Authentication
First Claim
1. A method comprising:
- obtaining access for a user to an external service in a networked environment, wherein the user has access to a client that is capable of communicating with a home server of an organization in a first domain and with a foreign server in a second domain, the second domain being different from the first domain by;
detecting a request of the client in the home server;
maintaining in the home server, a shared secret common to the organization in the first domain and the external service, and an authentication script;
identifying in the home server, a pointer to the authentication script in the request;
responsive to the request, performing, in the home server, by the authentication script;
obtaining at least one detail related to the user, comprising an identifier that specifies the user within the organization;
passing, without intervention from the client, the at least one detail and the shared secret or a derivative of the shared secret from the home server to the foreign server;
receiving in the home server, without intervention from the client, redirecting information from the foreign server;
forming in the home server, based on the request and the redirecting information, a response to the client, the response being configured to redirect the client to a temporary address at which the client can obtain access data to the external service; and
sending the response from the home server to the client.
1 Assignment
0 Petitions
Accused Products
Abstract
User authentication is based on a home network user database that authenticates users to external service providers. A user logs into home network and starts accessing the external service by clicking on a link labelled for the external service provider. The link is directed to script at a home server. The script causes the home server to obtain details related to the user from a home network user database. The home server passes information related to the user to a foreign server associated with the service provider. Based on the passed information, the foreign server grants or denies authentication of the user to the external service. If granting, the foreign server provides the home server with access data and the home server forwards the access data to the user so that the user can initialize an authorized external service session using the access data.
26 Citations
27 Claims
-
1. A method comprising:
obtaining access for a user to an external service in a networked environment, wherein the user has access to a client that is capable of communicating with a home server of an organization in a first domain and with a foreign server in a second domain, the second domain being different from the first domain by; detecting a request of the client in the home server; maintaining in the home server, a shared secret common to the organization in the first domain and the external service, and an authentication script; identifying in the home server, a pointer to the authentication script in the request; responsive to the request, performing, in the home server, by the authentication script; obtaining at least one detail related to the user, comprising an identifier that specifies the user within the organization; passing, without intervention from the client, the at least one detail and the shared secret or a derivative of the shared secret from the home server to the foreign server; receiving in the home server, without intervention from the client, redirecting information from the foreign server; forming in the home server, based on the request and the redirecting information, a response to the client, the response being configured to redirect the client to a temporary address at which the client can obtain access data to the external service; and sending the response from the home server to the client. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
8. A home server of an organization, wherein the home server is in a first domain and configured for obtaining access for a user to an external service in a networked environment wherein the user has access to a client, the client being configured to communicate with the home server and with a foreign server in a second domain, the first domain being different from the second domain, the home server comprising:
-
a processor configured to detect a request of the client; a memory for storing a shared secret common to the organization and the external service, and an authentication script; the processor being configured to identify in the request, a pointer to the authentication script; and
, responsive to the request, to perform by the authentication script;obtaining at least one detail related to the user, comprising an identifier that specifies the user within the organization; passing from the home server, without intervention from the client, the at least one detail and the shared secret or a derivative of the shared secret to the foreign server; receiving from the foreign server, in the home server without intervention from the client, redirecting information; forming in the home server, based on the request and the redirecting information, a response to the client, the response being configured to redirect the client to a temporary address at which the client can obtain access data to the external service; and sending the response from the home server to the client. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A method wherein access is provided for a user to an external service in a networked environment wherein the user has access to a client that is capable of communicating with a home server in a first domain and with a foreign server in a second domain, the first domain being different from the second domain, wherein the home server is associated with a given organization, the method comprising:
-
receiving from the home server without intervention from the client, in a memory of the foreign server, triggered by a request from the client to the home server; a) a shared secret common to the organization and the external service or a derivative of the shared secret; and b) at least one detail related to the user, comprising an identifier that specifies the user within the organization; responsive to the receiving of the shared secret and the at least one detail, determining in a processor of the foreign server the organization associated with the home server, based on the shared secret; and responsively to a positive determination, the foreign server; providing the home server with redirecting information configured to enable the home server to provide the client with a response configured to redirect the client to a temporary address; establishing access data that enables the client to access the external service; and responsively to the client accessing the temporary address, providing the client with the access data. - View Dependent Claims (15, 16, 17, 18, 19)
-
-
20. A foreign server configured for providing access for a user to an external service in a networked environment wherein the user has access to a client that is capable of communicating with a home server in a first domain and with the foreign server in a second domain, the first domain being different from the second domain, wherein the home server is associated with a given organization, the foreign server comprising:
-
an input and an output configured to respectively receive and output data; a processor configured to receive using the input from the home server, without intervention from the client; a) a shared secret common to the organization and the external service or a derivative of the shared secret; and b) at least one detail related to the user, comprising an identifier that specifies the user within the organization; responsive to the receiving of the shared secret and the at least one detail, the processor being further configured to determine the organization associated with the home server, based on the shared secret; and the processor being further configured to provide the home server with redirecting information configured to enable the home server to provide the client with a response configured to redirect the client to a temporary address; the processor being further configured to establish access data that enables the client to access the external service, responsively to a positive determination; and the processor being further configured to, responsively to the client accessing the temporary address, provide the client with the access data. - View Dependent Claims (21, 22, 23, 24, 25)
-
-
26. A computer program comprising computer executable program code stored in a non-transitory computer readable medium, the computer executable program code, when executed in a processor, being configured to control a home server of an organization in a first domain to obtain access for a user to an external service in a networked environment wherein the user has access to a client that is capable of communicating with the home server and with a foreign server in a second domain, the first domain being different from the second domain, the computer program comprising computer executable program code configured when run by the home server to:
-
detect a request of the client; maintain a shared secret common to the organization and the external service, and an authentication script; identify in the request a pointer to an authentication script; and responsive to the request, execute the authentication script to; obtain at least one detail related to the user, comprising an identifier that specifies the user within the organization; pass the at least one detail and the shared secret or a derivative of the shared secret from the home server to the foreign server, without intervention from the client; receive in the home server, without intervention from the client, redirecting information from the foreign server; form in the home server, based on the request and the redirecting information, a response to the client, the response being configured to redirect the client to a temporary address at which the client can obtain access data to the external service; and send the response from the home server to the client.
-
-
27. A computer program comprising computer executable program code stored in a non-transitory computer readable medium, the computer executable program code, when executed in a processor, being configured to control a foreign server in a first domain to provide access for a user to an external service in a networked environment wherein the user has access to a client that is capable of communicating with a home server and with the foreign server, wherein the home server is associated with a given organization in a second domain, the first domain being different from the second domain, the computer program comprising computer executable program code configured when run by the foreign server to:
-
receive in the foreign server from the home server, without intervention from the client, triggered by a request from the client to the home server; a) a shared secret common to the organization and the external service or a derivative of the shared secret; and b) at least one detail related to the user, comprising an identifier that specifies the user within the organization; responsive to the receiving of the shared secret and the at least one detail, determine the organization associated with the home server, based on the shared secret; and responsively to a positive determination; provide the home server with redirecting information configured to enable the home server to provide the client with a response configured to redirect the client to a temporary address; establish access data from the foreign server that enables the client to access the external service; and responsively to the client accessing the temporary address, provide the client with the access data.
-
Specification