Redirect to inspection proxy using single-sign-on bootstrapping
First Claim
1. A method comprising:
- on the basis of an authentication request generated in response to a user of a client device attempting to initiate a user session with an application managed by a service provider and the service provider redirecting the attempted user session of the client device to an identity provider, generating an authentication response based on credentials received from the user, the authentication response including an assertion on behalf of the user;
rewriting a delivery resource locator for the assertion to a resource locator of a proxy in order to redirect the assertion to the proxy and to cause the client device to access service provider web pages and linked content through the proxy; and
sending to the client device the authentication response together with the resource locator of the proxy in order to cause the client device to send the assertion to the proxy that decodes the re-written resource locator and sends the assertion to the service provider so the proxy rewrites and sends the service provider web pages and linked content to the client device.
1 Assignment
0 Petitions
Accused Products
Abstract
An authentication request is generated when a user of a client device attempts to initiate a user session with an application managed by a service provider. An authentication response is generated based on credentials received from the user. The authentication response includes an assertion on behalf of the user. A delivery resource locator for the assertion is rewritten to a resource locator of a proxy in order to redirect the assertion to the proxy. The authentication response is sent to the client device together with the resource locator of the proxy in order to cause the client device to send the assertion to the proxy that decodes the re-written resource locator and sends the assertion to the service provider.
-
Citations
20 Claims
-
1. A method comprising:
-
on the basis of an authentication request generated in response to a user of a client device attempting to initiate a user session with an application managed by a service provider and the service provider redirecting the attempted user session of the client device to an identity provider, generating an authentication response based on credentials received from the user, the authentication response including an assertion on behalf of the user; rewriting a delivery resource locator for the assertion to a resource locator of a proxy in order to redirect the assertion to the proxy and to cause the client device to access service provider web pages and linked content through the proxy; and sending to the client device the authentication response together with the resource locator of the proxy in order to cause the client device to send the assertion to the proxy that decodes the re-written resource locator and sends the assertion to the service provider so the proxy rewrites and sends the service provider web pages and linked content to the client device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method comprising:
-
receiving at an identity provider an authentication request generated in response to a user of a client device attempting to initiate a user session with an application managed by a service provider and the service provider redirecting the attempted user session of the client device to an identity provider; generating an authentication response based on credentials received from the user, the response including an assertion on behalf of the user; rewriting a delivery resource locator for the assertion to a resource locator of a proxy in order to redirect the assertion to the proxy and to cause the client device to access service provider web pages and linked content through the proxy; and sending to the client device the authentication response together with the resource locator of the proxy in order to cause the client device to send the assertion to the proxy so the proxy rewrites and sends the service provider web pages and linked content to the client device. - View Dependent Claims (12, 13, 14, 15)
-
-
16. An apparatus comprising:
-
a network interface unit configured to send and receive communications over a network; a processor coupled to the network interface unit, wherein the processor is configured to; on the basis of an authentication request generated in response to a user of a client device attempting to initiate a user session with an application managed by a service provider and the service provider redirecting the attempted user session of the client device to an identity provider, generate an authentication response based on credentials received from the user, the response including an assertion on behalf of the user; rewrite a delivery resource locator for the assertion to a resource locator of a proxy in order to redirect the assertion to the proxy and to cause the client device to access service provider web pages and linked content through the proxy; and supply the authentication response to the network interface unit to be sent to the client device together with the resource locator of the proxy in order to cause the client device to send the assertion to the proxy so the proxy rewrites and sends the service provider web pages and linked content to the client device. - View Dependent Claims (17, 18, 19, 20)
-
Specification