Delegated authentication using a generic application-layer network protocol
First Claim
Patent Images
1. A computer-implemented method for use in a network environment including an enterprise server, comprising:
- storing at the enterprise server multiple security credentials for a remote user to access respective secure resources residing on a network employing a generic application layer network protocol;
maintaining a map between a plurality of resource servers and a type of security credential required to access each resource server, including maintaining a true/false flag and storing a path/domain for each of the plurality of resource servers;
receiving at the enterprise server a signal representing a request from the remote user for a first of the secure resources, wherein the request includes a logon credential for the remote user;
determining, by referring to the map and without the intervention of the user, that the type of security credential for the remote user that is required to access the first secure resource comprises a first of the security credentials corresponding to a first path/domain for a first of the resource servers for which the map indicates a true flag, and wherein the determining includes matching the first path/domain with a stored path/domain corresponding to said first of the resource servers;
sending from the enterprise server a signal representing a second request to retrieve the first secure resource, the second request including a first of the security credentials for the user of the type required to access the first secure resource;
receiving at the enterprise server a signal representing a first single-sign-on (SSO) credential generated by a first SSO provider based on the logon credential;
sending from the enterprise server a signal representing the first SSO credential to retrieve the first secure resource when the type of credential required to access the first secure resource includes the first SSO credential; and
sending from the enterprise server a signal representing the first SSO credential to retrieve the first secure resource when the type of credential required to access the first secure resource includes a second SSO credential corresponding to a second SSO provider having a trust relationship with the first SSO provider.
3 Assignments
0 Petitions
Accused Products
Abstract
A method, apparatus, and computer-readable media include receiving a signal representing a request from a remote user for a secure resource residing on a network employing a generic application-layer network protocol; determining, without the intervention of the user, the type of security credential required to access the secure resource; and sending a signal representing a second request to the secure resource, the second request including a security credential for the user of the type required to access the secure resource.
143 Citations
67 Claims
-
1. A computer-implemented method for use in a network environment including an enterprise server, comprising:
-
storing at the enterprise server multiple security credentials for a remote user to access respective secure resources residing on a network employing a generic application layer network protocol; maintaining a map between a plurality of resource servers and a type of security credential required to access each resource server, including maintaining a true/false flag and storing a path/domain for each of the plurality of resource servers; receiving at the enterprise server a signal representing a request from the remote user for a first of the secure resources, wherein the request includes a logon credential for the remote user; determining, by referring to the map and without the intervention of the user, that the type of security credential for the remote user that is required to access the first secure resource comprises a first of the security credentials corresponding to a first path/domain for a first of the resource servers for which the map indicates a true flag, and wherein the determining includes matching the first path/domain with a stored path/domain corresponding to said first of the resource servers; sending from the enterprise server a signal representing a second request to retrieve the first secure resource, the second request including a first of the security credentials for the user of the type required to access the first secure resource; receiving at the enterprise server a signal representing a first single-sign-on (SSO) credential generated by a first SSO provider based on the logon credential; sending from the enterprise server a signal representing the first SSO credential to retrieve the first secure resource when the type of credential required to access the first secure resource includes the first SSO credential; and sending from the enterprise server a signal representing the first SSO credential to retrieve the first secure resource when the type of credential required to access the first secure resource includes a second SSO credential corresponding to a second SSO provider having a trust relationship with the first SSO provider. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer-implemented method for use in a network environment including an enterprise server, comprising:
-
storing at the enterprise server multiple security credentials for a remote user to access respective secure resources residing on a network employing a generic application layer network protocol; maintaining a map between a plurality of resource servers and a type of security credential required to access each resource server, including maintaining a true/false flag and storing a path/domain for each of the plurality of resource servers; receiving at the enterprise server a signal representing a request from the remote user for a first of the secure resources, wherein the request includes a logon credential for the remote user; determining, by referring to the map and without the intervention of the user, that the type of security credential for the remote user that is required to access the first secure resource comprises a first of the security credentials corresponding to a first path/domain for a first of the resource servers for which the map indicates a true flag, and wherein the determining includes matching the first path/domain with a stored path/domain corresponding to said first of the resource servers; sending from the enterprise server a signal representing a second request to retrieve the first secure resource, the second request including a first of the security credentials for the user of the type required to access the first secure resource; receiving at the enterprise server a signal representing a first single-sign-on (SSO) credential generated by a first SSO provider based on the logon credential; sending from the enterprise server a signal representing the first SSO credential to retrieve the first secure resource when the type of credential required to access the first secure resource includes the first SSO credential; receiving at the enterprise server a signal representing a second SSO credential generated by a second SSO provider based on the first SSO credential; and sending from the enterprise server a signal representing the second SSO credential to retrieve the first secure resource when the type of credential required to access the first secure resource includes the second SSO credential. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer-implemented method for use in a network environment including an enterprise server, comprising:
-
storing at the enterprise server multiple security credentials for a remote user to access respective secure resources residing on a network employing a generic application layer network protocol; maintaining a map between a plurality of resource servers and a type of security credential required to access each resource server, including maintaining a true/false flag and storing a path/domain for each of the plurality of resource servers; receiving at the enterprise server a signal representing a request from the remote user for a first of the secure resources, wherein the request includes a logon credential for the remote user; determining, by referring to the map and without the intervention of the user, that the type of security credential for the remote user that is required to access the first secure resource comprises a first of the security credentials corresponding to a first path/domain for a first of the resource servers for which the map indicates a true flag, and wherein the determining includes matching the first path/domain with a stored path/domain corresponding to said first of the resource servers; sending from the enterprise server a signal representing a second request to retrieve the first secure resource, the second request including a first of the security credentials for the user of the type required to access the first secure resource, wherein the receiving includes receiving at the enterprise server a signal representing a third request from the remote user for a second of the secure resources residing on the network, determining, without the intervention of the user, the type of security credential for the remote user that is required to access the second secure resource; and
sending from the enterprise server a signal representing a fourth request for retrieving the second secure resource, the fourth request including a second of the security credentials for the user of the type required to access the second secure resource; and
wherein the signals representing the second and fourth requests are sent concurrently. - View Dependent Claims (18, 19, 20, 21, 22)
-
-
23. An apparatus for use in a network environment including an enterprise server, comprising:
-
means for storing at the enterprise server multiple security credentials for a remote user to access respective secure resources residing on a network employing a generic application layer network protocol; means for maintaining a map between a plurality of resource servers and a type of security credential required to access each resource server, including maintaining a true/false flag and storing a path/domain for each of the plurality of resource servers; means for receiving at the enterprise server a signal representing a request from the remote user for a first of the secure resources; means for determining, by referring to the map and without the intervention of the user, that the type of security credential for the remote user that is required to access the first secure resource comprises a first of the security credentials corresponding to a first path/domain for a first of the resource servers for which the map indicates a true flag, and wherein the determining includes matching the first path/domain with a stored path/domain corresponding to said first of the resource servers; means for sending from the enterprise server a signal representing a second request to retrieve the first secure resource, the second request including a first of the security credentials for the user of the type required to access the first secure resource, wherein the request includes a logon credential for the remote user; means for receiving at the enterprise server a signal representing a first single-sign-on (SSO) credential generated by a first SSO provider based on the logon credential; means for sending from the enterprise server a signal representing the first SSO credential to retrieve the first secure resource when the type of credential required to access the first secure resource includes the first SSO credential; and means for sending from the enterprise server a signal representing the first SSO credential to retrieve the first secure resource when the type of credential required to access the first secure resource includes a second SSO credential corresponding to a second SSO provider having a trust relationship with a first SSO provider. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 47)
-
-
38. An apparatus for use in a network environment including an enterprise server, comprising:
-
means for storing at the enterprise server multiple security credentials for a remote user to access respective secure resources residing on a network employing a generic application layer network protocol; means for maintaining a map between a plurality of resource servers and a type of security credential required to access each resource server, including maintaining a true/false flag and storing a path/domain for each of the plurality of resource servers; means for receiving at the enterprise server a signal representing a request from the remote user for a first of the secure resources; means for determining, by referring to the map and without the intervention of the user, that the type of security credential for the remote user that is required to access the first secure resource comprises a first of the security credentials corresponding to a first path/domain for a first of the resource servers for which the map indicates a true flag, and wherein the determining includes matching the first path/domain with a stored path/domain corresponding to said first of the resource servers; means for receiving at the enterprise server a signal representing a first single-sign-on (SSO) credential generated by a first SSO provider based on the logon credential; means for sending from the enterprise server a signal representing the first SSO credential to retrieve the first secure resource when the type of credential required to access the first secure resource includes the first SSO credential; means for sending from the enterprise server a signal representing a second request to retrieve the first secure resource, the second request including a first of the security credentials for the user of the type required to access the first secure resource, wherein the request includes a logon credential for the remote user; means for receiving at the enterprise server a signal representing a second SSO credential generated by a second SSO provider based on a the first SSO credential; and means for sending from the enterprise server a signal representing the second SSO credential to the secure resource when the type of credential required to access the secure resource includes the second SSO credential. - View Dependent Claims (39, 40, 41, 42, 43, 44, 45)
-
-
46. One or more computer-readable media tangibly embodying a program of instructions executable by a computer to perform a method for use in a network environment including an enterprise server, the method comprising:
-
storing at the enterprise server multiple security credentials for a remote user to access respective secure resources residing on a network employing a generic application layer network protocol; maintaining a map between a plurality of resource servers and a type of security credential required to access each resource server, including maintaining a true/false flag and storing a path/domain for each of the plurality of resource servers; receiving at the enterprise server a signal representing a request from the remote user for a first of the secure resources, wherein the request includes a logon credential for the remote user; determining, by referring to the map and without the intervention of the user, that the type of security credential for the remote user that is required to access the first secure resource comprises a first of the security credentials corresponding to a first path/domain for a first of the resource servers for which the map indicates a true flag, and wherein the determining includes matching the first path/domain with a stored path/domain corresponding to said first of the resource servers; sending from the enterprise server a signal representing a second request to retrieve the first secure resource, the second request including a first of the security credentials for the user of the type required to access the first secure resource; receiving at the enterprise server a signal representing a first single-sign-on (SSO) credential generated by a first SSO provider based on the logon credential; sending from the enterprise server a signal representing the first SSO credential to retrieve the first secure resource when the type of credential required to access the first secure resource includes the first SSO credential; and sending from the enterprise server a signal representing the first SSO credential to retrieve the first secure resource when the type of credential required to access the first secure resource includes a second SSO credential corresponding to a second SSO provider having a trust relationship with a first SSO provider. - View Dependent Claims (48, 49, 50, 51, 52, 53)
-
-
54. One or more computer-readable media tangibly embodying a program of instructions executable by a computer to perform a method for use in a network environment including an enterprise server, the method comprising:
-
storing at the enterprise server multiple security credentials for a remote user to access respective secure resources residing on a network employing a generic application layer network protocol; maintaining a map between a plurality of resource servers and a type of security credential required to access each resource server, including maintaining a true/false flag and storing a path/domain for each of the plurality of resource servers; receiving at the enterprise server a signal representing a request from the remote user for a first of the secure resources, wherein the request includes a logon credential for the remote user; determining, by referring to the map and without the intervention of the user, that the type of security credential for the remote user that is required to access the first secure resource comprises a first of the security credentials corresponding to a first path/domain for a first of the resource servers for which the map indicates a true flag, and wherein the determining includes matching the first path/domain with a stored path/domain corresponding to said first of the resource servers; sending from the enterprise server a signal representing a second request to retrieve the first secure resource, the second request including a first of the security credentials for the user of the type required to access the first secure resource; receiving at the enterprise server a signal representing a first single-sign- on (SSO) credential generated by a SSO provider based on the logon credential; sending from the enterprise server a signal representing the first SSO credential to retrieve the first secure resource when the type of credential required to access the first secure resource includes the first SSO credential; receiving at the enterprise server a signal representing a second SSO credential generated by a second SSO provider based on the first SSO credential; and sending from the enterprise server a signal representing the second SSO credential to retrieve the first secure resource when the type of credential required to access the first secure resource includes the second SSO credential. - View Dependent Claims (55, 56, 57, 58, 59, 60, 61)
-
-
62. One or more computer-readable media tangibly embodying a program of instructions executable by a computer to perform a method for use in a network environment including an enterprise server, the method comprising:
-
storing at the enterprise server multiple security credentials for a remote user to access respective secure resources residing on a network employing a generic application layer network protocol; maintaining a map between a plurality of resource servers and a type of security credential required to access each resource server, including maintaining a true/false flag and storing a path/domain for each of the plurality of resource servers; receiving at the enterprise server a signal representing a request from the remote user for a first of the secure resources, wherein the request includes a logon credential for the remote user; determining, by referring to the map and without the intervention of the user, that the type of security credential for the remote user that is required to access the first secure resource comprises a first of the security credentials corresponding to a first path/domain for a first of the resource servers for which the map indicates a true flag, and wherein the determining includes matching the first path/domain with a stored path/domain corresponding to said first of the resource servers; sending from the enterprise server a signal representing a second request to retrieve the first secure resource, the second request including a first of the security credentials for the user of the type required to access the first secure resource, wherein the receiving includes receiving at the enterprise server a signal representing a third request from the remote user for a second secure resource residing on the network, determining, without the intervention of the user, the type of security credential for the remote user that is required to access the second secure resource; and sending from the enterprise server a signal representing a fourth request for retrieving the second secure resource, the fourth request including a second security credential for the user of the type required to access the second secure resource; and wherein the signals representing the second and fourth requests are sent concurrently. - View Dependent Claims (63, 64, 65, 66, 67)
-
Specification