Method of enabling an intermediary server to impersonate a client user's identity to a plurality of authentication domains
First Claim
1. A method of enabling a client terminal user to access target resources managed by a set of resource managers within an enterprise computing environment, comprising:
- authenticating the user to establish a user primary identity;
mapping the user primary identity to a set of user secondary identities;
authenticating the user to the resource managers using the set of user secondary identities;
following authentication using the set of user secondary identities, forwarding resource requests to the resource managers; and
returning replies received from the resource managers back to the user.
1 Assignment
0 Petitions
Accused Products
Abstract
An enterprise computing environment such as a corporate web portal includes an intermediary server, a sign on service, and one or more backend enterprise systems managed by resource managers. Before or after user primary logon, which establishes a user primary account identity, the intermediary server uses its own identity to authenticate to the sign on service its right to retrieve user secondary account identities with respect to the backend enterprise systems. Retrieved secondary account identities are then used by the intermediary server to perform user secondary logons to respective resource managers in the environment. The intermediary server also manages the passing of resource requests and associated replies between the user and the resource managers.
108 Citations
21 Claims
-
1. A method of enabling a client terminal user to access target resources managed by a set of resource managers within an enterprise computing environment, comprising:
-
authenticating the user to establish a user primary identity;
mapping the user primary identity to a set of user secondary identities;
authenticating the user to the resource managers using the set of user secondary identities;
following authentication using the set of user secondary identities, forwarding resource requests to the resource managers; and
returning replies received from the resource managers back to the user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for enabling a client terminal user to access target resources managed by a set of resource managers operative within an enterprise computing environment, wherein the environment has an associated sign-on service, comprising:
-
responsive to a request received from a user of the client terminal, authenticating the user to establish a user primary identity;
using the user primary identity, accessing the sign-on service to retrieve a set of stored user authentication information, wherein the stored user authentication information comprises a set of user secondary identities;
performing a sign-on to the set of resource managers using the retrieved set of user secondary identities; and
forwarding the request to a given resource manager; and
forwarding a reply received from the given resource manager back to the user.
-
-
11. A method for enabling a client terminal user to access target resources managed by a set of resource managers operative within an enterprise computing environment, wherein the environment has an associated sign-on service, comprising:
-
having the client terminal user perform a primary logon to an intermediary server to establish a user primary identity;
having the intermediary server pass the user'"'"'s primary identity to the sign-on service and, in response, obtaining a set of user secondary identities that may be used in enabling the intermediary server to represent the client terminal user to the resource managers;
having the intermediary server perform a secondary logon to a first resource manager using a first user secondary identity;
having the intermediary server perform a secondary logon to a second resource manager using a second user secondary identity;
having the intermediary server perform resource requests at the first and second resource managers under the respective secondary identities; and
forwarding responses back to the client terminal user.
-
-
12. An enterprise computing environment having a set of resource managers and a sign-on service, the enterprise computing environment comprising:
-
means for authenticating a user to establish a user primary account associated with a user primary identity;
means for cooperating with the sign-on service to map the user primary account to a set of user secondary accounts associated with a set of user secondary identities;
means for logging onto the set of resource managers using the user secondary accounts; and
means for passing resource requests from the user to the resource managers under the user secondary accounts. - View Dependent Claims (13)
-
-
14. A server for use in an enterprise computing environment having a set of resource managers and a sign-on service, comprising:
-
means for authenticating a user to establish a user primary account associated with a user primary identity;
means for authenticating the server to the sign-on service;
means for logging onto the set of resource managers using a set of user secondary accounts returned from the sign-on service, wherein the set of user secondary accounts is associated with a set of user secondary identities; and
means for passing resource requests and associated replies between the user and the resource managers. - View Dependent Claims (15)
-
-
16. A system, comprising:
-
a set of resource managers;
a sign on service;
a server, comprising;
means for authenticating users to establish user primary accounts associated with user primary identities;
means for logging a given user onto the set of resource managers using a set of user secondary accounts for the given user retrieved from the sign on service, wherein a set of user secondary accounts for a given user is associated with a set of user secondary identities for a given user; and
means for passing resource requests and associated replies between the given user and the resource managers. - View Dependent Claims (17, 18, 19, 20)
-
-
21. A computer program product in a computer-useable medium executable in a processor of a server, comprising:
-
means for authenticating a user to establish a user primary account associated with a user primary identity;
means for authenticating the server to a sign-on service;
means for logging onto a set of resource managers using a set of user secondary accounts returned from the sign-on service, wherein the set of user secondary accounts are associated with a set of user secondary identities; and
means for passing resource requests and associated replies between the user and the resource managers.
-
Specification