System and method for single session sign-on
First Claim
Patent Images
1. A computer implemented method for validating credentials comprising:
- receiving, using a first computer system, a request to access the first computer system;
making a determination, using the first computer system, that a client does not have a valid session credential to access the first computer system, wherein the determination further comprises whether the client has a valid session with a second computer system;
retrieving, using the first computer system, information from a session token held by the client based at least in part on the determination that the client does not have a valid session credential to access the first computer system, the information corresponding to the valid session credential for the second computer system;
transmitting, using the first computer system, at least a portion of the information from the session token to the second computer system; and
granting, using the first computer system, the client access to the first computer system based at least in part on the determination that the client has a valid session credential with the second computer system.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system for cross-system authentication or credentialing of clients. Credentials from one system (e.g., system 2) are placed on a client, such as with a cookie on a browser, and the credentials are then extracted by another system (e.g., system 1), and used by system 1 to impersonate the client to system 2. If the client'"'"'s credentials with system 2 are valid, system 2 provides that information to system 1 (which is impersonating the client), and system 1 uses the validity of the credentials from system 2 to grant the client access to protected resources on system 1.
896 Citations
19 Claims
-
1. A computer implemented method for validating credentials comprising:
-
receiving, using a first computer system, a request to access the first computer system; making a determination, using the first computer system, that a client does not have a valid session credential to access the first computer system, wherein the determination further comprises whether the client has a valid session with a second computer system; retrieving, using the first computer system, information from a session token held by the client based at least in part on the determination that the client does not have a valid session credential to access the first computer system, the information corresponding to the valid session credential for the second computer system; transmitting, using the first computer system, at least a portion of the information from the session token to the second computer system; and granting, using the first computer system, the client access to the first computer system based at least in part on the determination that the client has a valid session credential with the second computer system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. Computer executable software code stored on a non-transitory computer-readable storage medium and transmitted as an information signal, the code for validating credentials, the code comprising:
-
code to input, at first computer system, a request to access the first computer system; code to make a determination, at the first computer system, that a client does not have a valid session credential to access the first computer system, wherein the determination further comprises whether the client has a valid session with a second computer system; code to retrieve, at the first computer system, information from a session token held by the client based at least in part on the determination that the client does not have a valid session credential to access the first computer system, the information corresponding to the valid session credential for the second computer system; code to transmit, at the first computer system, at least a portion of the information from the session token to the second computer system; and code to grant, at the first computer system, the client access to the first computer system based at least in part on the determination that the client has a valid session credential with the second computer system; and the first computer system having a first protected resource that is accessible upon the client having the access to the first computer system; and the second computer system having a second protected resource that is accessible upon the client having the access to the first computer system.
-
Specification