Securely passing user credentials for access to an application through a network portal

US 7,512,651 B2
Filed: 12/20/2002
Issued: 03/31/2009
Est. Priority Date: 12/20/2002
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, at a portal server, a request for an application;

retrieving, at the portal server, a template associated with the application, the template used to generate a network address locating the application at an application server;

generating, at the portal server, the network address including first user credentials in a query portion of the network address, the network address generated using a template including at least one value specific to a user of the application and at least another value specific to the application, the network address configured, such that when the network address is sent to a browser at a client, the browser launches the application using the at least one value specific to the user of the application and the at least one other value specific to the application;

generating, at the portal server, source code without including the first user credentials, when the browser does not include a frame to render an output of the application, the source code without the first user credentials configured to redirect the browser to the portal server after generating, using the source code, the frame at the browser, the redirection causing the portal server to restore the network address including first user credentials; and

transmitting, by the portal server to the browser, the network address including first user credentials to generate, at the browser, a post request to log, at the application server, the query portion and without logging, at the application server, the first user credentials.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and techniques to enable access of an application through a network portal to integrate that network application into the portal services provided to a user. In general, in one implementation, the technique includes generating a network address including user credentials in a query portion of the network address. The technique also includes generating an encrypted network request using a command which causes a network server to not log the query portion of the network address and causing a redirect at a network browser after employing the network address in the network request.

Citations

30 Claims

1. A method comprising:
- receiving, at a portal server, a request for an application;
  
  retrieving, at the portal server, a template associated with the application, the template used to generate a network address locating the application at an application server;
  
  generating, at the portal server, the network address including first user credentials in a query portion of the network address, the network address generated using a template including at least one value specific to a user of the application and at least another value specific to the application, the network address configured, such that when the network address is sent to a browser at a client, the browser launches the application using the at least one value specific to the user of the application and the at least one other value specific to the application;
  
  generating, at the portal server, source code without including the first user credentials, when the browser does not include a frame to render an output of the application, the source code without the first user credentials configured to redirect the browser to the portal server after generating, using the source code, the frame at the browser, the redirection causing the portal server to restore the network address including first user credentials; and
  
  transmitting, by the portal server to the browser, the network address including first user credentials to generate, at the browser, a post request to log, at the application server, the query portion and without logging, at the application server, the first user credentials.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 14)
- - 2. The method of claim 1 further comprising transmitting the network address and the source code to a network browser.
  - 3. The method of claim 1 wherein the network address is a first network address, the method further comprising:
    - generating a second network address associated with a redirect request; and
      
      transmitting the first network address to a browser in response to the redirect request.
  - 4. The method of claim 3 wherein the redirect request comprises an identifier.
  - 5. The method of claim 3 further comprising generating replacement source code in response to the redirect.
  - 6. The method of claim 1 further comprising:
    - generating source code to cause an encrypted network request in accord with hypertext transfer protocol over secure socket layer (“
      
      https”
      
      ) or in accord with secure hypertext transfer protocol (“
      
      s-http”
      
      ).
  - 7. The method of claim 1 further comprising generating source code to cause a terminal emulator connection between a network browser and a computing device hosting a requested resource.
  - 8. The method of claim 7 wherein generating source code to cause a terminal emulator connection further comprises generating source code including an applet.
  - 9. The method of claim 1 further comprising identifying, with a template, a correspondence between a first parameter associated with a portal and a second parameter associated with a network resource.
  - 10. The method of claim 9 wherein generating the network address further comprises using the template to generate the network address.
  - 11. The method of claim 1 wherein the first command comprises an http POST command.
  - 14. The method of claim 1, further comprising:
    - interpreting, at the portal server, a template for access to a service, the template comprising a first parameter for a service address and a second parameter for user credentials;
      
      and, wherein the generating the network address comprises replacing the first parameter with the service address and replacing the second parameter with the first user credentials in accordance with the template, the replacing to generate the network address including the first user credentials in the query portion of the network address.

12. The method of claim I wherein the network address comprises a uniform resource locator (“
- URL”
  
  ) and the first user credentials comprise an account name and password to authenticate the user for a service.

13. The method of claim I wherein the source code comprises hypertext markup language (“
- HTML”
  
  ) or extensible markup language (“
  
  XML”
  
  ).

15. A system comprising:
- a processor; and
  
  a memory, wherein the processor and the memory are configured to provide a method comprising;
  
  receiving, at an integration component at a portal server, a request for an application;
  
  retrieving, at the integration component at the portal server, a template associated with the application, the template used to generate a network address locating the application at an application server;
  
  generating, at the integration component at the portal server, a network address including first user credentials in a query portion of the network address, the network address generated using a template including at least one value specific to a user of the application and at least another value specific to the application, the network address configured, such that when the network address is sent to a browser at a client, the browser launches the application using the at least one value specific to the user of the application and the at least one other value specific to the application;
  
  generating, at the integration component at the portal server, source code without including the first user credentials, when the browser does not include a frame to render an output of the application, the source code without the first user credentials configured to redirect the browser to the portal server after generating, using the source code, the frame at the browser, the redirection causing the portal server to restore the network address including first user credentials; and
  
  transmitting, by the portal server to the browser, the network address including first user credentials to generate, at the browser, a post request to log, at the application server, the query portion and without logging, at the application server, the first user credentials.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 16. The system of claim 15 wherein the integration component is further configured to transmit the source code to the network browser.
  - 17. The system of claim 15 wherein the network address is a first network address, the source code further comprising a second network address associated with a network portal for the redirect.
  - 18. The system of claim 17 wherein the redirect comprises an identifier.
  - 19. The system of claim 15 wherein the integration component is further configured to generate replacement source code in response to the redirect.
  - 20. The system of claim 15 wherein the encrypted network request is in accord with https or in accord with s-http.
  - 21. The system of claim 15 wherein the integration component is further configured to generate source code to cause a terminal emulation connection between the network browser and a computing device hosting a requested resource.
  - 22. The system of claim 21 wherein the integration component is further configured to generate source code to cause a terminal emulation using an applet.
  - 23. The system of claim 15 wherein the integration component is further configured to identify, with a template, a correspondence between a first parameter associated with a portal and a second parameter associated with a network resource.
  - 24. The system of claim 23 wherein the integration component is further configured to generate the network address employing the template.
  - 25. The system of claim 15 wherein the first command comprises a POST command.
  - 26. The system of claim 15 wherein the network address comprises a URL.
  - 27. The system of claim 15 wherein the source code comprises HTML or XML.
  - 28. The system of claim 15 further comprising a client including the network browser.

29. An article comprising a machine-readable medium storing instructions operable to cause one or more machines to perform operations comprising:
- receiving, at an integration component at a portal server, a request for an application;
  
  retrieving, at the integration component at the portal server, a template associated with the application, the template used to generate a network address locating the application at an application server;
  
  generating, at the integration component at the portal server, the network address including first user credentials in a query portion of the network address, the network address generated using a template including at least one value specific to a user of the application and at least another value specific to the application, the network address configured, such that when the network address is sent to a browser at a client, the browser launches the application using the at least one value specific to the user of the application and the at least one other value specific to the application;
  
  generating, at the integration component at the portal server, source code without including the first user credentials, when the browser does not include a frame to render an output of the application, the source code without the first user credentials configured to redirect the browser to the portal server after generating, using the source code, the frame at the browser, the redirection causing the portal server to restore the network address including first user credentials; and
  
  transmitting, by the portal server to the browser, the network address including first user credentials to generate, at the browser, a cost request to log, at the application server, the query portion and without logging, at the application server, the first user credentials.
- View Dependent Claims (30)
- - 30. The article of claim 29 further comprising a machine-readable medium storing instructions operable to cause one or more machines to perform operations comprising:
    - generating a second network address associated with a redirect request; and
      
      transmitting the first network address to a browser in response to the redirect request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SAP SE
Original Assignee
SAP AG (SAP SE)
Inventors
Offermann, Udo
Primary Examiner(s)
Winder; Patrice
Assistant Examiner(s)
CHOUDHURY, AZIZUL Q

Application Number

US10/325,652
Publication Number

US 20040123148A1
Time in Patent Office

2,293 Days
Field of Search

709/203, 709/223
US Class Current

709/203
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/0815   providing single-sign-on or...

Securely passing user credentials for access to an application through a network portal

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Securely passing user credentials for access to an application through a network portal

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links