System and method for single sign-on to resources across a network
First Claim
1. A method for providing single sign-on across a plurality of resources, comprising:
- receiving a request from a user to access a particular resource of the plurality of resources;
establishing a single sign-on (SSO) session for the user if an SSO session has not been established;
determining if the user has been authenticated to the particular resource, and if not, retrieving credentials for the user that are specific to the particular resource from a credential store, the credential store including a plurality of different credential sets for the user corresponding to different ones of the plurality of resources;
providing a token to a software client of the user;
operatively presenting the credentials retrieved from the credential store to the particular resource so as to create a session with the particular resource;
presenting a first user interface for a customer to configure access policies that define which of the plurality of resources can be accessed by the user;
discovering an authentication subsystem of the particular resource by simulatinga) an end user using a browser, andb) the browser interacting with the particular resource;
communicating with the authentication subsystem to authenticate the user;
connecting to one or more user stores to retrieve attributes relating to the user;
utilizing the attributes to evaluate the access policies to determine whether or not the user should be granted access to the particular resource;
receiving the request from the user as a proxy address that differs from the actual address of the particular resource;
presenting a second user interface to allow the user to set credentials in the credential store relative to the particular resource;
using characteristics of the request to determine which of a plurality of authentication subsystems to use; and
wherein at least a portion of the characteristics of the request comprises one or more results of a previous authentication attempt for the same request with another one of the plurality of authentication subsystems.
10 Assignments
0 Petitions
Accused Products
Abstract
Systems, methods and apparatus for providing single sign on across a plurality of resources is disclosed. An exemplary method includes receiving a request from a user to access a particular one of the plurality of resources; establishing an SSO session for the user if an SSO session has not been established; determining if the user has been authenticated to the particular resource, and if not, retrieving credentials for the user that are specific to the resource; presenting the credentials to the resource so as to create a session with the resource; and presenting a user interface for a customer to configure which of the plurality of resources can be accessed by users.
40 Citations
9 Claims
-
1. A method for providing single sign-on across a plurality of resources, comprising:
-
receiving a request from a user to access a particular resource of the plurality of resources; establishing a single sign-on (SSO) session for the user if an SSO session has not been established; determining if the user has been authenticated to the particular resource, and if not, retrieving credentials for the user that are specific to the particular resource from a credential store, the credential store including a plurality of different credential sets for the user corresponding to different ones of the plurality of resources; providing a token to a software client of the user; operatively presenting the credentials retrieved from the credential store to the particular resource so as to create a session with the particular resource; presenting a first user interface for a customer to configure access policies that define which of the plurality of resources can be accessed by the user; discovering an authentication subsystem of the particular resource by simulating a) an end user using a browser, and b) the browser interacting with the particular resource; communicating with the authentication subsystem to authenticate the user; connecting to one or more user stores to retrieve attributes relating to the user; utilizing the attributes to evaluate the access policies to determine whether or not the user should be granted access to the particular resource; receiving the request from the user as a proxy address that differs from the actual address of the particular resource; presenting a second user interface to allow the user to set credentials in the credential store relative to the particular resource; using characteristics of the request to determine which of a plurality of authentication subsystems to use; and wherein at least a portion of the characteristics of the request comprises one or more results of a previous authentication attempt for the same request with another one of the plurality of authentication subsystems. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
Specification