Techniques for environment single sign on

US 8,281,381 B2
Filed: 08/03/2009
Issued: 10/02/2012
Est. Priority Date: 08/03/2009
Status: Expired due to Fees

First Claim

Patent Images

1. A method implemented and residing in a non-transitory computer-readable storage medium that is executed by a processor to perform the method, comprising:

receiving, at the processor, a request from a principal on a first device to access a first protected resource;

authenticating, by the processor, the principal for access to the first protected resource;

establishing, by the processor, a first authentication session for the first device and a second authenticated session for a second device accessible to the principal, the first and second device comprising an environment with one another; and

permitting, by the processor, the principal to access the first protected resource and one or more second protected resources, access is permitted from the first device and from the second device without re-authenticating, the first device acting as a forward proxy for the principal to access the second device and the first device and the second device packaged together as a set of virtual machines that form the environment.

View all claims

16 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for environment single sign on are provided. Multiple identifiers for devices are associated as a single environment. A principal can be authenticated via any of the devices once to access protected resources and once authenticated the principal can access the protected resources from the other devices without re-authenticating.

Citations

20 Claims

1. A method implemented and residing in a non-transitory computer-readable storage medium that is executed by a processor to perform the method, comprising:
- receiving, at the processor, a request from a principal on a first device to access a first protected resource;
  
  authenticating, by the processor, the principal for access to the first protected resource;
  
  establishing, by the processor, a first authentication session for the first device and a second authenticated session for a second device accessible to the principal, the first and second device comprising an environment with one another; and
  
  permitting, by the processor, the principal to access the first protected resource and one or more second protected resources, access is permitted from the first device and from the second device without re-authenticating, the first device acting as a forward proxy for the principal to access the second device and the first device and the second device packaged together as a set of virtual machines that form the environment.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein receiving further includes intercepting the request made by the principal that was directed to the first protected resource.
  - 3. The method of claim 1, wherein authenticating further includes redirecting the principal to an identity service for authenticating the principal for access to the first protected resource.
  - 4. The method of claim 1, wherein establishing further includes associating a first Internet Protocol (IP) address or first Domain Name System (DNS) name for the first device and a second IP address or second DNS name for the second device with the environment.
  - 5. The method of claim 1, wherein establishing further includes redirecting the principal to the first protected resource after successful authentication.
  - 6. The method of claim 5, wherein redirecting further includes providing the first device of the principal a first session identifier for accessing the first authenticated session and access to the first protected resource.
  - 7. The method of claim 1, wherein permitting further includes providing the second device a second session identifier for accessing the second authentication session and for accessing the first protected resource and/or the one or more second protected resources of the environment when the principal uses the second device.
  - 8. The method of claim 1 further comprising, detecting, by the processor, a principal logout or a session canceling event and invalidating the first authenticated session and the second authentication session for the environment.

9. A method implemented and residing in a non-transitory computer-readable storage medium that is executed by a processor to perform the method, comprising:
- receiving, at the processor, a first identifier and a second identifier, the first identifier identifies a first device and the second identifier identifies a second device;
  
  associating, by the processor, the first identifier and the second identifier as a processing environment, the first device acting as a forward proxy and the first device and the second device packaged together as a set of virtual machines that form the processing environment; and
  
  allowing, by the processor, single sign-on authentication via the first device and the second device without re-authentication in response to the processing environment, the single sign-on authentication provides access to protected resources from both the first and second devices of the processing environment.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The method of claim 9, wherein receiving further includes acquiring a configuration file having the first identifier and the second identifier.
  - 11. The method of claim 9, wherein receiving further includes interacting with an administrator to generate a configuration file for the processing environment, the configuration file including the first identifier and the second identifier.
  - 12. The method of claim 9, wherein associating further includes including a processing environment identifier with the first identifier and the second identifier, the processing environment identifier uniquely identifying the processing environment.
  - 13. The method of claim 9, wherein allowing further includes establishing a first session and a second session for a principal to access the protected resources via the first device or the second device once the principal successfully authenticates initially with the processing environment.
  - 14. The method of claim 9, wherein allowing further includes establishing a first session for a principal when the principal initially authenticates to the processing environment via the first device and dynamically establishing a second session for the principal when the principal attempts access to the protected resources via the second device.

15. A multiprocessor-implemented system, comprising:
- a proxy device; and
  
  a proxy service implemented and residing in a non-transitory computer-readable medium and to execute on the proxy device;
  
  wherein the proxy service is configured to manage multiple devices as a single environment and to permit authentication to multiple resources of the single environment to occur once without regard to which of the multiple devices initial authentication occurs from, the proxy device is a forward proxy and the proxy device and the multiple devices are packaged together as a set of virtual machines that form the single environment.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system of claim 15, wherein the proxy device is interposed between the multiple devices and the protected resources and is configured to manage access to the protected resources.
  - 17. The system of claim 15, wherein the proxy service is configured to manage a configuration file for the single environment having Internet Protocol (IP) addresses and/or Domain Name System (DNS) names for each of the multiple devices and an environment identifier for the single environment.
  - 18. The system of claim 15, wherein the proxy service is configured to establish multiple communication sessions between each of the multiple devices and the protected resources once a first and initial authentication is achieved by a principal attempting access to the protected resources.
  - 19. The system of claim 15, wherein the proxy service is configured to selectively and dynamically establish communication sessions between each of the multiple devices and the protected resources as an authenticated principal attempts access to the protected resources from each of the multiple devices.
  - 20. The system of claim 15 further comprising, an identity service implemented in a non-transitory computer-readable medium and to execute on a processor, the identity service configured to interact with the proxy service to authenticate principals for single sign on to the single environment.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Micro Focus Software, Inc. (Open Text Corporation)
Original Assignee
Novell Incorporated (Open Text Corporation)
Inventors
Kranendonk, Nathaniel, Carter, Stephen R
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
WYSZYNSKI, AUBREY H

Application Number

US12/534,249
Publication Number

US 20110030044A1
Time in Patent Office

1,156 Days
Field of Search

726/8
US Class Current

726/8
CPC Class Codes

H04L 63/0815 providing single-sign-on or...

Techniques for environment single sign on

First Claim

16 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Techniques for environment single sign on

First Claim

16 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links