Single sign-on method for web-based applications

US 7,958,547 B2
Filed: 01/06/2009
Issued: 06/07/2011
Est. Priority Date: 04/29/2003
Status: Active Grant

First Claim

Patent Images

1. A method for single sign-on of a user on a client machine to one or more target applications on target application servers in a computer information-processing network, comprising:

before accessing said target application server, accessing an access server from a browser on said client machine;

entering into said browser user-specific access server logon credentials for logon and access to said access server and logging onto said access server;

while logged onto said access server, selecting a link to a target application of said one or more target applications from a linkpage presented to said browser by said access server, user-specific target application logon credentials for said target application having been previously stored in a registration database;

after said selecting said link, said access server presenting to said target application said stored user-specific target application logon credentials for logon and access to said target application in a form and according to a protocol recognizable by said target application and thereby logging into said target application on behalf of the user and establishing a target application session between said client machine and said target application;

after logging onto said access server and after establishing said target application session, bypassing said access server; and

wherein said client machine is linked to said access server by a network, both said client machine and said access server are linked to a single sign-on engine by said network and said single sign-on engine is linked to said target application servers by said network, said single sign-on engine including two or more single sign-on logon servlets, a single sign-on database module, two or more single sign-on application servlets, a single sign-on registration database, a single sign-on database and a single sign-on error program module.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for single-sign on of a user on a client machine to one or more target applications on target application servers in a computer information-processing network, including: accessing an access server from the client machine; entering user-specific access server logon credentials for logon and access to the access server; selecting a target application; presenting to the target application by the access server, previously stored user-specific target application logon credentials for logon and access to the target application in a form and according to a protocol recognizable by the target application thereby logging into the target application on behalf of the user and establishing a target application session; sending from the access server to the client machine, information for establishing a connection from the client machine to the target application; and establishing a target application session, bypassing the access server, between the client machine and the target application.

56 Citations

View as Search Results

23 Claims

1. A method for single sign-on of a user on a client machine to one or more target applications on target application servers in a computer information-processing network, comprising:
- before accessing said target application server, accessing an access server from a browser on said client machine;
  
  entering into said browser user-specific access server logon credentials for logon and access to said access server and logging onto said access server;
  
  while logged onto said access server, selecting a link to a target application of said one or more target applications from a linkpage presented to said browser by said access server, user-specific target application logon credentials for said target application having been previously stored in a registration database;
  
  after said selecting said link, said access server presenting to said target application said stored user-specific target application logon credentials for logon and access to said target application in a form and according to a protocol recognizable by said target application and thereby logging into said target application on behalf of the user and establishing a target application session between said client machine and said target application;
  
  after logging onto said access server and after establishing said target application session, bypassing said access server; and
  
  wherein said client machine is linked to said access server by a network, both said client machine and said access server are linked to a single sign-on engine by said network and said single sign-on engine is linked to said target application servers by said network, said single sign-on engine including two or more single sign-on logon servlets, a single sign-on database module, two or more single sign-on application servlets, a single sign-on registration database, a single sign-on database and a single sign-on error program module.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further including, for a new target application not having links on said linkpage:
    - selecting a new target application;
      
      entering a new user-specific target application logon credential for logon and access to said new target application, and recording said new user-specific application logon credential using a network traffic recorder;
      
      generating logon code for said new target application based on network traffic recorded by said traffic recorder and a logon sequence type;
      
      storing said logon code and said user-specific target application logon credentials for said new target application in said registration database; and
      
      adding a link on said linkpage for said new target application.
  - 3. The method of claim 2, further including:
    - selecting said new target application from a list of enabled target applications.
  - 4. The method of claim 3, further including:
    - determining a logon sequence type for said new user-specific target application logon credentials.
  - 5. The method of claim 4, wherein said logon sequence type is selected from the group consisting of (i) a HTTP request for a logon page, (ii) a HTTP response containing a form and a first cookie, (iii) a HTTP request with form fields set and said first cookie and (iv) a HTTP response with said first cookie and a second cookie, (v) a HTTP response with a first cookie, a second cookie and a HTTP redirect, and (vi) a HTTP request with form fields set and both said first and second cookies.
  - 6. The method of claim 1, wherein said information for establishing a connection from said client machine to said target application further includes cookies and rewritten universal resource locators or combinations thereof.
  - 7. The method of claim 1, wherein said information-processing network is an intranet, The Internet or a combination thereof.
  - 8. The method of claim 1, wherein said access server is a portal server or an HTTP proxy server.
  - 9. The method of claim 1, wherein said user-specific access server logon credentials include a user ID, a password or both a user ID and a password.
  - 10. The method of claim 1, wherein said user-specific target application logon credentials include a user ID, a password or both a user ID and a password.

11. A computer system comprising a processor, an address/data bus coupled to said processor, and a non-transitory computer-readable memory unit coupled to communicate with said processor, said memory unit containing instructions that when executed by the processor implement a method for single sign-on of a user on a client machine to one or more target applications on target application servers in a computer information-processing network, said method comprising the computer implemented steps of:
- before accessing said target application server, accessing an access server from a browser on said client machine;
  
  entering into said browser user-specific access server logon credentials for logon and access to said access server and logging onto said access server;
  
  while logged onto said access server, selecting a link to a target application of said one or more target applications from a linkpage presented to said browser by said access server, user-specific target application logon credentials for said target application having been previously stored in a registration database;
  
  after said selecting said link, to said target application by said access server said stored user-specific target application logon credentials for logon and access to said target application in a form and according to a protocol recognizable by said target application and thereby logging into said target application on behalf of the user and establishing a target application session between said client machine and said target application;
  
  bypassing said access server after logging onto said access server and after establishing said target application session; and
  
  wherein said client machine is linked to said access server by a network, both said client machine and said access server are linked to a single sign-on engine by said network and said single sign-on engine is linked to said target application servers by said network, said single sign-on engine including two or more single sign-on logon servlets, a single sign-on database module, two or more single sign-on application servlets, a single sign-on registration database, a single sign-on database and a single sign-on error program module.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The computer system of claim 11, the method further including, for a new target application not having links on said linkpage the computer implemented steps of:
    - selecting a new target application;
      
      entering a new user-specific target application logon credential for logon and access to said new target application, and recording said new user-specific application logon credential using a network traffic recorder;
      
      generating logon code for said new target application based on network traffic recorded by said traffic recorder and a logon sequence type;
      
      storing said logon code and said user-specific target application logon credentials for said new target application in said registration database; and
      
      adding a link on said linkpage for said new target application.
  - 13. The computer system of claim 12, the method further including the computer implemented steps of:
    - selecting said new target application from a list of enabled target applications.
  - 14. The computer system of claim 13, the method further including the computer implemented steps of:
    - determining a logon sequence type for said new user-specific target application logon credentials.
  - 15. The computer system of claim 14, wherein said logon sequence type is selected from the group consisting of (i) a HTTP request for a logon page, (ii) a HTTP response containing a form and a first cookie, (iii) a HTTP request with form fields set and said first cookie and (iv) a HTTP response with said first cookie and a second cookie, (v) a HTTP response with a first cookie, a second cookie and a HTTP redirect, and (vi) a HTTP request with form fields set and both said first and second cookies.
  - 16. The computer system of claim 11, wherein said information for establishing a connection from said client machine to said target application further includes cookies and rewritten universal resource locators or combinations thereof.
  - 17. The computer system of claim 11, wherein said information-processing network is an intranet, The Internet or a combination thereof.
  - 18. The computer system of claim 11, wherein said access server is a portal server or an HTTP proxy server.
  - 19. The computer system of claim 11, wherein said user-specific access server logon credentials include a user ID, a password or both a user ID and a password.
  - 20. The computer system of claim 11, wherein said user-specific target application logon credentials include a user ID, a password or both a user ID and a password.

21. An access server connectable in an information processing network, comprising:
- at least one processor;
  
  a memory;
  
  a computer program supported in said memory for enabling access to a target application on a target application server linked to said information-processing network, the computer program comprising;
  
  means for accessing an access server from a browser on said client machine before accessing said target application server;
  
  means for entering into said browser user-specific access server logon credentials for logon and access to said access server and logging onto said access server;
  
  means for selecting, while logged on to said access server, a link to a target application of said one or more target applications from a linkpage presented to said browser by said access server, user-specific target application logon credentials for said target application having been previously stored in a registration database;
  
  means for presenting, after said selecting said link, to said target application by said access server said stored user-specific target application logon credentials for logon and access to said target application in a form and according to a protocol recognizable by said target application and thereby logging into said target application on behalf of the user and establishing a target application session between said client machine and said target application;
  
  means for bypassing said access server after establishing said target application session; and
  
  wherein said client machine is linked to said access server by a network, both said client machine and said access server are linked to a single sign-on engine by said network and said single sign-on engine is linked to said target application server by said network, said single sign-on engine including two or more single sign-on logon servlets, a single sign-on database module, two or more single sign-on application servlets, a single sign-on registration database, a single sign-on database and a single sign-on error program module.
- View Dependent Claims (22, 23)
- - 22. The access server of claim 21, wherein said means for accessing said access server includes a respective portlet for each target application of said one or more target application.
  - 23. The access server of claim 21, wherein said means for establishing said target application session includes one or more single sign-on logon type servlets and one or more single sign-on application-specific logon procedure servlets.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Rakuten Group, Inc.
Original Assignee
International Business Machines Corporation
Inventors
Andreev, Dmitry, Vilshansky, Gregory
Primary Examiner(s)
Dinh; Minh
Assistant Examiner(s)
PERUNGAVOOR, VENKATANARAY

Application Number

US12/348,970
Publication Number

US 20090126000A1
Time in Patent Office

882 Days
Field of Search

726 11- 14, 726 27- 30, 726 16- 19, 726 2- 6, 726/8, 713/161, 713/182, 713151-152
US Class Current

726/8
CPC Class Codes

H04L 63/0815 providing single-sign-on or...

Single sign-on method for web-based applications

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

56 Citations

23 Claims

Specification

Use Cases

Quick Links

Others

Single sign-on method for web-based applications

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

56 Citations

23 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others