim 6 further including the step of performing the given operation.
  - 8. The method as described in claim 1 wherein a particular configuration directive is generated by a provider of a given target application.

9. A method of enabling single sign-on access to a target application on a target resource in a distributed computer enterprise, comprising the steps of:
- generating a configuration directive identifying a given logon process and any associated methods required to access the target application on the target resource;
  
  for each of a set of users, storing user-specific and application-specific information that enables the user to access and logon to one or more target resources; and
  
  during a session, coordinating given user information with the configuration directive to enable the given user to perform a given action with respect to the target application without specifying the given logon process and the application-specific information.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The method as described in claim 9 wherein the given action is a user logon to a target resource.
  - 11. The method as described in claim 9 wherein the given action is a change password operation.
  - 12. The method as described in claim 9 wherein the configuration directive is defined by a template file.
  - 13. The method as described in claim 9 wherein the configuration directive is stored in a local database.
  - 14. The method as described in claim 9 wherein the user-specific and application-specific information is stored in a database.

15. A system architecture for enabling access to a target application on a target resource in a distributed computer enterprise, comprising:
- means for storing at least one configuration directive identifying a given logon process and any associated methods required to access the target application on the target resource;
  
  means for storing user-specific identifying information for each of a set of users, the user-specific identifying information enabling a given user to access and logon to one or more target resources; and
  
  means for coordinating given user-specific identifying information with the configuration directive to enable the given user to perform a given action with respect to the target application without specifying the given logon process.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system architecture as described in claim 15 wherein the given action is a user logon to a target resource.
  - 17. The system architecture as described in claim 15 wherein the given action is a change password operation.
  - 18. The system architecture as described in claim 15 wherein the given action is a logoff from a target resource.
  - 19. The system architecture as described in claim 15 wherein the means for storing the configuration directive is a database.
  - 20. The system architecture as described in claim 15 wherein the means for storing the user-specific identifying information is a database.

21. A computer program product in a computer-readable medium operable on a computer for enabling access to a target application on a target resource in a distributed computer enterprise, comprising:
- means running on the computer for storing at least one configuration directive identifying a given logon process and any associated methods required to access the target application on the target resource;
  
  means for retrieving user-specific identifying information for a given user to enable the given user to access and logon to one or more target resources; and
  
  means for coordinating the retrieved user-specific identifying information with the configuration directive to enable the given user to perform a given action with respect to the target application without specifying the given logon process.

22. A computer connectable in a distributed computer enterprise, comprising:
- at least one processor;
  
  a memory;
  
  a computer program supported in the memory and executable by the at least one processor for enabling access to a target application on a target resource in the distributed computer enterprise, the computer program comprising;
  
  means for storing in the memory at least one configuration directive identifying a given logon process and any associated methods required to access the target application on the target resource;
  
  means for retrieving user-specific identifying information for a given user to enable the given user to access and logon to one or more target resources; and
  
  means for coordinating the retrieved user-specific identifying information with the configuration directive to enable the given user to perform a given action with respect to the target application without specifying the given logon process.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Meckstroth, John Robert, Kallfelz, Paul A. Jr., Forsberg, Richard Allen, Pascoe, Christopher James, Snow-Weaver, Andrea Lynn, Cohen, Richard Jay
Primary Examiner(s)
Beausoliel, Jr., Robert W.
Assistant Examiner(s)
BONZO, BRYCE P

Application Number

US09/070,461
Time in Patent Office

999 Days
Field of Search

713/200, 713/201, 713/202
US Class Current

726/6
CPC Class Codes

G06F 21/335   for accessing specific reso...

G06F 21/41   where a single sign-on prov...

H04L 63/0815   providing single-sign-on or...

H04L 63/102   Entity profiles

Coordinating user target logons in a single sign-on (SSO) environment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

481 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Coordinating user target logons in a single sign-on (SSO) environment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

481 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links