Facilitating single sign-on (SSO) across multiple browser instance
First Claim
1. A computing system comprising:
- an authentication server to authenticate users and to maintain registration data indicating a respective set of client systems registered for each user across which a single sign-on (SSO) is to be facilitated; and
a plurality of server systems to host a plurality of protected resources, which are accessible only to authenticated users,each server system to receive a request for accessing a protected resource of said plurality of protected resources and if the request is identified as not being from an authenticated user, redirecting the received request to said authentication server for authentication of the user by said authentication server;
a plurality of client systems using which users send requests for accessing said plurality of protected resources to said plurality of server systems,wherein said registration data at a first time instance indicates that a first set of client systems is registered for a single user, said first set of client systems being contained in said plurality of client systems, said registration data indicating that said first set of client systems includes a second client system,wherein said single user sends from a first client system, a first request for accessing a first protected resource and then sends from said second client system, a second request for accessing a second protected resource,wherein said first request is sent at a second time instance following said first time instance,wherein said first protected resource and said second protected resource are contained in said plurality of protected resources, wherein said first client system is contained in said plurality of client systems,wherein said authentication server performs a single authentication of said single user in response to receiving said first request from said first client system, wherein said single user is allowed to access from said first client system, said first protected resource in a session duration after said single authentication, wherein a single sign on (SSO) session is maintained in said authentication server in said session duration as a basis for permitting access to at least some of said plurality of protected resources including said first protected resource,wherein said authentication server and said plurality of server systems operate to allow said single user to access said second protected resource in said session duration from said second client system, based on said single authentication from said first client system in view of said second client system being included in said first set of client systems registered for said single user such that said single user is not required to perform authentication again to access from said second client system, said second protected resource in said session duration.
1 Assignment
0 Petitions
Accused Products
Abstract
Facilitating single sign-on (SSO) across multiple browser instances such that user authentication at one browser instance is used as a basis to permit access to protected resources (hosted on server systems) from other browser instances. In an embodiment, the different browser instances are executing on different client systems. An authentication server may maintain a registration data indicating the different client systems/browser instances registered by a user for SSO feature. After a user is authenticated for a first session from one browser instance, the authentication server enables the user to access any protected resource from registered client systems/browser instances without requiring further authentication (based on the presence of the authenticated first session).
-
Citations
16 Claims
-
1. A computing system comprising:
-
an authentication server to authenticate users and to maintain registration data indicating a respective set of client systems registered for each user across which a single sign-on (SSO) is to be facilitated; and a plurality of server systems to host a plurality of protected resources, which are accessible only to authenticated users, each server system to receive a request for accessing a protected resource of said plurality of protected resources and if the request is identified as not being from an authenticated user, redirecting the received request to said authentication server for authentication of the user by said authentication server; a plurality of client systems using which users send requests for accessing said plurality of protected resources to said plurality of server systems, wherein said registration data at a first time instance indicates that a first set of client systems is registered for a single user, said first set of client systems being contained in said plurality of client systems, said registration data indicating that said first set of client systems includes a second client system, wherein said single user sends from a first client system, a first request for accessing a first protected resource and then sends from said second client system, a second request for accessing a second protected resource, wherein said first request is sent at a second time instance following said first time instance, wherein said first protected resource and said second protected resource are contained in said plurality of protected resources, wherein said first client system is contained in said plurality of client systems, wherein said authentication server performs a single authentication of said single user in response to receiving said first request from said first client system, wherein said single user is allowed to access from said first client system, said first protected resource in a session duration after said single authentication, wherein a single sign on (SSO) session is maintained in said authentication server in said session duration as a basis for permitting access to at least some of said plurality of protected resources including said first protected resource, wherein said authentication server and said plurality of server systems operate to allow said single user to access said second protected resource in said session duration from said second client system, based on said single authentication from said first client system in view of said second client system being included in said first set of client systems registered for said single user such that said single user is not required to perform authentication again to access from said second client system, said second protected resource in said session duration. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method of facilitating single sign-on (SSO) across multiple client systems when accessing a plurality of protected resources, wherein said plurality of protected resources are accessible only to users authenticated by an authentication server, said method being performed in said authentication server, said method comprising:
-
maintaining a registration data indicating which ones of a plurality of client systems are registered for which ones of a plurality of users for accessing said plurality of protected resources, wherein said registration data at a first time instance indicates that a first set of client systems is registered for a first user of said plurality of users, said first set of client systems being contained in said plurality of client systems, said registration data indicating that said first set of client systems includes a second client system; receiving, from a first client system, a first request from said first user to access a first protected resource of said plurality of protected resources, said first client system being contained in said plurality of client systems, wherein said first request is sent at a second time instance following said first time instance; authenticating said first user upon receipt of said first request and maintaining a single sign on (SSO) session in a session duration in which said first user is permitted to access said plurality of protected resources based on said authenticating; allowing access to said first protected resource from said first client system after said authentication of said first user; receiving, from said second client system, a second request to access a second protected resource of said plurality of protected resource; determining whether said second client system is included in said first set of client systems registered for said first user based on said registration data; and allowing access to said second protected resource from said second client system based on said authentication of said first user with respect to accessing of said first protected resource if said second request is received in said session duration and said determining determines that said second client system is included in said first set of client systems, wherein said first user is not required to perform authentication again to access said plurality of protected resources from different client systems, including said second client system, based on said authentication performed from said first client system in said session duration. - View Dependent Claims (8, 9, 10)
-
-
11. A non-transitory machine readable medium storing one or more sequences of instructions for causing an authentication server to facilitate single sign-on (SSO) across multiple client systems when accessing protected resources, wherein each protected resource is accessible only to users authenticated by said authentication server, wherein execution of said one or more sequences of instructions by one or more processors contained in said authentication server causes said authentication server to perform the actions of:
-
maintaining a registration data indicating a respective set of client systems registered for each user across which single sign-on (SSO) is to be facilitated, wherein said registration data at a first time instance indicates that a first set of client systems is registered for a first user, said registration data indicating that said first set of client systems includes a second client system; receiving, from a first client system, a first request from said first user to access a first protected resource, wherein said first request is sent at a second time instance following said first time instance; authenticating said first user at said first client system based on an authentication information received from said first client system; maintaining a single sign on (SSO) session in a session duration in which said user is permitted to access said protected resources based on said authenticating; allowing access to said first protected resource from said first client system after said authenticating of said first user in said session duration; receiving, from said second client system, a second request from said first user to access a second protected resource; determining whether said second client system is included in said first set of client systems registered for said first user based on said registration data; and allowing access to said second protected resource from said second client system based on said authenticating of said first user at said first client system if said second request is received in said session duration and said determining determines that said second client system is included in said first set of client systems, wherein said first user is enabled to access the protected resources from different client systems, without said first user having to authenticate again, in view of said authentication information provided from said first client system in said session duration. - View Dependent Claims (12, 13, 14, 15, 16)
-
Specification