Integrated sign on

US 8,443,429 B1
Filed: 05/24/2010
Issued: 05/14/2013
Est. Priority Date: 05/24/2010
Status: Active Grant

First Claim

Patent Images

1. A processor-implemented method, comprising:

identifying, by an identity management server, an application associated with a first authentication domain of a first business organization;

identifying, by the identity management server, a web application associated with a second authentication domain of a second business organization, wherein the first business organization and the second business organization have been joined by a merger;

building, by the identity management server, a table comprising a plurality of entries defining authorized access for a first user device and a second user device to applications across the first authentication domain and the second authentication domain, wherein access to the application is authorized for the second user device authenticating in the second authentication domain, and wherein access to the web application is authorized for the first user device authenticating in the first authentication domain;

creating, by the identity management server, a first authorization data associated with the application;

associating, by the identity management server, the first authorization data with a user device entry for the second user device authenticating in the second authentication domain;

creating, by the identity management server, a second authorization data associated with the web application;

associating, by the identity management server, the second authorization data with the user device entry for the first user device authenticating in the first authentication domain;

intercepting, by the identify management server, a hypertext transport protocol request for access to the web application from the first user device;

determining, by the identity management server, from at least one entry of the plurality of entries in the table that the first user device authenticating in the first authentication domain is authorized to access the web application associated with the second authentication domain;

accessing, by the identity management server, the second authorization data associated with the web application and associated with the first user device;

inserting, by the identity management server, a hypertext transport protocol header variable containing at least some of the second authorization data into the hypertext transport protocol request for access to the web application; and

sending, by the identity management server, the hypertext transport protocol request for access including the inserted hypertext transport protocol header variable, which contains the at least some of the second authorization data, to the web application, wherein the web application grants access to the first user device based on receiving the at least some of the second authorization data included in the inserted hypertext transport protocol header variable.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of integrated signon is provided comprising receiving a login request to begin a desktop session, the login request comprising a first user identification and a first user password. The method comprises authenticating the first user identification and the first user password using data stored in a first authentication domain. The method comprises starting the desktop session and receiving a request from the desktop session to access an application associated with a second authentication domain. The method comprises retrieving authorization data associated with the second authentication domain from the first authentication domain based on the first user identification and the user password. The method comprises sending the request to access the application associated with the second authentication domain with the authorization data to the application associated with the second authentication domain. The method comprises the application associated with the second authentication domain authorizing the requested access.

Citations

10 Claims

1. A processor-implemented method, comprising:
- identifying, by an identity management server, an application associated with a first authentication domain of a first business organization;
  
  identifying, by the identity management server, a web application associated with a second authentication domain of a second business organization, wherein the first business organization and the second business organization have been joined by a merger;
  
  building, by the identity management server, a table comprising a plurality of entries defining authorized access for a first user device and a second user device to applications across the first authentication domain and the second authentication domain, wherein access to the application is authorized for the second user device authenticating in the second authentication domain, and wherein access to the web application is authorized for the first user device authenticating in the first authentication domain;
  
  creating, by the identity management server, a first authorization data associated with the application;
  
  associating, by the identity management server, the first authorization data with a user device entry for the second user device authenticating in the second authentication domain;
  
  creating, by the identity management server, a second authorization data associated with the web application;
  
  associating, by the identity management server, the second authorization data with the user device entry for the first user device authenticating in the first authentication domain;
  
  intercepting, by the identify management server, a hypertext transport protocol request for access to the web application from the first user device;
  
  determining, by the identity management server, from at least one entry of the plurality of entries in the table that the first user device authenticating in the first authentication domain is authorized to access the web application associated with the second authentication domain;
  
  accessing, by the identity management server, the second authorization data associated with the web application and associated with the first user device;
  
  inserting, by the identity management server, a hypertext transport protocol header variable containing at least some of the second authorization data into the hypertext transport protocol request for access to the web application; and
  
  sending, by the identity management server, the hypertext transport protocol request for access including the inserted hypertext transport protocol header variable, which contains the at least some of the second authorization data, to the web application, wherein the web application grants access to the first user device based on receiving the at least some of the second authorization data included in the inserted hypertext transport protocol header variable.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the first authorization data comprises a plurality of attributes associated with the application associated with the first authentication domain that are stored in an entry associated with a second user in the second authentication domain.
  - 3. The method of claim 1, wherein the second authorization data comprises a plurality of attributes associated with the web application associated with the second authentication domain that are stored in an entry associated with a first user in the first authentication domain.
  - 4. The method of claim 1, wherein the hypertext transport protocol request is from a web browser.
  - 5. The method of claim 1, wherein associating the second authorization data with the user device entry for the first user device authenticating in the first authentication domain is performed by an identity management application.
  - 6. The method of claim 1, wherein the web application associated with the second authentication domain is an employee data management application or a documentation management application.
  - 7. The method of claim 1, wherein commercial-off-the-shelf software assists with the inserting the hypertext transport protocol header variable containing the at least some of the second authorization data into the hypertext transport protocol request.
  - 8. The method of claim 7, wherein the commercial-off-the-shelf software is CA SiteMinder®
    - software.
  - 9. The method of claim 1, wherein the at least some of the second authorization data is stored in a SMUSERNAME field of the hypertext transport protocol header.
  - 10. The method of claim 1, wherein the at least some of the second authorization data is stored in a PSUSERNAME field of the hypertext transport protocol header.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
T-Mobile Innovations LLC (Deutsche Telekom AG)
Original Assignee
Sprint Communications Company LP (Deutsche Telekom AG)
Inventors
Tila, Elton, Johnson, Robert S. Sr.
Primary Examiner(s)
THIAW, CATHERINE B

Application Number

US12/786,277
Time in Patent Office

1,086 Days
Field of Search

726 1- 9
US Class Current

726/8
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 67/02   based on web technology, e....

H04L 67/306   User profiles

Integrated sign on

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

Integrated sign on

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links