System and method for unified sign-on
First Claim
1. A method of permitting a first domain to access a second domain comprising:
- receiving, at the second domain, a request from the first domain, the request indicating an action to be performed in the second domain and further indicating a first user in the first domain on whose behalf the action is to be performed;
looking up a second user in the second domain who corresponds to the first user;
issuing an access token for the second user; and
using the access token to perform the action under a persona of the second user,wherein the request is received at an adapter that operates in the second domain, the adapter requesting the access token and using the access token to perform said action, and wherein the adapter runs as a third user different from the first user and the second user, wherein the adapter uses the access token to perform said action by impersonating the second user.
2 Assignments
0 Petitions
Accused Products
Abstract
A system that allows a user of a first domain to access a second domain. A request originates in the first domain to perform an action in the second domain. The request indicates a user of the first domain on whose behalf the request was originated. The access request is received by an adapter in the second domain. The adapter requests an access token for a user of the second domain who corresponds to the user of the first domain. A mapping table is used to identify which user in the second domain corresponds to the user in the first domain. Once the correct user of the second domain is identified, an access token for that user is returned to the adapter. The adapter then carries out the requested action by using the access token to impersonate the user of the second domain.
74 Citations
25 Claims
-
1. A method of permitting a first domain to access a second domain comprising:
-
receiving, at the second domain, a request from the first domain, the request indicating an action to be performed in the second domain and further indicating a first user in the first domain on whose behalf the action is to be performed; looking up a second user in the second domain who corresponds to the first user; issuing an access token for the second user; and using the access token to perform the action under a persona of the second user, wherein the request is received at an adapter that operates in the second domain, the adapter requesting the access token and using the access token to perform said action, and wherein the adapter runs as a third user different from the first user and the second user, wherein the adapter uses the access token to perform said action by impersonating the second user. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method of using a first domain to access a second domain comprising:
-
generating, in the first domain, a request for a resource or service that is located in the second domain, the request being generated by a process that runs as a first user in the first domain; sending the request to the second domain, whereupon the request is carried out in the second domain, by an adapter, on behalf of a second user in the second domain who corresponds to the first user, wherein the adapter runs as a third user different from the first user and the second user, wherein the adapter uses an access token to perform said action by impersonating the second user; and receiving a result of the access request from the second domain. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
-
-
16. A system that performs actions on behalf of a first domain, the system comprising:
-
a service that receives, from a component, a first request for an access token, the first request identifying a first user in the first domain, the service further looking up a second user who corresponds to the first user and issuing to the component the access token, the access token permitting the component to impersonate the second user while carrying out an action, wherein the service and the component operate in a second domain different from the first domain, and wherein the second user is a user of the second domain, wherein the component comprises an adapter that receives a second request to perform the action, the second request being received by the adapter from the first domain, and wherein the adapter runs in the second domain as a third user, the third user being different from the first user and from the second user. - View Dependent Claims (17, 18, 19, 20)
wherein a first one of the plurality of rows stores the first user in the first column and the second user in the second column.
-
-
20. The system of claim 16, wherein said third user is reserved for running a set of one or more adapters that includes said adapter.
-
21. A computer-readable storage medium having encoded thereon computer-executable instructions to perform acts comprising:
-
receiving a first request from a component for an access token; looking up, based on a first user of a first domain, a second user of a second domain who corresponds to the first user; and issuing the access token to the component, wherein the access token permits the component to carry out an action by impersonating the second user, wherein the component comprises an adapter that runs in the second domain as a third user, the third user being different from the first user and the second user. - View Dependent Claims (22, 23, 24, 25)
wherein a first one of the plurality of rows stores the first user in the first column and the second user in the second column.
-
-
24. The computer-readable storage medium of claim 21, wherein the component receives a second request to perform the action, and wherein the component carries out the action under the persona of the second user by using the access token to impersonate the second user.
-
25. The computer-readable storage medium of claim 21, wherein said third user is reserved for running a set of one or more adapters that includes said adapter.
Specification