Single sign-on method for web-based applications
First Claim
1. A method for single-sign on, consisting of:
- (a) accessing an access server from a browser on a client machine;
after (a), (b) entering into said browser on said client machine user-specific access server logon credentials for logon and access to said access server and logging on to said access server;
after (b), (c) said access server presenting to said browser on said client machine a user-specific linkpage of links to each target application of a list of previously registered target applications residing on one or more target application servers, said user-specific target application logon credentials having been previously stored in a registration database residing on a first additional server to which said access server has access, and if a target application residing on said one or more target application servers to which access is wanted exists in said list of target applications then selecting a corresponding link on said linkpage and proceeding to step (i) otherwise proceeding to step (d);
after (c), (d) navigating to a setup screen of said access server and selecting said target application from a list of enabled target application enabled on said access server and presented on said setup screen;
after (d), (e) said access server starting a network traffic recorder;
after (e), (f) while logged onto said access server, entering user-specific target application logon credentials for logon and access to said target application on an application server of said two or more application servers, said traffic recorder recording said user-specific target application credentials;
after (f), (g) said access server matching said user-specific target application credentials against predefined sets of known logon sequence types stored on a single-sign-on data base residing on a second additional server to which said access server has access and generating logon code for said target application based on network traffic recorded by said network traffic recorder and a matching logon sequence type stored in second additional server;
after (g), (h) storing said logon code and said user-specific target application logon credentials for said target application in a database of said access server and adding said target application to said list of target applications and a link to said target application to said linkpage of said access server;
after (h), (i) presenting to said target application by said access server said stored user-specific target application logon credentials for logon and access to said target application in a form and according to a protocol recognizable by said target application in order to log onto said target application and establish a target application session between said access server and said target application;
(j) if after (i) said access server is able to log onto said target application then proceeding to step (k), otherwise;
said access server requesting new user-specific target application logon credentials for said target application through said browser of said client machine;
replacing said user-specific target application logon credentials for logon and access to said target application stored on said first additional server with and storing said new user-specific target application logon credentials for logon and access to said target application on said first additional server; and
repeating step (h) using said new user-specific target application logon credentials instead of said user-specific target application logon credentials; and
after (i) or (j), (k) establishing a target application session, bypassing said access server, between said browser of said client machine and said target application on said application server of said one more application servers.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for single-sign on of a user on a client machine to one or more target applications on target application servers in a computer information-processing network, including: accessing an access server from the client machine; entering user-specific access server logon credentials for logon and access to the access server; selecting a target application; presenting to the target application by the access server, previously stored user-specific target application logon credentials for logon and access to the target application in a form and according to a protocol recognizable by the target application thereby logging into the target application on behalf of the user and establishing a target application session; sending from the access server to the client machine, information for establishing a connection from the client machine to the target application; and establishing a target application session, bypassing the access server, between the client machine and the target application.
91 Citations
1 Claim
-
1. A method for single-sign on, consisting of:
-
(a) accessing an access server from a browser on a client machine; after (a), (b) entering into said browser on said client machine user-specific access server logon credentials for logon and access to said access server and logging on to said access server; after (b), (c) said access server presenting to said browser on said client machine a user-specific linkpage of links to each target application of a list of previously registered target applications residing on one or more target application servers, said user-specific target application logon credentials having been previously stored in a registration database residing on a first additional server to which said access server has access, and if a target application residing on said one or more target application servers to which access is wanted exists in said list of target applications then selecting a corresponding link on said linkpage and proceeding to step (i) otherwise proceeding to step (d); after (c), (d) navigating to a setup screen of said access server and selecting said target application from a list of enabled target application enabled on said access server and presented on said setup screen; after (d), (e) said access server starting a network traffic recorder; after (e), (f) while logged onto said access server, entering user-specific target application logon credentials for logon and access to said target application on an application server of said two or more application servers, said traffic recorder recording said user-specific target application credentials; after (f), (g) said access server matching said user-specific target application credentials against predefined sets of known logon sequence types stored on a single-sign-on data base residing on a second additional server to which said access server has access and generating logon code for said target application based on network traffic recorded by said network traffic recorder and a matching logon sequence type stored in second additional server; after (g), (h) storing said logon code and said user-specific target application logon credentials for said target application in a database of said access server and adding said target application to said list of target applications and a link to said target application to said linkpage of said access server; after (h), (i) presenting to said target application by said access server said stored user-specific target application logon credentials for logon and access to said target application in a form and according to a protocol recognizable by said target application in order to log onto said target application and establish a target application session between said access server and said target application; (j) if after (i) said access server is able to log onto said target application then proceeding to step (k), otherwise; said access server requesting new user-specific target application logon credentials for said target application through said browser of said client machine; replacing said user-specific target application logon credentials for logon and access to said target application stored on said first additional server with and storing said new user-specific target application logon credentials for logon and access to said target application on said first additional server; and repeating step (h) using said new user-specific target application logon credentials instead of said user-specific target application logon credentials; and after (i) or (j), (k) establishing a target application session, bypassing said access server, between said browser of said client machine and said target application on said application server of said one more application servers.
-
Specification