Single system user identity
First Claim
1. A method for validating a user on an application server, comprising:
- receiving a request for access from an external user with an external user identity at an access point of an application on an application server, wherein an internal user identity is configured to provide access to resources at the application server for users with that internal user identity;
authenticating the external user based at least on user credentials associated with the external user in response to the request for access;
upon successful authentication, switching the identity of the external user to the internal user identity for the application by pushing internal user information on a user stack for the external user, so that the internal user identity governs access to resources at the application server for the external user, wherein switching the identity of the external user to the internal user identity includes adding internal user context information to the external user identity;
upon the external user exiting the application server, popping the internal user information from the user stack, so that the external user is switched back to the external user identity; and
providing, by the internal user identity, to the external user, a higher level of privilege in the application server, that is unavailable for the external user as the external user identity.
2 Assignments
0 Petitions
Accused Products
Abstract
When an external user such as a trading partner makes a request into an access point of an application on an application server, that external user can be authenticated as a valid user on the system. The identity of the external user can then be switched to an internal system user identity, such as by pushing new user information on the user stack or by adding internal user context. This internal system user identity allows the user to access resources and applications on the application server that are not available to an external user. The use of this single internal system user identity allows for a single login process that can be used for all resources and applications on the server. The use of an internal user also prevents an external user from accessing those resources unless the user is first authenticated through a proper entry point.
-
Citations
19 Claims
-
1. A method for validating a user on an application server, comprising:
-
receiving a request for access from an external user with an external user identity at an access point of an application on an application server, wherein an internal user identity is configured to provide access to resources at the application server for users with that internal user identity; authenticating the external user based at least on user credentials associated with the external user in response to the request for access; upon successful authentication, switching the identity of the external user to the internal user identity for the application by pushing internal user information on a user stack for the external user, so that the internal user identity governs access to resources at the application server for the external user, wherein switching the identity of the external user to the internal user identity includes adding internal user context information to the external user identity; upon the external user exiting the application server, popping the internal user information from the user stack, so that the external user is switched back to the external user identity; and providing, by the internal user identity, to the external user, a higher level of privilege in the application server, that is unavailable for the external user as the external user identity. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system embodied on computer readable storage medium comprising:
-
an application server; and multiple applications on the application server, each of the multiple applications having an access point including a validation mechanism for validating an external user with an external user identity, the validation mechanism of an application on the application server switching the identity of a validated external user to an internal user identity after the external user is validated by pushing internal user information on a user stack for the external user, so that the internal user identity governs access to resources at the application server for the external user, wherein switching the identity of the external user to the internal user identity includes adding internal user context information to the external user identity, and upon the external user exiting the application server, popping the internal user information from the user stack, so that the external user is switched back to the external user identity; wherein the internal user identity is configured to provide access to resources at the application server for users with that internal user identity including a higher level of privilege in the application server that is unavailable for the external user as the external user identity. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A method for validating a user on an application server, comprising:
-
receiving a request for access from an external user with an external user identity at an access point of an application on an application server, wherein an internal user identity is configured to provide access to resources at the application server for users with that internal user identity; authenticating the external user based at least on user credentials associated with the external user in response to the request for access; upon successful authentication, switching the identity of the external user to the internal user identity for the application by pushing internal user information on a user stack for the external user, so that the internal user identity governs access to resources at the application server for the external user, wherein switching the identity of the external user to the internal user identity includes adding internal user context information to the external user identity,; forwarding the request for access to a second application on the application server, wherein the internal user identity allows the external user access to the second application without needing a separate valid username and password for the second application upon the external user exiting the application server, popping the internal user information from the user stack, so that the external user is switched back to the external user identity; and providing, by the internal user identity, to the external user, a higher level of privilege in the application server, that is unavailable for the external user as the external user identity; wherein configuring access rights for the internal user identity also modifies access to those resources as subsequently provided to each user switched to the internal user identity.
-
Specification