Information processing system, information processing device, and authentication method
First Claim
1. An information processing system, comprising:
- one or more information processing devices,wherein the one or more information processing devices includes;
a storage unit configured to store a program; and
a processor configured to execute the program,wherein the program which, when executed by the processor, functions as;
a receiving unit configured to receive user identification information and organization identification information from an external device; and
an authentication unit configured to perform authentication with respect to the user identification information and the organization identification information received from the external device by the receiving unit using a first storage unit that stores one or more sets of user identification information in association with the organization identification information;
wherein when the authentication unit receives a federated authentication request to access an external service from the external device that is authenticated, the authentication unit sends a federated authentication response to the external device if the organization identification information received from the external device and the external service designated in the federated authentication request are stored in association with each other in a second storage unit that stores the organization identification information in association with information on one or more external services that have established a trust relationship for authentication;
wherein when the authentication unit receives the federated authentication request from the external device that is not authenticated, the authentication unit attaches information on the federated authentication request to a response to the receiving unit for prompting the receiving unit to receive the user identification information and the organization identification information from the external device;
wherein when the information on the federated authentication request is attached to the user identification information and the organization identification information received from the external device, the receiving unit sends authentication information indicating authentication has been completed by the authentication unit to the external device; and
wherein when the authentication unit receives from the external device the federated authentication request that has the authentication information attached thereto, the authentication unit determines that the federated authentication request is from the external device that is authenticated.
1 Assignment
0 Petitions
Accused Products
Abstract
An information processing system includes a receiving unit that receives user identification information and organization identification information from an external device, and an authentication unit that performs authentication of the user identification information and the organization identification information received by the receiving unit using a first storage unit storing one or more sets of user identification information in association with organization identification information. When the authentication unit receives a federated authentication request to access an external service from the external device that is authenticated, the authentication unit sends a federated authentication response to the external device if the organization identification information received from the external device and the external service designated in the federated authentication request are associated with each other in a second storage unit storing the organization identification information in association with information on one or more external services that have established a trust relationship for authentication.
14 Citations
8 Claims
-
1. An information processing system, comprising:
-
one or more information processing devices, wherein the one or more information processing devices includes; a storage unit configured to store a program; and a processor configured to execute the program, wherein the program which, when executed by the processor, functions as; a receiving unit configured to receive user identification information and organization identification information from an external device; and an authentication unit configured to perform authentication with respect to the user identification information and the organization identification information received from the external device by the receiving unit using a first storage unit that stores one or more sets of user identification information in association with the organization identification information; wherein when the authentication unit receives a federated authentication request to access an external service from the external device that is authenticated, the authentication unit sends a federated authentication response to the external device if the organization identification information received from the external device and the external service designated in the federated authentication request are stored in association with each other in a second storage unit that stores the organization identification information in association with information on one or more external services that have established a trust relationship for authentication; wherein when the authentication unit receives the federated authentication request from the external device that is not authenticated, the authentication unit attaches information on the federated authentication request to a response to the receiving unit for prompting the receiving unit to receive the user identification information and the organization identification information from the external device; wherein when the information on the federated authentication request is attached to the user identification information and the organization identification information received from the external device, the receiving unit sends authentication information indicating authentication has been completed by the authentication unit to the external device; and wherein when the authentication unit receives from the external device the federated authentication request that has the authentication information attached thereto, the authentication unit determines that the federated authentication request is from the external device that is authenticated. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An information processing device comprising:
-
a storage unit configured to store a program; and a processor configured to execute the program, wherein the program which, when executed by the processor, functions as; a receiving unit configured to receive user identification information and organization identification information from an external device; and an authentication unit configured to perform authentication with respect to the user identification information and the organization identification information received from the external device by the receiving unit using a first storage unit that stores one or more sets of user identification information in association with the organization identification information; wherein when the authentication unit receives a federated authentication request to access an external service from the external device that is authenticated, the authentication unit sends a federated authentication response to the external device if the organization identification information received from the external device and the external service designated in the federated authentication request are stored in association with each other in a second storage unit that stores the organization identification information in association with information on one or more external services that have established a trust relationship for authentication; wherein when the authentication unit receives the federated authentication request from the external device that is not authenticated, the authentication unit attaches information on the federated authentication request to a response to the receiving unit for prompting the receiving unit to receive the user identification information and the organization identification information from the external device; wherein when the information on the federated authentication request is attached to the user identification information and the organization identification information received from the external device, the receiving unit sends authentication information indicating authentication has been completed by the authentication unit to the external device; and wherein when the authentication unit receives from the external device the federated authentication request that has the authentication information attached thereto, the authentication unit determines that the federated authentication request is from the external device that is authenticated.
-
-
8. An authentication method executed by an information processing system including one or more information processing devices, the authentication method comprising:
-
a receiving step in which a receiving unit receives user identification information and organization identification information from an external device; an authentication step in which a processor performs authentication with respect to the user identification information and the organization identification information received from the external device by the receiving unit using a first memory that stores one or more sets of user identification information in association with the organization identification information; a request receiving step in which the processor receives a federated authentication request to access an external service from the external device that is authenticated; a sending step in which the processor sends a federated authentication response to the external device if the organization identification information received from the external device and the external service designated in the federated authentication request are stored in association with each other in a second memory that stores the organization identification information in association with information on one or more external services that have established a trust relationship for authentication; an attaching step in which when the processor receives the federated authentication request from the external device that is not authenticated, the processor attaches information on the federated authentication request to a response to the receiving unit for prompting the receiving unit to receive the user identification information and the organization identification information from the external device; a sending step in which when the information on the federated authentication request is attached to the user identification information and the organization identification information received from the external device, the receiving unit sends authentication information indicating authentication has been completed by the processor to the external device; and a determining step in which when the processor receives from the external device the federated authentication request that has the authentication information attached thereto, the processor determines that the federated authentication request is from the external device that is authenticated.
-
Specification