Method and apparatus to facilitate single sign-on services in a hosting environment
First Claim
1. A method to facilitate single sign-on services in a hosting environment, comprising:
- receiving a request from a user to access a partner application at an application server, wherein the application server is a hosting server supplying application services to multiple entities;
determining if the user holds a token granting access to the partner application; and
if the user does not hold the token,redirecting the request to a single sign-on server,requesting a user authentication credential from the user,receiving the user authentication credential, wherein the user authentication credential includes an entity identifier which identifies a requesting entity associated with the user to the hosting server,verifying if the user is authorized to access the partner application based on the entity identifier, andif the user is authorized to access the partner application, issuing the token to the user, wherein the token grants access to the partner application to the user, and wherein the token includes an expiry time based on data supplied from a virtual private database, wherein the virtual private database is in non-volatile storage.
2 Assignments
0 Petitions
Accused Products
Abstract
One embodiment of the present invention provides a system that facilitates single sign-on services in a hosting environment. The system operates by first receiving a request from a user to access a partner application at an application server. The system then determines if the user holds a token granting access to this partner application. If the user does not hold this token, the system redirects the request to a single sign-on server. This single sign-on server requests a user authentication credential from the user. Upon receiving the user authentication credential, including an entity identifier, the single sign-on server verifies if the user is authorized to access the partner application based on the entity identifier. If the user is authorized to access the partner application, the single sign-on server issues a token to the user, which grants the user access to the partner application.
-
Citations
24 Claims
-
1. A method to facilitate single sign-on services in a hosting environment, comprising:
-
receiving a request from a user to access a partner application at an application server, wherein the application server is a hosting server supplying application services to multiple entities; determining if the user holds a token granting access to the partner application; and if the user does not hold the token, redirecting the request to a single sign-on server, requesting a user authentication credential from the user, receiving the user authentication credential, wherein the user authentication credential includes an entity identifier which identifies a requesting entity associated with the user to the hosting server, verifying if the user is authorized to access the partner application based on the entity identifier, and if the user is authorized to access the partner application, issuing the token to the user, wherein the token grants access to the partner application to the user, and wherein the token includes an expiry time based on data supplied from a virtual private database, wherein the virtual private database is in non-volatile storage. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer-readable storage device storing instructions that when executed by a computer cause the computer to perform a method to facilitate single sign-on services in a hosting environment, the method comprising:
-
receiving a request from a user to access a partner application at an application server, wherein the application server is a hosting server supplying application services to multiple entities; determining if the user holds a token granting access to the partner application; and if the user does not hold the token, redirecting the request to a single sign-on server, requesting a user authentication credential from the user, receiving the user authentication credential, wherein the user authentication credential includes an entity identifier which identifies a requesting entity associated with the user to the hosting server, verifying if the user is authorized to access the partner application based on the entity identifier, and if the user is authorized to access the partner application, issuing the token to the user, wherein the token grants access to the partner application to the user, and wherein the token includes an expiry time based on data supplied from a virtual private database, wherein the virtual private database is in non-volatile storage. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. An apparatus to facilitate single sign-on services in a hosting environment, comprising:
-
a first receiving mechanism that is configured to receive a request from a user to access a partner application at an application server, wherein the application server is a hosting server supplying application services to multiple entities; a determining mechanism that is configured to determine if the user holds a token granting access to the partner application; a redirecting mechanism that is configured to redirect the request to a single sign-on server; a requesting mechanism that is configured to request a user authentication credential from the user; a second receiving mechanism that is configured to receive the user authentication credential, wherein the user authentication credential includes an entity identifier which identifies a requesting entity associated with the user to the hosting server; a verifying mechanism that is configured to verify if the user is authorized to access the partner application based on the entity identifier; and an issuing mechanism that is configured to issue the token to the user, wherein the token grants access to the partner application to the user, and wherein the token includes an expiry time based on data supplied from a virtual private database, wherein the virtual private database is in non-volatile storage. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
Specification