System for and method of providing single sign-on (SSO) capability in an application publishing environment
First Claim
1. A method for providing single-sign-on capability, the method comprising:
- receiving at a gateway service an access request regarding an identified resource, the access request sent by a client device associated with a user that had previously been authenticated on an initial host computer based on credential provided by the user;
executing instructions stored in memory of the gateway service, wherein execution of the instructions by a processor of the gateway service;
automatically erases user credentials from memory of the gateway service subsequent to successful authentication of the user credentials on the initial host computer,selects another host computer from the cluster that has the requested resource, andidentifies that a host session is running on the initial host computer,forwarding the access request from the gateway service to the initial host computer for authentication on the other host computer from the cluster based on the credentials; and
executing further instructions, wherein execution of the further instructions by the processor;
determines that the authentication on the other host computer is successful, wherein the other host computer creates a host session for the authenticated user, andprovides the requested resource to the authenticated user at the client device.
4 Assignments
0 Petitions
Accused Products
Abstract
A client-server computing system includes a computer cluster for hosting certain resources, applications, programs, processes, files, and/or data that are published to users who are accessing the computer cluster remotely. The computer cluster includes a network of one or more host computers, a gateway server, a gateway service database, and a user database. A single sign-on (SSO) method of the disclosure includes performing a computer cluster authentication process in which a user enters his/her credentials followed by a resource authentication process in which there is no need for the user to reenter his/her credentials, having entered them already in the computer cluster authentication process.
213 Citations
19 Claims
-
1. A method for providing single-sign-on capability, the method comprising:
-
receiving at a gateway service an access request regarding an identified resource, the access request sent by a client device associated with a user that had previously been authenticated on an initial host computer based on credential provided by the user; executing instructions stored in memory of the gateway service, wherein execution of the instructions by a processor of the gateway service; automatically erases user credentials from memory of the gateway service subsequent to successful authentication of the user credentials on the initial host computer, selects another host computer from the cluster that has the requested resource, and identifies that a host session is running on the initial host computer, forwarding the access request from the gateway service to the initial host computer for authentication on the other host computer from the cluster based on the credentials; and executing further instructions, wherein execution of the further instructions by the processor; determines that the authentication on the other host computer is successful, wherein the other host computer creates a host session for the authenticated user, and provides the requested resource to the authenticated user at the client device. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An apparatus for providing single-sign-on capability, the apparatus comprising:
-
a gateway server communication interface that receives over a communication network an access request regarding an identified resource, the access request sent by a client device associated with a user that had previously been authenticated on an initial host computer based on credential provided by the user; memory that stores a gateway service database comprising user credentials; a gateway server processor coupled to the memory, wherein execution of instructions by the gateway server processor; automatically erases user credentials from the gateway service database in the memory subsequent to successful authentication of the user credentials on the initial host computer, selects another host computer from the cluster that has the requested resource, and identifies that a host session is running on the initial host computer, wherein the gateway server communication interface forwards the access request over the communication network to the initial host computer for authentication on the other host computer from the cluster based on the credentials; and wherein the gateway server processor executes further instructions, wherein execution of the further instructions; determines that the authentication on the other host computer is successful, wherein the other host computer creates a host session for the authenticated user, and provides the requested resource to the authenticated user at the client device. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A system for providing single-sign-on capability, the system comprising:
-
a cluster comprising a plurality of host computers; and a gateway service associated with the cluster, the gateway service comprising; a communication interface receiving an access request regarding an identified resource, the access request sent by a client device associated with a user that had previously been authenticated on an initial host computer based on credential provided by the user; a processor for executing instructions stored in memory of the gateway service, wherein execution of the instructions; automatically erases user credentials from memory of the gateway service subsequent to successful authentication of the user credentials on the initial host computer, selects another host computer from the cluster that has the requested resource, and identifies that a host session is running on the initial host computer, wherein the communication interface forwards the access request to the initial host computer for authentication on the other host computer from the cluster based on the credentials; and wherein the processor executes further instructions, wherein execution of the further instructions; determines that the authentication on the other host computer is successful, wherein the other host computer creates a host session for the authenticated user, and provides the requested resource to the authenticated user at the client device. - View Dependent Claims (14, 15, 16, 17, 18)
-
-
19. A non-transitory computer-readable storage medium, having embodied thereon a program executable by a processor to perform a method for providing single-sign-on capability, the method comprising:
-
receiving an access request regarding an identified resource, the access request sent by a client device associated with a user that had previously been authenticated on an initial host computer based on credential provided by the user; automatically erasing user credentials from memory of the gateway service subsequent to successful authentication of the user credentials on the initial host computer; selecting another host computer from the cluster that has the requested resource; identifying that a host session is running on the initial host computer; forwarding the access request from the gateway service to the initial host computer for authentication on the other host computer from the cluster based on the credentials; determining that the authentication on the other host computer is successful, wherein the other host computer creates a host session for the authenticated user; and providing the requested resource to the authenticated user at the client device.
-
Specification