Method and apparatus for facilitating single sign-on of an application cluster

US 7,530,094 B2
Filed: 04/01/2003
Issued: 05/05/2009
Est. Priority Date: 04/01/2003
Status: Active Grant

First Claim

Patent Images

1. A method for facilitating single sign-on of an application cluster, wherein the application cluster hosts a plurality of computer applications on the same computer system, the method comprising:

receiving a logon request at a database server from a specific application in the application cluster,wherein the logon request specifies the application cluster and an authentication credential for the server,wherein the application facilitates a user client system to access the database server, andwherein the application cluster resides in a middle-tier system that is different from the database server as well as the user client system;

authenticating the application cluster to the server using the authentication credential, wherein the plurality of computer applications within the application cluster share a common authentication credential that is unique to the application cluster;

subsequent to authenticating the application cluster, accessing a directory service on a directory server to determine if the specific application is authorized to access a given database schema on the database server; and

if so, authorizing the specific application to access the database schema.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One embodiment of the present invention provides a system that facilitates single sign-on of an application cluster, wherein the application cluster includes a plurality of computer applications residing on the same computer system. The system operates by first receiving a logon request at a server from the application cluster, wherein the logon request specifies an account for the server. Next, the system authenticates the application cluster to the server and determines if the application cluster is authorized to use the specified account. If so, the system authorizes the application cluster to use the specified account.

18 Citations

View as Search Results

18 Claims

1. A method for facilitating single sign-on of an application cluster, wherein the application cluster hosts a plurality of computer applications on the same computer system, the method comprising:
- receiving a logon request at a database server from a specific application in the application cluster,wherein the logon request specifies the application cluster and an authentication credential for the server,wherein the application facilitates a user client system to access the database server, andwherein the application cluster resides in a middle-tier system that is different from the database server as well as the user client system;
  
  authenticating the application cluster to the server using the authentication credential, wherein the plurality of computer applications within the application cluster share a common authentication credential that is unique to the application cluster;
  
  subsequent to authenticating the application cluster, accessing a directory service on a directory server to determine if the specific application is authorized to access a given database schema on the database server; and
  
  if so, authorizing the specific application to access the database schema.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the directory service is a lightweight directory access protocol (LDAP) service.
  - 3. The method of claim 1, wherein verifying the authentication credential involves:
    - requesting a password verifier from a directory service;
      
      challenging the application cluster with the password verifier;
      
      examining a response to this challenge; and
      
      if the response is valid, accepting the authentication credential.
  - 4. The method of claim 1, wherein determining if the application cluster is authorized to use the specified account involves:
    - requesting authorization from a directory service;
      
      receiving a response from the directory service; and
      
      if an authorization is contained in the response, granting access to the application cluster.
  - 5. The method of claim 1, wherein authenticating the application cluster to the server involves providing an account name and an account password for the specified account.
  - 6. The method of claim 1, wherein the authentication credential includes a Kerberos ticket or a public-key infrastructure (PKI) certificate.

7. A computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform a method for facilitating single sign-on of an application cluster, wherein the application cluster hosts a plurality of computer applications on the same computer system, the method comprising:
- receiving a logon request at a database server from a specific application in the application cluster,wherein the logon request specifies the application cluster and an authentication credential for the server,wherein the application facilitates a user client system to access the database server, andwherein the application cluster resides in a middle-tier system that is different from the database server as well as the user client system;
  
  authenticating the application cluster to the server using the authentication credential, wherein the plurality of computer applications within the application cluster share a common authentication credential that is unique to the application cluster;
  
  subsequent to authenticating the application cluster, accessing a directory service on a directory server to determine if the specific application is authorized to access a given database schema on the database server; and
  
  if so, authorizing the specific application to access the database schema.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The computer-readable storage medium of claim 7, wherein the directory service is a lightweight directory access protocol (LDAP) service.
  - 9. The computer-readable storage medium of claim 7, wherein verifying the authentication credential involves:
    - requesting a password verifier from a directory service;
      
      challenging the application cluster with the password verifier;
      
      examining a response to this challenge; and
      
      if the response is valid, accepting the authentication credential.
  - 10. The computer-readable storage medium of claim 7, wherein determining if the application cluster is authorized to use the specified account involves:
    - requesting authorization from a directory service;
      
      receiving a response from the directory service; and
      
      if an authorization is contained in the response, granting access to the application cluster.
  - 11. The computer-readable storage medium of claim 7, wherein authenticating the application cluster to the server involves providing an account name and an account password for the specified account.
  - 12. The computer-readable storage medium of claim 7, wherein the authentication credential includes a Kerberos ticket or a public-key infrastructure (PKI) certificate.

13. An apparatus for facilitating single sign-on of an application cluster, wherein the application cluster hosts a plurality of computer applications on the same computer system, comprising:
- a receiving mechanism configured to receive a logon request at a database server from a specific application in the application cluster,wherein the logon request specifies the application cluster and an authentication credential for the server,wherein the application facilitates a user client system to access the database server, andwherein the application cluster resides in a middle-tier system that is different from the database server as well as the user client system;
  
  an authenticating mechanism configured to authenticate the application cluster to the server using the authentication credential, wherein the plurality of computer applications within the application cluster share a common authentication credential that is unique to the application cluster;
  
  a determining mechanism, wherein, subsequent to authenticating the application cluster, the determining mechanism is configured to determine if the specific application is authorized to access a given database schema on the database server; and
  
  an authorizing mechanism configured to authorize the specific application to access the database schema if the specific application is authorized to use the specified account.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The apparatus of claim 13, wherein the directory service is a lightweight directory access protocol (LDAP) service.
  - 15. The apparatus of claim 13, further comprising:
    - a requesting mechanism configured to request a password verifier from a directory service;
      
      a challenging mechanism configured to challenge the application cluster using the password verifier;
      
      an examining mechanism configured to examine a response to this challenge; and
      
      an accepting mechanism configured to accept the authentication credential if the response is valid.
  - 16. The apparatus of claim 13, further comprising:
    - a requesting mechanism configured to request authorization from a directory service;
      
      a receiving mechanism configured to receive a response from the directory service; and
      
      a granting mechanism configured to grant access to the application cluster if an authorization is contained in the response.
  - 17. The apparatus of claim 13, wherein authenticating the application cluster to the server involves providing an account name and an account password for the specified account.
  - 18. The apparatus of claim 13, wherein the authentication credential includes a Kerberos ticket or a public-key infrastructure (PKI) certificate.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Schneider Hollinger, Marilyn Joyce, Philips, Andrew B.
Primary Examiner(s)
Zand; Kambiz
Assistant Examiner(s)
Homayounmehr; Farid

Application Number

US10/405,434
Publication Number

US 20040199794A1
Time in Patent Office

2,226 Days
Field of Search

726/1, 726/2
US Class Current

726/2
CPC Class Codes

G06F 21/41   where a single sign-on prov...

H04L 63/0815   providing single-sign-on or...

H04L 63/083   using passwords cryptograph...

Method and apparatus for facilitating single sign-on of an application cluster

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

18 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for facilitating single sign-on of an application cluster

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links