Customizable sign-on service
First Claim
1. A computer-implemented method comprising:
- receiving, by a sign-on service effectuated by one or more computer systems, a sign-on request to a web site for a user interacting with the web site, wherein the sign-on request identifies the user, and wherein the user is associated with a user account of the sign-on service;
authenticating, by the sign-on service, the user based at least in part on the sign-on request and on sign-on information for the user account;
determining, by the sign-on service, that the web site is authorized to access at least a portion of account information associated with the user account and stored by the sign-on service;
causing, by the sign-on service in response to determining that the web site is authorized, a credential that represents the user to be sent from the sign-on service to the web site;
authorizing, by the sign-on service in response to receipt of the credential in a subsequent request from the web site to access at least the portion of the account information, the subsequent request based at least in part on the credential; and
sending at least the portion of the account information to the web site in response to the authorizing of the subsequent request.
0 Assignments
0 Petitions
Accused Products
Abstract
Techniques are described for providing customizable sign-on functionality, such as via an access manager system that provides single sign-on functionality and other functionality to other services for use with those services'"'"' users. The access manager system may maintain various sign-on and other account information for various users, and provide single sign-on functionality for those users using that maintained information on behalf of multiple unrelated services with which those users interact. The access manager may allow a variety of types of customizations to single sign-on functionality and/or other functionality available from the access manager, such as on a per-service basis via configuration by an operator of the service, such as co-branding customizations, customizations of information to be gathered from users, customizations of authority that may be delegated to other services to act on behalf of users, etc., and with the customizations that are available being determined specifically for that service.
41 Citations
36 Claims
-
1. A computer-implemented method comprising:
-
receiving, by a sign-on service effectuated by one or more computer systems, a sign-on request to a web site for a user interacting with the web site, wherein the sign-on request identifies the user, and wherein the user is associated with a user account of the sign-on service; authenticating, by the sign-on service, the user based at least in part on the sign-on request and on sign-on information for the user account; determining, by the sign-on service, that the web site is authorized to access at least a portion of account information associated with the user account and stored by the sign-on service; causing, by the sign-on service in response to determining that the web site is authorized, a credential that represents the user to be sent from the sign-on service to the web site; authorizing, by the sign-on service in response to receipt of the credential in a subsequent request from the web site to access at least the portion of the account information, the subsequent request based at least in part on the credential; and sending at least the portion of the account information to the web site in response to the authorizing of the subsequent request. - View Dependent Claims (2, 3, 4, 5, 31, 32, 33, 34)
-
-
6. A configured computing system comprising:
-
one or more processors; and a memory including instructions that, upon execution by the one or more processors, implement a sign-on service configured to; receive, from a second service, a sign-on request for a user of the second service; authenticate the user based at least in part on the sign-on request by matching sign-on information provided for the user with the sign-on request to stored sign-on information associated with an account of the user with the sign-on service; determine that the second service is authorized by verifying information that is provided by the second service with the sign-on request and that is specific to the second service, the verifying being based at least in part on secret information for the second service stored by the sign-on service; provide to the second service, in response to authenticating the user and determining that the second service is authorized, a credential associated with the user; and in response to a subsequent request from the second service that includes the credential, provide to the second service access to information associated with the account of the user. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A non-transitory computer-readable medium having stored contents that configure a computing device to:
-
receive, by the configured computing device, a credential associated with a user that is generated by a sign-on service and that reflects the user being authenticated by the sign-on service, wherein the configured computing device is part of a second service with which the user is interacting; send, by the configured computing device, an access request to the sign-on service that includes the credential and is for obtaining, by the second service access, to confidential information from the sign-on service that is associated with the user; receive, by the configured computing device, the confidential, information associated with the user from the sign-on service, the information being received in response to the sent access request and being based at least in part on the credential included with the access request; and provide, by the configured computing device, functionality to the user from the second service that is based at least in part on the received information. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 35, 36)
-
Specification