Integrated sign on
First Claim
1. A processor-implemented method, comprising:
- identifying, by an identity management server, an application associated with a first authentication domain of a first business organization;
identifying, by the identity management server, a web application associated with a second authentication domain of a second business organization, wherein the first business organization and the second business organization have been joined by a merger;
building, by the identity management server, a table comprising a plurality of entries defining authorized access for a first user device and a second user device to applications across the first authentication domain and the second authentication domain, wherein access to the application is authorized for the second user device authenticating in the second authentication domain, and wherein access to the web application is authorized for the first user device authenticating in the first authentication domain;
creating, by the identity management server, a first authorization data associated with the application;
associating, by the identity management server, the first authorization data with a user device entry for the second user device authenticating in the second authentication domain;
creating, by the identity management server, a second authorization data associated with the web application;
associating, by the identity management server, the second authorization data with the user device entry for the first user device authenticating in the first authentication domain;
intercepting, by the identify management server, a hypertext transport protocol request for access to the web application from the first user device;
determining, by the identity management server, from at least one entry of the plurality of entries in the table that the first user device authenticating in the first authentication domain is authorized to access the web application associated with the second authentication domain;
accessing, by the identity management server, the second authorization data associated with the web application and associated with the first user device;
inserting, by the identity management server, a hypertext transport protocol header variable containing at least some of the second authorization data into the hypertext transport protocol request for access to the web application; and
sending, by the identity management server, the hypertext transport protocol request for access including the inserted hypertext transport protocol header variable, which contains the at least some of the second authorization data, to the web application, wherein the web application grants access to the first user device based on receiving the at least some of the second authorization data included in the inserted hypertext transport protocol header variable.
6 Assignments
0 Petitions
Accused Products
Abstract
A method of integrated signon is provided comprising receiving a login request to begin a desktop session, the login request comprising a first user identification and a first user password. The method comprises authenticating the first user identification and the first user password using data stored in a first authentication domain. The method comprises starting the desktop session and receiving a request from the desktop session to access an application associated with a second authentication domain. The method comprises retrieving authorization data associated with the second authentication domain from the first authentication domain based on the first user identification and the user password. The method comprises sending the request to access the application associated with the second authentication domain with the authorization data to the application associated with the second authentication domain. The method comprises the application associated with the second authentication domain authorizing the requested access.
-
Citations
10 Claims
-
1. A processor-implemented method, comprising:
-
identifying, by an identity management server, an application associated with a first authentication domain of a first business organization; identifying, by the identity management server, a web application associated with a second authentication domain of a second business organization, wherein the first business organization and the second business organization have been joined by a merger; building, by the identity management server, a table comprising a plurality of entries defining authorized access for a first user device and a second user device to applications across the first authentication domain and the second authentication domain, wherein access to the application is authorized for the second user device authenticating in the second authentication domain, and wherein access to the web application is authorized for the first user device authenticating in the first authentication domain; creating, by the identity management server, a first authorization data associated with the application; associating, by the identity management server, the first authorization data with a user device entry for the second user device authenticating in the second authentication domain; creating, by the identity management server, a second authorization data associated with the web application; associating, by the identity management server, the second authorization data with the user device entry for the first user device authenticating in the first authentication domain; intercepting, by the identify management server, a hypertext transport protocol request for access to the web application from the first user device; determining, by the identity management server, from at least one entry of the plurality of entries in the table that the first user device authenticating in the first authentication domain is authorized to access the web application associated with the second authentication domain; accessing, by the identity management server, the second authorization data associated with the web application and associated with the first user device; inserting, by the identity management server, a hypertext transport protocol header variable containing at least some of the second authorization data into the hypertext transport protocol request for access to the web application; and sending, by the identity management server, the hypertext transport protocol request for access including the inserted hypertext transport protocol header variable, which contains the at least some of the second authorization data, to the web application, wherein the web application grants access to the first user device based on receiving the at least some of the second authorization data included in the inserted hypertext transport protocol header variable. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
Specification