Security token based user authentication in a multi-tenanted application

US 9,058,481 B2
Filed: 01/31/2013
Issued: 06/16/2015
Est. Priority Date: 01/31/2013
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for security token based user authentication in a mufti-tenanted application, the method being performed by one or more processors and comprising:

receiving an access request from a user to access at least one user account associated with a first tenant in the multi-tenanted application;

in response to receiving the access request, obtaining a security token for the user from a Security Token Service (STS) system;

determining a plurality of user accounts associated with the security token, the plurality of user accounts including the at least one user account, the at least one user account being a default user account among the plurality of user accounts, wherein the plurality of user accounts is associated with a respective plurality of tenants of the multi-tenanted application;

providing the user with access to the plurality of the user accounts in the mufti-tenanted application;

displaying context of the at least one user account, associated with the first tenant, based on the at least one user account being the default user account; and

in response to a user selection, switching context from the default user account to a second user account, associated with a second tenant of the multi-tenanted application, among the plurality of user accounts.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for security token based user authentication in a multi-tenanted application. An access request, from a user, is received to access at least one user account associated with the user in the multi-tenanted application. Upon receiving the access request, a security token is obtained for the user from a Security Token Service (STS) system. The security token is obtained upon authentication of the user based on login credentials provided by the user. Thereafter, a plurality of user accounts associated with the security token is determined. The plurality of user accounts includes the at least one user account. Further, an access to the plurality of user accounts is provided to the user.

15 Citations

View as Search Results

13 Claims

1. A computer-implemented method for security token based user authentication in a mufti-tenanted application, the method being performed by one or more processors and comprising:
- receiving an access request from a user to access at least one user account associated with a first tenant in the multi-tenanted application;
  
  in response to receiving the access request, obtaining a security token for the user from a Security Token Service (STS) system;
  
  determining a plurality of user accounts associated with the security token, the plurality of user accounts including the at least one user account, the at least one user account being a default user account among the plurality of user accounts, wherein the plurality of user accounts is associated with a respective plurality of tenants of the multi-tenanted application;
  
  providing the user with access to the plurality of the user accounts in the mufti-tenanted application;
  
  displaying context of the at least one user account, associated with the first tenant, based on the at least one user account being the default user account; and
  
  in response to a user selection, switching context from the default user account to a second user account, associated with a second tenant of the multi-tenanted application, among the plurality of user accounts.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, wherein providing the user with access to the plurality of user accounts is based on pre-assigned roles, associated with the user, requiring access to the plurality of user accounts associated with the respective plurality of tenants of the multi-tenanted application.
  - 3. The method of claim 1, wherein the STS system is external to the mufti-tenanted application, and wherein receiving the access request comprises intercepting the access request from the multi-tenanted application, and diverting the access request to the STS system to authenticate the user.
  - 4. The method of claim 1, further comprising:
    - receiving registration data, from one of a plurality of tenants of the multi-tenanted application, to register the plurality of user accounts for the user, wherein the plurality of user accounts is based on one or more pre-assigned roles requiring registration to a number of the plurality of respective tenants of the mufti-tenanted application;
      
      generating the security token for single login authentication of the user to access all of the plurality of user accounts; and
      
      associating the security token with the plurality of user accounts to register each of the plurality of user accounts with the mufti-tenanted application.

5. An application server for security token based user authentication in a mufti-tenanted application, the application server comprising:
- a processor; and
  
  a memory resource storing instructions that, when executed by the processor, cause the application server to;
  
  receive an initial access request from a user to access at least one user account associated with a first tenant in the multi-tenanted application;
  
  identify a number of pre-assigned roles assigned to the user, the number of pre-assigned roles requiring association with a respective plurality of tenants of the mufti-tenanted application;
  
  based on the number of pre-assigned roles, generate a security token to provide single-login access to a plurality of user accounts, including the at least one user account, associated with the respective plurality of tenants of the mufti-tenanted application; and
  
  provide the user with the security token to enable the user to access the plurality of the user accounts, via the single-login access, in the mufti-tenanted application.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12)
- - 6. The application server of claim 5, wherein the application server is included in a Security Token Service (STS) system, and wherein the instructions, when executed by the processor, further cause the application server to:
    - store the security token in a database of the STS system.
  - 7. The application server of claim 5, wherein the instructions, when executed by the processor, further cause the application server to:
    - select the at least one user account as a default user account based on the initial access request; and
      
      upon a user login to the mufti-tenanted application, display context of the default user account to the user.
  - 8. The application server of claim 6, wherein the STS system and application server are external to the mufti-tenanted application, and wherein the instructions, when executed by the processor, further cause the application server to:
    - intercept a subsequent access request from the user to access the multi-tenanted application; and
      
      obtain the security token for the user from the database of the STS system; and
      
      provide the security token to the user to enable the user to access the plurality of user accounts via the single-login access.
  - 9. The application server of claim 5, wherein the plurality of user accounts are active user accounts associated with the user.
  - 10. The application server of claim 7, wherein the instructions, when executed by the processor, further cause the application server to:
    - switch the displayed context from the default user account in the plurality of user accounts to a second user account in the plurality of user accounts based on selection by the user.
  - 11. The application server of claim 10, wherein the instructions, when executed by the processor, further cause the application server to:
    - provide a drop-down menu, comprising the plurality of user accounts, to enable the user to make the selection of the second user account.
  - 12. The application server of claim 5, wherein the instructions, when executed by the processor, further cause the application server to:
    - deactivate one or more of the plurality of user accounts based on determining that the user is no longer associated with a respective one or more of the plurality of respective tenants.

13. A non-transitory computer readable medium comprising instructions for user authentication in a mufti-tenanted application, wherein the instructions, when executed by a processor of an application server, cause the application server to:
- receive an access request from a user to access at least one user account associated with a first tenant in the multi-tenanted application;
  
  identify a number of pre-assigned roles assigned to the user, the number of pre-assigned roles requiring association with a respective plurality of tenants of the mufti-tenanted application;
  
  based on the number of pre-assigned roles, generate a security token to provide single-login access to a plurality of user accounts, including the at least one user account, associated with the respective plurality of tenants of the mufti-tenanted application; and
  
  provide the user with the security token to enable the user to access the plurality of the user accounts, via the single login access, in the mufti-tenanted application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Prasad, Kannan, Goswamee, Prabir Kumar
Primary Examiner(s)
DADA, BEEMNET W

Application Number

US13/755,401
Publication Number

US 20140215595A1
Time in Patent Office

866 Days
Field of Search

726/8
US Class Current

1/1
CPC Class Codes

G06F 21/41 where a single sign-on prov...

Security token based user authentication in a multi-tenanted application

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

15 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Security token based user authentication in a multi-tenanted application

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

15 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links