Information processing system, control method for controlling the information processing system, and storage medium
First Claim
1. A service server to provide a service and communicate with an identity server and a client computer operated by a first user, the service server comprising:
- at least one processor coupled to a memory;
a reception unit configured to receive, from the client computer as provided by and associated with the first user, a service user identification (ID) and a service user password for the service server, an identity user ID and an identity user password for the identity server, a request for collective users setting of single sign-on, and an access request to receive a service of the service server;
an acceptance unit configured to receive, from the client computer, single sign-on (SSO) mapping setting information, wherein the SSO mapping setting information includes at least two combinations of a service user ID and an identity user ID, wherein a service user ID and an identity user ID in a combination are related to each other;
an acquisition unit configured to use the identity user ID, the identity user password, and authority associated with the identity user ID to acquire an identity user ID list from the identity server, and configured to use the service user ID and authority associated with the service user ID to acquire a service user ID list,wherein the identity user ID list includes a list of user IDs recognized by the identity server, including the identity user ID and a second identity user ID that is associated with a second user, and belonging to the same identity tenant, and wherein the service user ID list includes a list of user IDs recognized by the service server, including the service user ID and a second service user ID that is associated with the second user, and belonging to the same service tenant; and
a setting unit configured to use the service user ID list, the identity user ID list, and the SSO mapping setting information to perform SSO mapping processing to determine whether to set a combination of service user ID and identity user ID in the SSO mapping setting information as single sign-on setting information, wherein, for each combination of a service user ID and an identity user ID in the SSO mapping setting information set as part of the single sign-on setting information, the service server provides a user, in the identity tenant and the service tenant and associated with a combination set by the setting unit as part of the single sign-on setting information, to receive access to the service of the service server, even users other than the user associated with the service user ID and the identity user ID who requested the collective users setting of single sign-on, andwherein at least one of the reception unit, the acceptance unit, the acquisition unit, and the setting unit are implemented by the at least one processor.
1 Assignment
0 Petitions
Accused Products
Abstract
A second information processing system to communicate with a first information processing system includes an acquisition unit, an acceptance unit, a confirmation unit, and a setting unit. The acquisition unit acquires authentication information from the first information processing system and from a memory of the second information processing system. The acceptance unit accepts correspondence information indicating correspondence between first authentication information and second authentication information. The confirmation unit confirms, as a condition, whether the acquired authentication information in the first information processing system is identical to the accepted first authentication information and confirms, as a condition, whether the acquired authentication information in the second information processing system is identical to the accepted second authentication information. The setting unit does not set the correspondence information as single sign-on setting information if a condition is not satisfied and sets the correspondence information as single sign-on setting information if both conditions are satisfied.
19 Citations
20 Claims
-
1. A service server to provide a service and communicate with an identity server and a client computer operated by a first user, the service server comprising:
-
at least one processor coupled to a memory; a reception unit configured to receive, from the client computer as provided by and associated with the first user, a service user identification (ID) and a service user password for the service server, an identity user ID and an identity user password for the identity server, a request for collective users setting of single sign-on, and an access request to receive a service of the service server; an acceptance unit configured to receive, from the client computer, single sign-on (SSO) mapping setting information, wherein the SSO mapping setting information includes at least two combinations of a service user ID and an identity user ID, wherein a service user ID and an identity user ID in a combination are related to each other; an acquisition unit configured to use the identity user ID, the identity user password, and authority associated with the identity user ID to acquire an identity user ID list from the identity server, and configured to use the service user ID and authority associated with the service user ID to acquire a service user ID list, wherein the identity user ID list includes a list of user IDs recognized by the identity server, including the identity user ID and a second identity user ID that is associated with a second user, and belonging to the same identity tenant, and wherein the service user ID list includes a list of user IDs recognized by the service server, including the service user ID and a second service user ID that is associated with the second user, and belonging to the same service tenant; and a setting unit configured to use the service user ID list, the identity user ID list, and the SSO mapping setting information to perform SSO mapping processing to determine whether to set a combination of service user ID and identity user ID in the SSO mapping setting information as single sign-on setting information, wherein, for each combination of a service user ID and an identity user ID in the SSO mapping setting information set as part of the single sign-on setting information, the service server provides a user, in the identity tenant and the service tenant and associated with a combination set by the setting unit as part of the single sign-on setting information, to receive access to the service of the service server, even users other than the user associated with the service user ID and the identity user ID who requested the collective users setting of single sign-on, and wherein at least one of the reception unit, the acceptance unit, the acquisition unit, and the setting unit are implemented by the at least one processor. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method for a service server to provide a service and communicate with an identity server and a client computer operated by a first user, the method comprising:
-
receiving, from the client computer as provided by and associated with the first user, a service user identification (ID) and a service user password for the service server, an identity user ID and an identity user password for the identity server, a request for collective users setting of single sign-on, and an access request to receive a service of the service server; receiving, from the client computer, single sign-on (SSO) mapping setting information, wherein the SSO mapping setting information includes at least two combinations of a service user ID and an identity user ID, wherein a service user ID and an identity user ID in a combination are related to each other; using the identity user ID, the identity user password, and authority associated with the identity user ID to acquire an identity user ID list from the identity server, and using the service user ID and authority associated with the service user ID to acquire a service user ID list, wherein the identity user ID list includes a list of user IDs recognized by the identity server, including the identity user ID and a second identity user ID that is associated with a second user, and belonging to the same identity tenant, and wherein the service user ID list includes a list of user IDs recognized by the service server, including the service user ID and a second service user ID that is associated with the second user, and belonging to the same service tenant; and using the service user ID list, the identity user ID list, and the SSO mapping setting information to perform SSO mapping processing to determine whether to set a combination of service user ID and identity user ID in the SSO mapping setting information as single sign-on setting information, wherein, for each combination of a service user ID and an identity user ID in the SSO mapping setting information set as part of the single sign-on setting information, the service server provides a user, in the identity tenant and the service tenant and associated with a combination set as part of the single sign-on setting information, to receive access to the service of the service server, even users other than the user associated with the service user ID and the identity user ID who requested the collective users setting of single sign-on, and wherein at least one step is performed by at least one processor coupled to a memory. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A non-transitory computer-readable storage medium storing a program to cause a service server to perform a method, wherein the service server is to provide a service and communicate with an identity server and a client computer operated by a first user an image forming apparatus, the method comprising:
-
receiving, from the client computer as provided by and associated with the first user, a service user identification (ID) and a service user password for the service server, an identity user ID and an identity user password for the identity server, a request for collective users setting of single sign-on, and an access request to receive a service of the service server; receiving, from the client computer, single sign-on (SSO) mapping setting information, wherein the SSO mapping setting information includes at least two combinations of a service user ID and an identity user ID, wherein a service user ID and an identity user ID in a combination are related to each other; using the identity user ID, the identity user password, and authority associated with the identity user ID to acquire an identity user ID list from the identity server, and using the service user ID and authority associated with the service user ID to acquire a service user ID list, wherein the identity user ID list includes a list of user IDs recognized by the identity server, including the identity user ID and a second identity user ID that is associated with a second user, and belonging to the same identity tenant, and wherein the service user ID list includes a list of user IDs recognized by the service server, including the service user ID and a second service user ID that is associated with the second user, and belonging to the same service tenant; and using the service user ID list, the identity user ID list, and the SSO mapping setting information to perform SSO mapping processing to determine whether to set a combination of service user ID and identity user ID in the SSO mapping setting information as single sign-on setting information, wherein, for each combination of a service user ID and an identity user ID in the SSO mapping setting information set as part of the single sign-on setting information, the service server provides a user, in the identity tenant and the service tenant and associated with a combination set as part of the single sign-on setting information, to receive access to the service of the service server, even users other than the user associated with the service user ID and the identity user ID who requested the collective users setting of single sign-on, and wherein at least one step is performed by at least one processor coupled to a memory. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A system comprising:
-
an identity server; a client computer; and a service server to provide a service and communicate with the identity server and the client computer operated by a first user, the service server including; at least one processor coupled to a memory, a reception unit configured to receive, from the client computer as provided by and associated with the first user, a service user identification (ID) and a service user password for the service server, an identity user ID and an identity user password for the identity server, a request for collective users setting of single sign-on, and an access request to receive a service of the service server, an acceptance unit configured to receive, from the client computer, single sign-on (SSO) mapping setting information, wherein the SSO mapping setting information includes at least two combinations of a service user ID and an identity user ID, wherein a service user ID and an identity user ID in a combination are related to each other, an acquisition unit configured to use the identity user ID, the identity user password, and authority associated with the identity user ID to acquire an identity user ID list from the identity server, and configured to use the service user ID and authority associated with the service user ID to acquire a service user ID list, wherein the identity user ID list includes a list of user IDs recognized by the identity server, including the identity user ID and a second identity user ID that is associated with a second user, and belonging to the same identity tenant, and wherein the service user ID list includes a list of user IDs recognized by the service server, including the service user ID and a second service user ID that is associated with the second user, and belonging to the same service tenant, and a setting unit configured to use the service user ID list, the identity user ID list, and the SSO mapping setting information to perform SSO mapping processing to determine whether to set a combination of service user ID and identity user ID in the SSO mapping setting information as single sign-on setting information, wherein, for each combination of a service user ID and an identity user ID in the SSO mapping setting information set as part of the single sign-on setting information, the service server provides a user, in the identity tenant and the service tenant and associated with a combination set by the setting unit as part of the single sign-on setting information, to receive access to the service of the service server, even users other than the user associated with the service user ID and the identity user ID who requested the collective users setting of single sign-on, and wherein at least one of the reception unit, the acceptance unit, the acquisition unit, and the setting unit are implemented by the at least one processor. - View Dependent Claims (17, 18, 19, 20)
-
Specification