Single sign-on method for web-based applications
First Claim
1. A method for single sign-on of a user on a client machine to one or more target applications on target application servers in a computer information-processing network, comprising:
- before accessing said target application server, accessing an access server from a browser on said client machine;
entering into said browser user-specific access server logon credentials for logon and access to said access server and logging onto said access server;
while logged onto said access server, selecting a link to a target application of said one or more target applications from a linkpage presented to said browser by said access server, user-specific target application logon credentials for said target application having been previously stored in a registration database;
after said selecting said link, said access server presenting to said target application said stored user-specific target application logon credentials for logon and access to said target application in a form and according to a protocol recognizable by said target application and thereby logging into said target application on behalf of the user and establishing a target application session between said client machine and said target application;
after logging onto said access server and after establishing said target application session, bypassing said access server; and
wherein said client machine is linked to said access server by a network, both said client machine and said access server are linked to a single sign-on engine by said network and said single sign-on engine is linked to said target application servers by said network, said single sign-on engine including two or more single sign-on logon servlets, a single sign-on database module, two or more single sign-on application servlets, a single sign-on registration database, a single sign-on database and a single sign-on error program module.
2 Assignments
0 Petitions
Accused Products
Abstract
A method for single-sign on of a user on a client machine to one or more target applications on target application servers in a computer information-processing network, including: accessing an access server from the client machine; entering user-specific access server logon credentials for logon and access to the access server; selecting a target application; presenting to the target application by the access server, previously stored user-specific target application logon credentials for logon and access to the target application in a form and according to a protocol recognizable by the target application thereby logging into the target application on behalf of the user and establishing a target application session; sending from the access server to the client machine, information for establishing a connection from the client machine to the target application; and establishing a target application session, bypassing the access server, between the client machine and the target application.
56 Citations
23 Claims
-
1. A method for single sign-on of a user on a client machine to one or more target applications on target application servers in a computer information-processing network, comprising:
-
before accessing said target application server, accessing an access server from a browser on said client machine; entering into said browser user-specific access server logon credentials for logon and access to said access server and logging onto said access server; while logged onto said access server, selecting a link to a target application of said one or more target applications from a linkpage presented to said browser by said access server, user-specific target application logon credentials for said target application having been previously stored in a registration database; after said selecting said link, said access server presenting to said target application said stored user-specific target application logon credentials for logon and access to said target application in a form and according to a protocol recognizable by said target application and thereby logging into said target application on behalf of the user and establishing a target application session between said client machine and said target application; after logging onto said access server and after establishing said target application session, bypassing said access server; and wherein said client machine is linked to said access server by a network, both said client machine and said access server are linked to a single sign-on engine by said network and said single sign-on engine is linked to said target application servers by said network, said single sign-on engine including two or more single sign-on logon servlets, a single sign-on database module, two or more single sign-on application servlets, a single sign-on registration database, a single sign-on database and a single sign-on error program module. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer system comprising a processor, an address/data bus coupled to said processor, and a non-transitory computer-readable memory unit coupled to communicate with said processor, said memory unit containing instructions that when executed by the processor implement a method for single sign-on of a user on a client machine to one or more target applications on target application servers in a computer information-processing network, said method comprising the computer implemented steps of:
-
before accessing said target application server, accessing an access server from a browser on said client machine; entering into said browser user-specific access server logon credentials for logon and access to said access server and logging onto said access server; while logged onto said access server, selecting a link to a target application of said one or more target applications from a linkpage presented to said browser by said access server, user-specific target application logon credentials for said target application having been previously stored in a registration database; after said selecting said link, to said target application by said access server said stored user-specific target application logon credentials for logon and access to said target application in a form and according to a protocol recognizable by said target application and thereby logging into said target application on behalf of the user and establishing a target application session between said client machine and said target application; bypassing said access server after logging onto said access server and after establishing said target application session; and wherein said client machine is linked to said access server by a network, both said client machine and said access server are linked to a single sign-on engine by said network and said single sign-on engine is linked to said target application servers by said network, said single sign-on engine including two or more single sign-on logon servlets, a single sign-on database module, two or more single sign-on application servlets, a single sign-on registration database, a single sign-on database and a single sign-on error program module. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. An access server connectable in an information processing network, comprising:
-
at least one processor; a memory; a computer program supported in said memory for enabling access to a target application on a target application server linked to said information-processing network, the computer program comprising; means for accessing an access server from a browser on said client machine before accessing said target application server; means for entering into said browser user-specific access server logon credentials for logon and access to said access server and logging onto said access server; means for selecting, while logged on to said access server, a link to a target application of said one or more target applications from a linkpage presented to said browser by said access server, user-specific target application logon credentials for said target application having been previously stored in a registration database; means for presenting, after said selecting said link, to said target application by said access server said stored user-specific target application logon credentials for logon and access to said target application in a form and according to a protocol recognizable by said target application and thereby logging into said target application on behalf of the user and establishing a target application session between said client machine and said target application; means for bypassing said access server after establishing said target application session; and wherein said client machine is linked to said access server by a network, both said client machine and said access server are linked to a single sign-on engine by said network and said single sign-on engine is linked to said target application server by said network, said single sign-on engine including two or more single sign-on logon servlets, a single sign-on database module, two or more single sign-on application servlets, a single sign-on registration database, a single sign-on database and a single sign-on error program module. - View Dependent Claims (22, 23)
-
Specification