Federated single sign-on (F-SSO) request processing using a trust chain having a custom module
First Claim
1. A method, operative within a federated environment in which a token service fulfills requests by executing a module chain comprising a set of modules, comprising:
- responsive to receipt of a token, initiating processing of the module chain within a data processing system;
during processing of the module chain within the data processing system, attempting to validate a value of a name-value pair based on a rule, wherein the rule is determined based on one or more invocation parameters of the module chain; and
returning a response.
1 Assignment
0 Petitions
Accused Products
Abstract
Federated single sign on (F-SSO) uses a token service that fulfills requests by executing a module chain comprising a set of modules. F-SSO runtime processing is enhanced by enabling a federated entity user to define a custom module to include in the chain. The custom module includes one or more name-value pairs, wherein a given name-value pair has a value that may be validated against an entity-defined rule. The rule is determined during the processing of the custom module based on one or more invocation parameters of the module chain. In a runtime operation, F-SSO begins in response to receipt of a token. In response, the processing of the module chain that includes the custom module is initiated. During processing of the custom module, an attempt is made to validate the value of a name-value pair based on the rule. If the value of the name-value pair based on the rule can be validated, processing of the module chain continues. This approach enables finer granularity on the information that can be asserted or required as part of an F-SSO flow.
-
Citations
25 Claims
-
1. A method, operative within a federated environment in which a token service fulfills requests by executing a module chain comprising a set of modules, comprising:
-
responsive to receipt of a token, initiating processing of the module chain within a data processing system; during processing of the module chain within the data processing system, attempting to validate a value of a name-value pair based on a rule, wherein the rule is determined based on one or more invocation parameters of the module chain; and returning a response. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method, operative within a federated environment in which a token service fulfills requests by executing a module chain comprising a set of modules, comprising:
-
defining a custom module to include one or more name-value pairs, wherein a given name-value pair has a value that may be validated against a rule; responsive to receipt of a token, initiating processing of the module chain that includes the custom module within a computing entity; during processing of the custom module within the computing entity, attempting to validate the value of a name-value pair based on the rule, wherein the rule is determined during the processing of the custom module based on one or more invocation parameters of the module chain; and returning a response. - View Dependent Claims (14, 15, 16)
-
-
17. A computer program product for use in a federated environment in which a token service fulfills request by executing a trust chain comprising a set of modules, comprising:
-
a non-transitory computer-readable medium having computer program instructions that, when executed by a data processing system, perform the following steps; responsive to receipt of a token, initiating processing of the module chain; during processing of the module chain, attempting to validate a value of a name-value pair based on a rule, wherein the rule is determined based on one or more invocation parameters of the module chain; and returning a response. - View Dependent Claims (18, 19, 20, 21, 22)
-
-
23. A data processing system for use in a federated environment in which a token service fulfills requests by executing a module chain comprising a set of modules, comprising:
-
a processor; computer memory holding computer program instructions that, when executed by the processor, perform the following operations; defining a custom module to include one or more name-value pairs, wherein a given name-value pair has a value that may be validated against a rule; responsive to receipt of a token, initiating processing of the module chain that includes the custom module; during processing of the custom module, attempting to validate the value of a name-value pair based on the rule, wherein the rule is determined during the processing of the custom module based on one or more invocation parameters of the module chain; and returning a response. - View Dependent Claims (24, 25)
-
Specification