Single sign-on system and method
First Claim
1. A system for single sign-on for enterprise applications, comprising:
- a plurality of enterprise applications;
a policy server that receives a user'"'"'s single sign-on information regarding access to a first enterprise application and promotes communication of authentication and authorization information for the first enterprise application to determine the user'"'"'s access to the first enterprise application, the policy server, regarding the user accessing a second enterprise application, authenticates the user based on the user'"'"'s single sign-on information and uses the single sign-on information to obtain authorization information for the second enterprise application to determine the user'"'"'s access to the second enterprise application;
an authentication data store maintaining the authentication information used by the policy server related to user authentication for at least some of the plurality of enterprise applications;
a first internal authorization data store maintaining internal authorization information related to internal user;
a second external authorization data store maintaining external authorization information related to external user;
a consolidated data store maintaining consolidated authorization information including both the internal and external user authorization information used by the policy server related to user authorization for at least some of the plurality of enterprise applications; and
a synchronization component that synchronizes the internal and external authorization information from the first internal and second external authorization data stores, respectively, to the consolidated data store.
6 Assignments
0 Petitions
Accused Products
Abstract
A system for single sign-on to a plurality of computing applications is provided. The system includes a plurality of enterprise applications, a policy server, and an authentication data store maintaining authentication information for the enterprise applications. The system also includes internal and external user authorization data stores that maintain user authorization information for the enterprise applications. A synchronization component synchronizes to a consolidated data store information from the internal and external authorization data stores and eliminates duplicate user information. To access a first enterprise application, the user'"'"'s information is authenticated against the authentication data store and authorized against the consolidated authorization data store. To access a second enterprise application, the user is not required to sign on again since the previously entered user information is used to authenticate the user, and the consolidated data store is automatically checked to determine the user'"'"'s authorization level for the second enterprise application.
138 Citations
22 Claims
-
1. A system for single sign-on for enterprise applications, comprising:
-
a plurality of enterprise applications; a policy server that receives a user'"'"'s single sign-on information regarding access to a first enterprise application and promotes communication of authentication and authorization information for the first enterprise application to determine the user'"'"'s access to the first enterprise application, the policy server, regarding the user accessing a second enterprise application, authenticates the user based on the user'"'"'s single sign-on information and uses the single sign-on information to obtain authorization information for the second enterprise application to determine the user'"'"'s access to the second enterprise application; an authentication data store maintaining the authentication information used by the policy server related to user authentication for at least some of the plurality of enterprise applications; a first internal authorization data store maintaining internal authorization information related to internal user; a second external authorization data store maintaining external authorization information related to external user; a consolidated data store maintaining consolidated authorization information including both the internal and external user authorization information used by the policy server related to user authorization for at least some of the plurality of enterprise applications; and a synchronization component that synchronizes the internal and external authorization information from the first internal and second external authorization data stores, respectively, to the consolidated data store. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A method for providing a single sign-on capability for a plurality of computing applications comprising:
-
providing a first data store containing information on a first user of a first computing application; providing a second data store containing information on a second user of a second computing application; extracting information from the first and second data stores; translating the information from a format of the first data store and a format of the second data store into a format of a third data store; when a duplication exists between an identifying attribute for a record from the first data store and an identifying attribute for a record from the second data store, assigning a new identifying attribute to the record from the first data store; loading the translated information into the third data store; a user providing identifying information when the user attempts to gain access to the first computing application; comparing the identifying information provided by the user with authorization information in the third data store and authentication information in a fourth data store regarding the user'"'"'s authority to access the first computing application; authorizing the user for access to the first computing application; when a user attempts to gain access to the second computing application, retrieving, without further action from the user, the identifying information provided by the user and comparing the identifying information provided by the user with authorization information in the third data store regarding the user'"'"'s authority to access the second computing application; and authorizing the user for access to the second computing application. - View Dependent Claims (18, 19, 20)
-
-
21. A system for allowing access to a plurality of web applications through a single sign-on comprising:
-
a first data store that contains authorization information on a first user of at least one computing application; a second data store that contains authorization information on a second user of the at least one computing application; a third data store that contains authorization information on the first and second users; a fourth data store that maintains authentication information related to access to the computing applications; a synchronization component that translates information from a format of the first data store and a format of the second data store into a format of a third data store, and, when a duplication exists between an identifying attribute for a record from the first data store and an identifying attribute for a record from the second data store, the synchronization component assigns a single identifying attribute to the record and promotes loading the translated information into the third data store; and a policy server component using identifying information provided by a user signing on to a first computing application to compare to authorization information in the third data store and to compare to authentication information in the fourth data store to determine the user'"'"'s access to the first computing application, and, when the user attempts to gain access to a second computing application, the policy server compares the identifying information to authorization information in the third data store without further action from the user to determine the user'"'"'s access to the second computing application. - View Dependent Claims (22)
-
Specification