System for and method of providing single sign-on (SSO) capability in an application publishing environment
First Claim
1. A method for providing single-sign-on capability, the method comprising:
- receiving at a gateway service an access request sent by a client device, the access request associated with credentials entered by a user of the client device, wherein the client device is successfully authenticated by the gateway service on a selected initial host computer from a cluster of host computers;
transmitting the credentials from the gateway service to the selected initial host computer;
executing instructions stored in memory of the gateway service, wherein execution of the instructions by a processor of the gateway service automatically erases the credentials from memory of the gateway service subsequent to the successful authentication on the selected initial host computer;
receiving at the gateway service a subsequent access request regarding another host computer in the cluster; and
forwarding the subsequent access request from the gateway service to the selected initial host computer for authentication based on the credentials.
6 Assignments
0 Petitions
Accused Products
Abstract
A client-server computing system includes a computer cluster for hosting certain resources, applications, programs, processes, files, and/or data that are published to users who are accessing the computer cluster remotely. The computer cluster includes a network of one or more host computers, a gateway server, a gateway service database, and a user database. A single sign-on (SSO) method of the disclosure includes performing a computer cluster authentication process in which a user enters his/her credentials followed by a resource authentication process in which there is no need for the user to reenter his/her credentials, having entered them already in the computer cluster authentication process.
-
Citations
22 Claims
-
1. A method for providing single-sign-on capability, the method comprising:
-
receiving at a gateway service an access request sent by a client device, the access request associated with credentials entered by a user of the client device, wherein the client device is successfully authenticated by the gateway service on a selected initial host computer from a cluster of host computers; transmitting the credentials from the gateway service to the selected initial host computer; executing instructions stored in memory of the gateway service, wherein execution of the instructions by a processor of the gateway service automatically erases the credentials from memory of the gateway service subsequent to the successful authentication on the selected initial host computer; receiving at the gateway service a subsequent access request regarding another host computer in the cluster; and forwarding the subsequent access request from the gateway service to the selected initial host computer for authentication based on the credentials. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An apparatus for providing single-sign-on capability, the apparatus comprising:
-
a communication interface for; receiving an access request sent over a communication network by a client device, the access request associated with credentials entered by a user of the client device, wherein the client device is successfully authenticated by the gateway service on a selected initial host computer from a cluster of host computers, and transmitting the credentials from the gateway service to the selected initial host computer; a memory; and a hardware processor coupled to the memory for executing instructions stored in the memory of the gateway service, wherein execution of the instructions by the hardware processor of the gateway service automatically erases the credentials from the memory of the gateway service subsequent to the successful authentication on the selected initial host computer; wherein the communication interface further; receives at the gateway service a subsequent access request regarding another host computer in the cluster, and forwards the subsequent access request from the gateway service to the selected initial host computer for authentication based on the credentials. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A system for providing single-sign-on capability, the system comprising:
-
a cluster comprising a plurality of host computers; and a gateway service comprising; a communication interface for; receiving an access request sent over a communication network by a client device, the access request associated with credentials entered by a user of the client device, wherein the client device is successfully authenticated by the gateway service on a selected initial host computer from the cluster of host computers, and transmitting the credentials from the gateway service to the selected initial host computer; and a processor for executing instructions stored in memory of the gateway service, wherein execution of the instructions by the processor of the gateway service automatically erases the credentials from memory of the gateway service subsequent to the successful authentication on the selected initial host computer; wherein the communication interface further; receives at the gateway service a subsequent access request regarding another host computer in the cluster, and forwards the subsequent access request from the gateway service to the selected initial host computer for authentication based on the credentials. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
-
22. A non-transitory computer-readable storage medium, having embodied thereon a program executable by a processor to perform a method for providing single-sign-on capability, the method comprising:
-
receiving an access request sent by a client device, the access request associated with credentials entered by a user of the client device, wherein the client device is successfully authenticated by the gateway service on a selected initial host computer from a cluster of host computers; transmitting the credentials to the selected initial host computer; automatically erasing the credentials from memory subsequent to the successful authentication on the selected initial host computer; receiving a subsequent access request regarding another host computer in the cluster; and forwarding the subsequent access request to the selected initial host computer for authentication based on the credentials.
-
Specification