Method and system for single sign on using configuration directives with respect to target types
First Claim
1. A method of single sign-on to multiple target resources in a computer enterprise environment, wherein at least some target resources normally require a given logon process to access the target resource, comprising the steps of:
- for each of a set of target resources having different respective logon processes, storing configuration directives each of which include a target type and information identifying the given logon process and methods required to access the target resource;
during a logon attempt by a given user with respect to one of the set of target resources, determining whether any of the configuration directives include a given target type; and
if any of the configuration directives include the given target type, using information in the configuration directive to access the target resource.
1 Assignment
0 Petitions
Accused Products
Abstract
A single sign-on (SSO) mechanism to enable a given user to access a target application on a target resource in a distributed computer enterprise. One or more configuration directives each identifying a given logon process and any associated methods required to access the target application on the target resource are stored in a locally accessible database (CIM). For each of a set of users, a globally-accessible database (PKM) stores user-specific and application-specific information enabling the user to access and logon to one or more target resources. During a particular session, a logon coordinator (LC) mechanism coordinates given user information with the configuration directive to enable the given user to perform a given action with respect to the target application without specifying the given logon process and the application-specific information.
-
Citations
21 Claims
-
1. A method of single sign-on to multiple target resources in a computer enterprise environment, wherein at least some target resources normally require a given logon process to access the target resource, comprising the steps of:
-
for each of a set of target resources having different respective logon processes, storing configuration directives each of which include a target type and information identifying the given logon process and methods required to access the target resource;
during a logon attempt by a given user with respect to one of the set of target resources, determining whether any of the configuration directives include a given target type; and
if any of the configuration directives include the given target type, using information in the configuration directive to access the target resource. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system for enabling access to a target application on a target resource in a distributed computer enterprise, comprising:
-
a database for storing configuration directives each of which include a target type and information identifying a given logon process and any associated methods required to access a target application on a target resource;
means operative during a logon attempt for determining whether any of the configuration directives include a given target type; and
means responsive to the determining means for using information in a given configuration directive to access the target resource. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A computer program product in computer-readable media operable on a computer for enabling access to a target application on a target resource in a distributed computer enterprise, comprising:
-
means for generating configuration directives each of which include a target type and information identifying a given logon process and any associated methods required to access a target application on a target resource;
means operative during a logon attempt for determining whether any of the configuration directives include a given target type; and
means responsive to the determining means for using information in a given configuration directive to access the target resource. - View Dependent Claims (17, 18, 19, 20, 21)
-
Specification
-
- Resources
-
Current AssigneeInternational Business Machines Corporation
-
Original AssigneeInternational Business Machines Corporation
-
InventorsMilman, Ivan Matthew, Kao, I-Lung
-
Primary Examiner(s)Lee, Thomas
-
Assistant Examiner(s)MAI, RIJUE
-
Application NumberUS09/070,511Time in Patent Office1,202 DaysField of Search713/200, 713/201, 713/202, 709/225, 709/226, 709/200, 709/223, 709/302, 709/202, 709/227, 709/229US Class Current726/36CPC Class CodesG06F 21/41 where a single sign-on prov...
