Application single sign on leveraging virtual local area network identifier
First Claim
1. A processor-implemented method for providing single sign-on leveraging a virtual local area network identifier, comprising:
- providing, by an authentication server, a client device access to a network via association with a virtual local area network and a credential;
receiving, by an application server, a request from the client device to invoke an application hosted on the application server;
maintaining an association between a virtual local area network tag and the client device;
maintaining an association between the client device and a user identification;
identifying, by the application server, the virtual local area network tag associated with the client device included in the request;
sending, by the application server, a first message to the authentication server requesting the user identification associated with the client device based on the virtual local area network tag;
matching, by the authentication server, the virtual local area network tag with the user identification associated with the client device and sending a second message to the application server containing the user identification, wherein the first message to the authentication server further requests a first level of authentication associated with the virtual local area network tag, and wherein the second message to the application server further contains the first level of authentication associated with the virtual local area network tag;
determining, by the application server, that the first level of authentication is insufficient to access the application and notifying the client device;
detecting that the client device severed association with the virtual local area network;
tearing down, by the authentication server, the virtual local area network in response to the detecting;
providing, by an authentication server, the client device a second access to the network via association with a second virtual local area network and a second credential;
receiving, by the application server, a second request from the client device to invoke the application hosted on the application server after severing association with the virtual local area network;
identifying, by the application server, a second virtual local area network tag associated with the second request from the client device;
sending, by the application server, a third message to the authentication server requesting the user identification associated with the client device and requesting a second level of authentication associated with the second virtual local area network tag;
matching, by the authentication server, the second virtual local area network tag with the user identification associated with the client device and sending a fourth message to the application server containing the user identification and the second level of authentication associated with the second virtual local area network tag; and
providing, by the application server, the client device with access to the application using the user identification and the second level of authentication.
6 Assignments
0 Petitions
Accused Products
Abstract
A processor-implemented method for providing application single sign on leveraging a virtual local area network identifier is provided. The method comprises an authentication server providing a client device access to a network via association with a virtual local area network and a credential. The method also comprises the device invoking an application hosted on an application server and the application server identifying a virtual local area network tag associated with the device. The method also comprises the application server sending a message to the authentication server requesting linkage of the tag with a user identification associated with the device. The method also comprises the authentication server linking the tag with the user identification associated with the device and sending a message to the application server containing the identification. The method also comprises the application server using the identification to authenticate the device with the application and the device receiving access.
66 Citations
13 Claims
-
1. A processor-implemented method for providing single sign-on leveraging a virtual local area network identifier, comprising:
-
providing, by an authentication server, a client device access to a network via association with a virtual local area network and a credential; receiving, by an application server, a request from the client device to invoke an application hosted on the application server; maintaining an association between a virtual local area network tag and the client device; maintaining an association between the client device and a user identification; identifying, by the application server, the virtual local area network tag associated with the client device included in the request; sending, by the application server, a first message to the authentication server requesting the user identification associated with the client device based on the virtual local area network tag; matching, by the authentication server, the virtual local area network tag with the user identification associated with the client device and sending a second message to the application server containing the user identification, wherein the first message to the authentication server further requests a first level of authentication associated with the virtual local area network tag, and wherein the second message to the application server further contains the first level of authentication associated with the virtual local area network tag; determining, by the application server, that the first level of authentication is insufficient to access the application and notifying the client device; detecting that the client device severed association with the virtual local area network; tearing down, by the authentication server, the virtual local area network in response to the detecting; providing, by an authentication server, the client device a second access to the network via association with a second virtual local area network and a second credential; receiving, by the application server, a second request from the client device to invoke the application hosted on the application server after severing association with the virtual local area network; identifying, by the application server, a second virtual local area network tag associated with the second request from the client device; sending, by the application server, a third message to the authentication server requesting the user identification associated with the client device and requesting a second level of authentication associated with the second virtual local area network tag; matching, by the authentication server, the second virtual local area network tag with the user identification associated with the client device and sending a fourth message to the application server containing the user identification and the second level of authentication associated with the second virtual local area network tag; and providing, by the application server, the client device with access to the application using the user identification and the second level of authentication. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A processor-implemented method for providing single sign-on leveraging a virtual local area network identifier, comprising:
-
providing, by an authentication server, a client device access to a network via association with a virtual local area network and a credential; receiving, by an application server, a request from the client device to invoke an application hosted on the application server; maintaining an association between a virtual local area network tag and the client device; maintaining an association between the client device and a user identification; identifying, by the application server, the virtual local area network tag associated with the client device included in the request; sending, by the application server, a first message to the authentication server requesting the user identification associated with the client device based on the virtual local area network tag; matching, by the authentication server, the virtual local area network tag with the user identification associated with the client device and sending a second message to the application server containing the user identification, wherein the first message to the authentication server further requests an authentication code associated with the virtual local area network tag; linking, by the authentication server, the virtual local area network tag with the authentication code and sending the second message to the application server further containing the authentication code associated with the virtual local area network tag; storing, by the application server, the authentication code and providing the client device access to the application based on the authentication code; receiving, by the application server, a second request from the client device to invoke a second application hosted on the application server; and providing, by the application server, the client device with access to the second application based on the authentication code by consulting the stored authentication code. - View Dependent Claims (9, 10, 11, 12, 13)
-
Specification