Method and system for consolidated sign-off in a heterogeneous federated environment
First Claim
1. A method for managing user sessions within a distributed data processing system, the method comprising:
- in response to determining to logoff a user on a system within a first domain, obtaining a list of domains at which the first domain has initiated a logon operation for the user by providing an authentication assertion;
generating at a system in the first domain a set of logoff request messages, wherein the set of logoff request messages contains a logoff request message for the user for each domain in the list of domains, wherein a logoff request message comprises an authentication assertion for the user; and
sending a logoff request message from a system in the first domain to each domain in the list of domains.
2 Assignments
0 Petitions
Accused Products
Abstract
A method is presented in which federated domains interact within a federated environment. Domains within a federation can initiate federated single-sign-on operations for a user at other federated domains. A point-of-contact server within a domain relies upon a trust proxy within the domain to manage trust relationships between the domain and the federation. Trust proxies interpret assertions from other federated domains as necessary. Trust proxies may have a trust relationship with one or more trust brokers, and a trust proxy may rely upon a trust broker for assistance in interpreting assertions. When a user requests to logoff from a domain that has initiated federated single-sign-on operations for the user at other federated domains, the domain initiates a consolidated logoff operation by requesting logoff operations at those other federated domains, which may also initiate logoff operations in a cascaded fashion to the domains at which they have initiated federated single-sign-on operations.
-
Citations
36 Claims
-
1. A method for managing user sessions within a distributed data processing system, the method comprising:
-
in response to determining to logoff a user on a system within a first domain, obtaining a list of domains at which the first domain has initiated a logon operation for the user by providing an authentication assertion; generating at a system in the first domain a set of logoff request messages, wherein the set of logoff request messages contains a logoff request message for the user for each domain in the list of domains, wherein a logoff request message comprises an authentication assertion for the user; and sending a logoff request message from a system in the first domain to each domain in the list of domains. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A data processing system for managing user sessions, the data processing system comprising:
-
means for obtaining a list of domains at which the first domain has initiated a logon operation for the user by providing an authentication assertion in response to determining to logoff a user on a system within a first domain; means for generating at a system in the first domain a set of logoff request messages, wherein the set of logoff request messages contains a logoff request message for the user for each domain in the list of domains, wherein a logoff request message comprises an authentication assertion for the user; and means for sending a logoff request message from a system in the first domain to each domain in the list of domains. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A computer program product in a computer readable medium for managing user sessions in a data processing system, the computer program product comprising:
-
means for obtaining a list of domains at which the first domain has initiated a logon operation for the user by providing an authentication assertion in response to determining to logoff a user on a system within a first domain; means for generating at a system in the first domain a set of logoff request messages, wherein the set of logoff request messages contains a logoff request message for the user for each domain in the list of domains, wherein a logoff request message comprises an authentication assertion for the user; and means for sending a logoff request message from a system in the first domain to each domain in the list of domains. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
-
Specification