Method and system for single sign-on user access to multiple web servers
First Claim
1. A computer-implemented method of single sign-on user access to multiple web servers, comprising:
- authenticating a user by a first web server, the first web server also providing a first type of service session functionality for the user in addition to and different from authenticating the user, creating an encrypted authentication token, and redirecting a web browser of the user to transmit the encrypted authentication token, which first type of service session functionality is also different from a second type of service session functionality provided for the user by a second web server that is not provided by the first web server, which second type of service session functionality is also in addition to and different from authenticating the user, creating an encrypted authentication token and redirecting a web browser of the user to transmit the encrypted authentication token, each of said web servers containing information identifying the type of service session functionality provided by the other of said web servers and an address for the other of said web servers;
detecting a client request for the second type of service session functionality for the user at said first web server that is not provided by the first web server, said first web server, for determining the second web server providing the second type of service session functionality for the user and in response thereto creating an encrypted authentication token related to the user and redirecting a web browser of the user to the second web server;
transmitting the encrypted token from the first web server to the second web server via the user'"'"'s web browser, wherein the authentication token comprises an expiration time and is digitally signed by the first web server;
authenticating the authentication token by the second web server; and
providing the second type of service session functionality for the user to conduct a session by the second web server.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for single sign-on user access to multiple web servers are provided. A user is authenticated at a first web server (e.g., by user name and password). The first web server provides a web page to the user having a service selector (e.g., a hyperlink comprising the URL of a second web server offering the service indicated by the selector). When the user activates the service selector, the first web server constructs and transmits an encrypted authentication token (e.g., a cookie) from the first web server to a second web server via the user client. The first and second web servers share a sub-domain. The authentication token comprises an expiration time and is digitally signed by the first web server and is authenticated at the second web server. Upon authentication, the second web server allows the user to conduct a session at the second web server.
-
Citations
38 Claims
-
1. A computer-implemented method of single sign-on user access to multiple web servers, comprising:
-
authenticating a user by a first web server, the first web server also providing a first type of service session functionality for the user in addition to and different from authenticating the user, creating an encrypted authentication token, and redirecting a web browser of the user to transmit the encrypted authentication token, which first type of service session functionality is also different from a second type of service session functionality provided for the user by a second web server that is not provided by the first web server, which second type of service session functionality is also in addition to and different from authenticating the user, creating an encrypted authentication token and redirecting a web browser of the user to transmit the encrypted authentication token, each of said web servers containing information identifying the type of service session functionality provided by the other of said web servers and an address for the other of said web servers; detecting a client request for the second type of service session functionality for the user at said first web server that is not provided by the first web server, said first web server, for determining the second web server providing the second type of service session functionality for the user and in response thereto creating an encrypted authentication token related to the user and redirecting a web browser of the user to the second web server; transmitting the encrypted token from the first web server to the second web server via the user'"'"'s web browser, wherein the authentication token comprises an expiration time and is digitally signed by the first web server; authenticating the authentication token by the second web server; and providing the second type of service session functionality for the user to conduct a session by the second web server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A system for single sign-on user access to multiple web servers, comprising:
-
a means for authenticating a user by a first web server, the first web server also providing a first type of service session functionality for the user in addition to and different from authenticating the user, creating an encrypted authentication token, and redirecting a web browser of the user to transmit the encrypted authentication token, which first type of service session functionality is also different from a second type of service session functionality provided for the user by a second web server that is not provided by the first web server, which second type of service session functionality is also in addition to and different from authenticating the user, creating an encrypted authentication token and redirecting a web browser of the user to transmit the encrypted authentication token, each of said web servers containing information identifying the type of service session functionality provided by the other of said web servers and an address for the other of said web servers; means for detecting a client request for the second type of service session functionality for the user at said first web server, said first web server that is not provided by the first web server, said first web server, for determining the second web server providing the second type of service session functionality for the user and in response thereto creating an encrypted authentication token related to the user and redirecting a web browser of the user to the second web server; a means for transmitting the encrypted token from the first web server to the second web server via the user'"'"'s web browser, wherein the authentication token comprises an expiration time and is digitally signed by the first web server; a means for authenticating the authentication token at the second web server; and a means for providing the second type of service session functionality for the user to conduct a session by the second web server. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
-
Specification