System for and method of providing single sign-on (SSO) capability in an application publishing environment
First Claim
1. A method of providing single sign-on (SSO) capability in an application publishing environment, the method comprising:
- receiving, by a gateway service, an access request from a client application;
prompting, by the gateway service, the client application, for credentials;
authenticating, by the gateway service, the client application using the credentials;
responsive to a successful authentication, selecting an initial host computer from a cluster of host computers;
encrypting, by the gateway service, the credentials using a public key associated with the selected host computer;
transmitting, by the gateway service, the encrypted credentials to the host computer;
decrypting, by the host computer, the encrypted credentials;
authenticating, by the host computer, the client application using the decrypted credentials; and
responsive to a successful authentication on said host computer;
starting, by the host computer, a host session for the client application, andautomatically erasing the credentials from memory of the gateway service subsequent to the successful authentication on the host computer, wherein subsequent requests for access to another host computer in the cluster are forwarded from the gateway server to the host computer for authentication based on the credentials.
4 Assignments
0 Petitions
Accused Products
Abstract
A client-server computing system includes a computer cluster for hosting certain resources, applications, programs, processes, files, and/or data that are published to users who are accessing the computer cluster remotely. The computer cluster includes a network of one or more host computers, a gateway server, a gateway service database, and a user database. A single sign-on (SSO) method of the disclosure includes performing a computer cluster authentication process in which a user enters his/her credentials followed by a resource authentication process in which there is no need for the user to reenter his/her credentials, having entered them already in the computer cluster authentication process.
65 Citations
19 Claims
-
1. A method of providing single sign-on (SSO) capability in an application publishing environment, the method comprising:
-
receiving, by a gateway service, an access request from a client application; prompting, by the gateway service, the client application, for credentials; authenticating, by the gateway service, the client application using the credentials; responsive to a successful authentication, selecting an initial host computer from a cluster of host computers; encrypting, by the gateway service, the credentials using a public key associated with the selected host computer; transmitting, by the gateway service, the encrypted credentials to the host computer; decrypting, by the host computer, the encrypted credentials; authenticating, by the host computer, the client application using the decrypted credentials; and responsive to a successful authentication on said host computer; starting, by the host computer, a host session for the client application, and automatically erasing the credentials from memory of the gateway service subsequent to the successful authentication on the host computer, wherein subsequent requests for access to another host computer in the cluster are forwarded from the gateway server to the host computer for authentication based on the credentials. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 16, 17, 18)
-
-
10. A system for providing single sign-on (SSO) capability in an application publishing environment, the system comprising:
-
a cluster of one or more host computers; a gateway service that; receives an access request from a client application; prompts the client application, for credentials; authenticates the client application using the credentials; responsive to a successful authentication, selects an initial host computer from the cluster of one or more host computers; encrypts the credentials using a public key associated with the selected host computer; transmits the encrypted credentials to the host computer; wherein the host computer; decrypts the encrypted credentials; authenticates the client application using the decrypted credentials; and responsive to a successful authentication by the host computer; starts a host session for the client application automatically erases the credentials from memory of the gateway service subsequent to the successful authentication on the host computer, wherein subsequent requests for access to another host computer in the cluster are forwarded from the gateway server to the host computer for authentication based on the credentials. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
19. A non-transitory computer-readable storage medium, having embodied thereon a program executable by a processor to perform a method for providing single sign-on (SSO) capability in an application publishing environment, the method comprising:
-
receiving an access request from a client application; prompting the client application, for credentials; authenticating the client application using the credentials; responsive to a successful authentication, selecting an initial host computer from a cluster of host computers; encrypting, by the gateway service, the credentials using a public key associated with the selected host computer; transmitting the encrypted credentials to the host computer; decrypting, by the host computer, the encrypted credentials; authenticating, by the host computer, the client application using the decrypted credentials; and responsive to a successful authentication by the host computer; starting, by the host computer, a host session for the client application, and automatically erasing the credentials from memory of the gateway service subsequent to the successful authentication on the host computer, wherein subsequent requests for access to another host computer in the cluster are forwarded from the gateway server to the host computer for authentication based on the credentials.
-
Specification