Method and apparatus for facilitating single sign-on to applications
First Claim
1. A method for performing single sign-on to web applications on a website host computer using dynamic directives, comprising:
- receiving a first request at a web application from a user to access public content;
providing the public content to the user;
receiving a second request from the user to access private content;
sending a first dynamic directive to a web module, wherein the first dynamic directive specifies that an authentication credential is required from the user, and wherein the web module can access a single sign-on server on behalf of the application;
allowing the web module to request the authentication credential from the single sign-on server on behalf of the application;
when a token is received from the single sign-on server at the application, wherein the token includes the authentication credential and an access time,providing private content to the user;
when a logout request is sent by the user to the application and the logout request is received from the user at the application,sending a second dynamic directive to the web module from the application, wherein the second dynamic directive requests a logout;
upon examining the second dynamic directive in the web module and discovering that the logout is requested,requesting that the single sign-on server log out the user, and informing partner applications that the user has logged out,wherein the user is logged out only with respect to receiving private content from the partner applications, wherein the partner applications are related applications that also make use of the single sign on server; and
wherein if the access time within the token indicates that a specified timeout period has elapsed;
sending a third dynamic directive to the web module from the application, wherein the third dynamic directive requests a logout; and
allowing the web module to,discover that the logout is requested,request that the single sign-on server log out the user, andinform all partner applications that the user has logged out, wherein the user is logged out only with respect to receiving private content from the partner applications.
1 Assignment
0 Petitions
Accused Products
Abstract
One embodiment of the present invention provides a system that performs single sign-on to web applications using dynamic directives. The system operates by first receiving a request at an application to provide content to a user. In response to the request, the application provides public content to the user. Upon receiving a request from the user to access private content, the application sends a dynamic directive to a web module that can access a single sign-on server on behalf of the application, wherein the dynamic directive specifies that an authentication credential is required from the user. Next, the application allows the web module to request the authentication credential from the single sign-on server on behalf of the application. When the authentication credential is received from the single sign-on server, the application provides the private content to the user.
40 Citations
18 Claims
-
1. A method for performing single sign-on to web applications on a website host computer using dynamic directives, comprising:
-
receiving a first request at a web application from a user to access public content; providing the public content to the user; receiving a second request from the user to access private content; sending a first dynamic directive to a web module, wherein the first dynamic directive specifies that an authentication credential is required from the user, and wherein the web module can access a single sign-on server on behalf of the application; allowing the web module to request the authentication credential from the single sign-on server on behalf of the application; when a token is received from the single sign-on server at the application, wherein the token includes the authentication credential and an access time, providing private content to the user; when a logout request is sent by the user to the application and the logout request is received from the user at the application, sending a second dynamic directive to the web module from the application, wherein the second dynamic directive requests a logout; upon examining the second dynamic directive in the web module and discovering that the logout is requested, requesting that the single sign-on server log out the user, and informing partner applications that the user has logged out, wherein the user is logged out only with respect to receiving private content from the partner applications, wherein the partner applications are related applications that also make use of the single sign on server; and wherein if the access time within the token indicates that a specified timeout period has elapsed; sending a third dynamic directive to the web module from the application, wherein the third dynamic directive requests a logout; and allowing the web module to, discover that the logout is requested, request that the single sign-on server log out the user, and inform all partner applications that the user has logged out, wherein the user is logged out only with respect to receiving private content from the partner applications. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform a method for performing single sign-on to web applications on a website host computer using dynamic directives, the method comprising:
-
receiving a first request at a web application from a user to access public content; providing the public content to the user; receiving a second request from the user to access private content; sending a first dynamic directive to a web module, wherein the first dynamic directive specifies that an authentication credential is required from the user, and wherein the web module can access a single sign-on server on behalf of the application; allowing the web module to request the authentication credential from the single sign-on server on behalf of the application; when a token is received from the single sign-on server at the application wherein the token includes the authentication credential and an access time, providing private content to the user; when a logout request is sent by the user to the application and the logout request is received from the user at the application, sending a second dynamic directive to the web module from the application, wherein the second dynamic directive requests a logout; upon examining the second dynamic directive in the web module and discovering that the logout is requested, requesting that the single sign-on server log out the user, and informing partner applications that the user has logged out, wherein the user is logged out only with respect to receiving private content from the partner applications, wherein the partner applications are related applications that also make use of the single sign on server; and wherein if the access time within the token indicates that a specified timeout period has elapsed; sending a third dynamic directive to the web module from the application, wherein the third dynamic directive requests a logout; and allowing the web module to, discover that the logout is requested, request that the single sign-on server log out the user, and inform all partner applications that the user has logged out, wherein the user is logged out only with respect to receiving private content from the partner applications, wherein the partner applications are related applications that also make use of the single sign on server. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. An apparatus for performing single sign-on to web applications on a website host computer using dynamic directives, comprising:
-
a receiving mechanism configured to receive a first request at a web application from a user to access public content; a providing mechanism configured to provide the public content to the user; wherein the receiving mechanism is further configured to receive a second request from the user to access private content; a sending mechanism configured to send a first dynamic directive to a web module, wherein the first dynamic directive specifies that an authentication credential is required from the user, and wherein the web module can access a single sign-on server on behalf of the application; a requesting mechanism configured to request the authentication credential from the single sign-on server; wherein the providing mechanism is further configured to provide private content to the user when a token is received from the single sign-on server at the application, wherein the token includes the authentication credential and an access time; wherein the receiving mechanism is further configured to receive a logout request from the user at the application, wherein the logout request is sent by the user to the application; wherein the sending mechanism is further configured to send a second dynamic directive to the web module from the application, wherein the protocol code in the second dynamic directive requests a logout; an examining mechanism configured to examine the protocol code in the web module to discover that the logout is requested; wherein the requesting mechanism is further configured to request the single sign-on server to log out the user; wherein if the access time within the token indicates that a specified timeout period has elapsed; the sending mechanism is further configured to send a third dynamic directive to the web module from the application, wherein the third dynamic directive requests a logout; a discovering mechanism configured to discover that the logout is requested; wherein the requesting mechanism is further configured to request the single sign-on server to log out the user; and a logout mechanism configured to inform all partner applications that the user has logged out, wherein the user is logged out only with respect to receiving private content from the partner applications, wherein the partner applications are related applications that also make use of the single sign on server. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification