System, method and program product for consolidated authentication
First Claim
1. A method for authenticating a user at a first computer to first and second applications installed in a second computer, the method comprising the steps of:
- a third computer receiving from the user a valid combination of userID and password;
the second computer receiving from the user of the first computer a request to access the first application, and in response, the second computer determining that the user has not yet been authenticated to the first application, and in response, the second computer redirecting the request to the third computer, and in response, the third computer determining that the user has been authenticated to the third computer based on the userlD and password, and in response, the third computer notifying the second computer that the user is authentic, and in response, the second computer returning a session key to the third computer for a session between the first application and the user, the session key having a scope of the first application but not a scope of a domain; and
in response to the third computer receiving the session key from the second computer for the session between the user and the first application the third computer generating another session key with a scope of the domain, and the third computer sending the domain-scope session key to the first computer; and
subsequently, the second computer receiving from the user of the first computer another request with the domain-scope session key to the first application, and in response to the domain-scope session key received with the request, the second computer determining that the user is authentic and notifying the first application that the user is authentic so that the first application can respond to the first computer to the other request; and
whereinthe domain is a group of two or more applications, including the first application and the second application, which are licensed to a same entity or have a same domain name URL component, and the scope of the session key with the scope of the first application does not include the second application such that the session key with scope of the first application does not directly grant access to the second application; and
subsequently, the second computer receiving from the user of the first computer another request with the domain-scope session key to the second application, and in response to the domain-scope session key received with the request, the second computer determining that the user is authentic and notifying the second application that the user is authentic so that the second application can respond to the first computer to the other request to the second application.
1 Assignment
0 Petitions
Accused Products
Abstract
A first computer sends a request to the second computer to access the application. In response, the second computer determines that the user has not yet been authenticated to the application. In response, the second computer redirects the request to a third computer. In response, the third computer determines that the user has been authenticated to the third computer. In response, the third computer authenticates the user to the application. In response, the second computer returns a session key to the third computer for a session between the application and the user. The session has a scope of the second computer or the application but not a scope of a domain. In response to the authentication of the user to the second application and receipt by the third computer of the session key from the second computer for a session between the user and the second computer or the application, the third computer generates another session key with a scope of the domain and sends the domain-scope session key to the first computer. The first computer sends another request to the application with the domain-scope session key.
-
Citations
6 Claims
-
1. A method for authenticating a user at a first computer to first and second applications installed in a second computer, the method comprising the steps of:
-
a third computer receiving from the user a valid combination of userID and password; the second computer receiving from the user of the first computer a request to access the first application, and in response, the second computer determining that the user has not yet been authenticated to the first application, and in response, the second computer redirecting the request to the third computer, and in response, the third computer determining that the user has been authenticated to the third computer based on the userlD and password, and in response, the third computer notifying the second computer that the user is authentic, and in response, the second computer returning a session key to the third computer for a session between the first application and the user, the session key having a scope of the first application but not a scope of a domain; and in response to the third computer receiving the session key from the second computer for the session between the user and the first application the third computer generating another session key with a scope of the domain, and the third computer sending the domain-scope session key to the first computer; and subsequently, the second computer receiving from the user of the first computer another request with the domain-scope session key to the first application, and in response to the domain-scope session key received with the request, the second computer determining that the user is authentic and notifying the first application that the user is authentic so that the first application can respond to the first computer to the other request; and
whereinthe domain is a group of two or more applications, including the first application and the second application, which are licensed to a same entity or have a same domain name URL component, and the scope of the session key with the scope of the first application does not include the second application such that the session key with scope of the first application does not directly grant access to the second application; and subsequently, the second computer receiving from the user of the first computer another request with the domain-scope session key to the second application, and in response to the domain-scope session key received with the request, the second computer determining that the user is authentic and notifying the second application that the user is authentic so that the second application can respond to the first computer to the other request to the second application. - View Dependent Claims (2, 3)
-
-
4. A computer program product for authenticating a user at a first computer to first and second applications installed in a second computer, the computer program product comprising:
-
one or more computer-readable tangible storage devices and program instructions stored on at least one of the one or more storage devices, the program instructions comprising; first program instructions for execution in the second computer to receive from the user of the first computer a request to access the first application, and in response, the first program instructions determine that the user has not yet been authenticated to the first application, and in response, the first program instructions redirect the request to a third computer; second program instructions for execution in the third computer, to receive from the user a valid combination of userlD and password, and responsive to the redirected request from the first program instructions, to determine that the user has been authenticated to the third computer based on the userlD and password, and in response, the second program instructions notify the first program instructions that the user is authentic; and
whereinthe first program instructions, responsive to the notification from the second program instructions, return a session key to the second program instructions for a session between the first application and the user, the session key having a scope of the first application but not a scope of a domain; and the second program instructions, responsive to receipt of the session key from the first program instructions for the session between the user and the first application, generate another session key with a scope of the domain, and the second program instructions send the domain-scope session key to the first computer; and the first program instructions, responsive to subsequent receipt from the user of the first computer of another request with the domain-scope session key to the first application, determine that the user is authentic and notify the first application that the user is authentic so that the first application can respond to the other request; and
whereinthe domain is a group of two or more applications, including the first application and the second application, which are licensed to a same entity or have a same domain name URL component, and the scope of the session key with the scope of the first application does not include the second application such that the session key with the scope of the first application does not directly grant access to the second application; and the first program instructions, responsive to subsequent receipt from the user of the first computer of another request with the domain-scope session key to the second application, determine that the user is authentic and notify the second application that the user is authentic so that the second application can respond to the first computer to the other request to the second application. - View Dependent Claims (5, 6)
-
Specification