×

Implementing single sign-on across a heterogeneous collection of client/server and web-based applications

  • US 7,500,262 B1
  • Filed: 04/29/2003
  • Issued: 03/03/2009
  • Est. Priority Date: 04/29/2002
  • Status: Active Grant
First Claim
Patent Images

1. A method of leveraging an established authenticated session in obtaining authentication to a client application, the method comprising:

  • receiving, at a client system, a first access request from a user to access a first client application selected from among a plurality of client applications;

    in response to the first access request, presenting a graphical user interface to the user to solicit entry by the user of authentication credentials for the first client application;

    receiving authentication credentials for the first client application entered by the user;

    creating a first authentication request for access to the first client application based on the authentication credentials for the first client application entered by the user;

    sending the first authentication request for access to the first client application to an intermediary system;

    receiving, at the client system from the intermediary system, a master token and a first application token in response to the first authentication request for access to the first client application;

    communicating the first application token from the client system to the first client application for authentication by the first client application;

    storing, in electronic storage accessible by the client system, the master token received from the intermediary system;

    receiving, at the client system, a second access request from the user to access a second client application selected from among the plurality of client applications, the second client application being different from the first client application;

    in response to the second access request, accessing, from the electronic storage accessible by the client system, the master token;

    creating a second authentication request for access to the second client application based on the accessed master token;

    sending the second authentication request for access to the second client application to the intermediary system;

    receiving, at the client system from the intermediary system, a second application token in response to the second authentication request for access to the second client application; and

    communicating the second application token from the client system to the second client application for authentication by the second client application,wherein the first application token is different from the second application token;

    wherein sending the first authentication request for access to the first client application to the intermediary system includes sending, over a network, the first authentication request for access to the first client application to a remote intermediary system that is remote from the client system;

    wherein receiving, at the client system from the intermediary system, the master token and the first application token in response to the first authentication request for access to the first client application includes receiving, at the client system from the remote intermediary system over the network, the master token and the first application token in response to the first authentication request for access to the first client application;

    wherein communicating the first application token from the client system to the first client application for authentication by the first client application includes communicating, over the network, the first application token from the client system to a first remote client application being run by a first remote system that is remote from the client system and different than the remote intermediary system;

    wherein sending the second authentication request for access to the second client application to the intermediary system includes sending, over the network, the second authentication request for access to the second client application to the remote intermediary system;

    wherein receiving, at the client system from the intermediary system, the second application token in response to the second authentication request for access to the second client application includes receiving, at the client system from the remote intermediary system over the network, the second application token in response to the second authentication request for access to the second client application; and

    wherein communicating the second application token from the client system to the second client application for authentication by the second client application includes communicating, over the network, the second application token from the client system to a second remote client application being run by a second remote system that is remote from the client system and different than the remote intermediary system and the first remote system.

View all claims
  • 15 Assignments
Timeline View
Assignment View
    ×
    ×