Method and system for a single-sign-on mechanism within application service provider (ASP) aggregation
First Claim
1. A method for access management in a distributed data processing system, the method comprising:
- receiving from a client a request to access a net-sourced application hosted by an application service provider (ASP), wherein access for the client to the net-sourced application is controlled by the ASP on a subscription basis and wherein the ASP pulls authentication information from an aggregator using tokens that have been presented by the client to the ASP;
extracting a logon resource identifier from an aggregator token that accompanies the request, wherein the aggregator token originated from an ASP aggregator service, wherein the ASP aggregator service provides single-sign-on functionality for a plurality of net-sourced applications, wherein at least one of the net-sourced applications is the net-sourced application hosted by the ASP, wherein a logon resource identified by the logon resource identifier prompts the client or a user of the client to complete an authentication operation, wherein the logon resource identifier is a Uniform Resource Locator, and the logon resource is a logon Web page;
determining that the request was not accompanied with a valid application authentication token;
determining that the client or a user of the client has not been properly authenticated prior to sending a response to the client; and
sending to the client a response indicating the logon resource identifier as a redirectable destination.
2 Assignments
0 Petitions
Accused Products
Abstract
A methodology for providing a single-sign-on mechanism within an ASP aggregator service is presented. An aggregator token is generated by an ASP aggregator service and sent to a client device after its user has been successfully authenticated during a single-sign-on operation that is provided by the ASP aggregator service. The aggregator token then accompanies any request from the client to aggregated applications within the ASP aggregator service'"'"'s infrastructure. The aggregator token comprises an indication of an address or resource identifier within the ASP aggregator service to which a client/user can be redirected when the client/user needs to be authenticated by the ASP aggregator service. In other words, the address/identifier is associated with a logon resource; when a request from a client is sent to this address, the ASP aggregator service responds with an authentication challenge to force the user to complete a single-sign-on operation.
-
Citations
1 Claim
-
1. A method for access management in a distributed data processing system, the method comprising:
-
receiving from a client a request to access a net-sourced application hosted by an application service provider (ASP), wherein access for the client to the net-sourced application is controlled by the ASP on a subscription basis and wherein the ASP pulls authentication information from an aggregator using tokens that have been presented by the client to the ASP; extracting a logon resource identifier from an aggregator token that accompanies the request, wherein the aggregator token originated from an ASP aggregator service, wherein the ASP aggregator service provides single-sign-on functionality for a plurality of net-sourced applications, wherein at least one of the net-sourced applications is the net-sourced application hosted by the ASP, wherein a logon resource identified by the logon resource identifier prompts the client or a user of the client to complete an authentication operation, wherein the logon resource identifier is a Uniform Resource Locator, and the logon resource is a logon Web page; determining that the request was not accompanied with a valid application authentication token; determining that the client or a user of the client has not been properly authenticated prior to sending a response to the client; and sending to the client a response indicating the logon resource identifier as a redirectable destination.
-
Specification
-
- Resources
-
Current AssigneeAirBNB Incorporated
-
Original AssigneeInternational Business Machines Corporation
-
InventorsLawton, Bill, Flurry, Gregory Alan, Nickolas, Stewart Earle
-
Primary Examiner(s)Barron, Jr.; Gilberto
-
Assistant Examiner(s)Dinh; Minh
-
Application NumberUS09/965,736Publication NumberTime in Patent Office2,777 DaysField of Search713/168, 713182-183, 713200-201, 709/225, 709/229US Class Current726/8CPC Class CodesH04L 63/0815 providing single-sign-on or...
