Integrating legacy application/data access with single sign-on in a distributed computing environment
First Claim
1. A system for integrating legacy access with single sign-on in a distributed computing environment, comprising:
- a user workstation having a client and an emulator client operating thereon;
a host where a legacy host application or system is accessible, the host including an emulator server; and
a server having at least one processor configured toestablish a first secure session from the client to the server, wherein the secure session establishment authenticates the user'"'"'s identity from identifying information passed from the client;
store the identifying information in a security token accessible to the server; and
use the identifying information stored in the security token to authenticate the user for access to the legacy host application or system, whereby the authentication occurs programmatically and does not require the user to re-enter his identifying information,wherein the server further includes a legacy host access agent configured to;
generate a password substitute, based on the user'"'"'s identifying information from the security token and an identifier of the legacy host application or system;
pass the password substitute and a legacy host identifier of the user to the client on the user workstation; and
establish a second secure session between the emulator client and the emulator server;
wherein the user workstation is configured to;
receive a sign-on data stream from the legacy host application or system at the emulator client over the second secure session;
programmatically insert the password substitute and the legacy host identifier into the sign-on data stream, creating a modified data stream; and
return the modified data stream from the emulator client to the emulator server, over the second secure session; and
wherein the host is configured to;
retrieve the password substitute and the legacy host identifier from the modified data stream and send them to the legacy host access agent for transparently authenticating the user.
3 Assignments
0 Petitions
Accused Products
Abstract
The present invention provides methods, systems, computer program products, and methods of doing business whereby legacy host application/system access is integrated with single sign-on in a modern distributed computing environment. A security token used for signing on to the modern computing environment is leveraged, and is mapped to user credentials for the legacy host environment. These user credentials are programmatically inserted into a legacy host data stream, thereby giving the end user the look and feel of seamless access to all applications/systems, including not only modern computing applications/systems but also those residing on (or accessible through) legacy hosts. In addition to providing users with the advantages of single sign-on, the disclosed techniques enable limiting the number of user identifiers and passwords an enterprise has to manage.
29 Citations
5 Claims
-
1. A system for integrating legacy access with single sign-on in a distributed computing environment, comprising:
-
a user workstation having a client and an emulator client operating thereon; a host where a legacy host application or system is accessible, the host including an emulator server; and a server having at least one processor configured to establish a first secure session from the client to the server, wherein the secure session establishment authenticates the user'"'"'s identity from identifying information passed from the client; store the identifying information in a security token accessible to the server; and use the identifying information stored in the security token to authenticate the user for access to the legacy host application or system, whereby the authentication occurs programmatically and does not require the user to re-enter his identifying information, wherein the server further includes a legacy host access agent configured to; generate a password substitute, based on the user'"'"'s identifying information from the security token and an identifier of the legacy host application or system; pass the password substitute and a legacy host identifier of the user to the client on the user workstation; and establish a second secure session between the emulator client and the emulator server; wherein the user workstation is configured to; receive a sign-on data stream from the legacy host application or system at the emulator client over the second secure session; programmatically insert the password substitute and the legacy host identifier into the sign-on data stream, creating a modified data stream; and return the modified data stream from the emulator client to the emulator server, over the second secure session; and wherein the host is configured to; retrieve the password substitute and the legacy host identifier from the modified data stream and send them to the legacy host access agent for transparently authenticating the user. - View Dependent Claims (2, 3, 4, 5)
-
Specification