Systems and methods for logging into an application on a second domain from a first domain in a multi-tenant database system environment

US 9,426,142 B2
Filed: 12/30/2010
Issued: 08/23/2016
Est. Priority Date: 06/07/2010
Status: Active Grant

First Claim

Patent Images

1. A method for logging into an application across separate domains, comprising:

sending, by an administrative device, a request by an administrative user to log in to a server associated with a first domain in a database system environment;

receiving, by the administrative device, a session identification allowing the administrative user to log into the server associated with the first domain in the database system environment;

sending, by the administrative device, a substitute user request to the server associated with the first domain in the database system environment, the substitute user request including a request for the administrative user of the administrative device to become associated with another user'"'"'s profile on a second domain in the database system environment, wherein the other user'"'"'s profile on the second domain is a non-administrative user on the second domain;

receiving, by the administrative device, prepared data allowing the user of the administrative device to directly login to an application of the database system environment on the second domain as if the administrative user was the non-administrative user, the prepared data including an encrypted version of the IP address of the administrative device;

sending, by the administrative device, the prepared data to a second server associated with the second domain with an IP address of the administrative device;

receiving, from the second server, a session ID allowing the user of the administrative device to directly login to the application on the second domain as the non-administrative user when the second server determines that the encrypted version of the IP address of the administrative device included within the prepared data matches the IP address sent with the prepared data;

sending, by the administrative device, a request to log out of the application to the second server, the second server clearing the session ID upon receipt of the request to log out of the application; and

receiving, by the administrative device from the second server, a previous session identification to the user of the first domain redirecting the user of the first domain back to the first domain.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for logging into an application across separate domains in a multi-tenant database environment is provided. The method may include receiving, by a server associated with a first domain, a substitute user request from a user of the first domain, the substitute user request including a request for the user of the first domain to become a user on a second domain, posting, to a server associated with the second domain, the substitute user request, and posting, by the server associated with the second domain, a new session identification allowing the user of the first domain to login to an application on the second domain.

Citations

12 Claims

1. A method for logging into an application across separate domains, comprising:
- sending, by an administrative device, a request by an administrative user to log in to a server associated with a first domain in a database system environment;
  
  receiving, by the administrative device, a session identification allowing the administrative user to log into the server associated with the first domain in the database system environment;
  
  sending, by the administrative device, a substitute user request to the server associated with the first domain in the database system environment, the substitute user request including a request for the administrative user of the administrative device to become associated with another user'"'"'s profile on a second domain in the database system environment, wherein the other user'"'"'s profile on the second domain is a non-administrative user on the second domain;
  
  receiving, by the administrative device, prepared data allowing the user of the administrative device to directly login to an application of the database system environment on the second domain as if the administrative user was the non-administrative user, the prepared data including an encrypted version of the IP address of the administrative device;
  
  sending, by the administrative device, the prepared data to a second server associated with the second domain with an IP address of the administrative device;
  
  receiving, from the second server, a session ID allowing the user of the administrative device to directly login to the application on the second domain as the non-administrative user when the second server determines that the encrypted version of the IP address of the administrative device included within the prepared data matches the IP address sent with the prepared data;
  
  sending, by the administrative device, a request to log out of the application to the second server, the second server clearing the session ID upon receipt of the request to log out of the application; and
  
  receiving, by the administrative device from the second server, a previous session identification to the user of the first domain redirecting the user of the first domain back to the first domain.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1, wherein prepared data further includes an encrypted session identification and an encrypted target user identification, the target user identification corresponding to a user of the second domain.
  - 3. The method of claim 1, further comprising:
    - sending, by the administrative device, a request to log out of the application on the second domain; and
      
      receiving, by the administrative device, a new session identification allowing the user to return to the first domain.

4. A system for logging into an application across separate domains in database system environment, comprising:
- a first server having a first processor and a first memory, associated with a first domain; and
  
  a second server having a second processor and a second memory, associated with a second domain, the second server hosting an application on the second domain,wherein the first server is configured to;
  
  receive a substitute user request from an administrative device associated with a administrative user of the first domain, the substitute user request including a request for the administrative user of the first domain to become associated with another user'"'"'s profile on a second domain;
  
  prepare data allowing the administrative user of the first domain to login to the application on the second domain as if the administrative user is the user associated with the other user'"'"'s profile, the prepared data including an encrypted version of the IP address of the administrative device;
  
  send the prepared data to the administrative device associated with the administrative user of the first domain; and
  
  redirect the administrative device to a second server associated with the second domain allowing the administrative device associated with the administrative user of the first domain to post the prepared data along with the IP address of the administrative device to the second domain and allowing the administrative user to access the second domain as if the administrative user is the user associated with the other user'"'"'s profile when the second server determines that the encrypted version of the IP address of the administrative device included within the prepared data matches the IP address posted with the prepared data;
  
  wherein second server is further configured to;
  
  receive the prepared data from the user of the first domain;
  
  validate the received prepared data;
  
  send, if the prepared date is validated, a new session identification to the user of the first domain allowing the user of the first domain to login to the application on the second domain;
  
  receive a request to log out of the application from a user of the first domain;
  
  clear the new session ID identification upon receiving the request to log out of the application; and
  
  send, after receiving the request to log out of the application, a previous session identification to the user of the first domain redirecting the user of the first domain back to the first domain.
- View Dependent Claims (5, 6, 7, 8)
- - 5. The system of claim 4, wherein the first server and the second server each include a servlet to manage the substitute user request.
  - 6. The system of claim 4, wherein the prepared data further includes an encrypted session identification of the user of the first domain and a target user identification.
  - 7. The system of claim 4, wherein session identification is sent using a HTTP put instruction.
  - 8. The system of claim 4, wherein the new session identification limits the user of the first domain from modifying application data on the second domain.

9. A method for logging into a second domain of a database system from a first domain of the database system, comprising:
- receiving, by a server associated with the first domain of the database system, a request from an administrative user of a first device to log onto the second domain as if the administrative user was associated with another user'"'"'s profile on the second domain;
  
  preparing, by the server associated with the first domain of the database system, data allowing the administrative user of the first device to login to an application of the second domain of the database system as if the administrative user was associated with the other user'"'"'s profile on the second domain the prepared data including an encrypted version of the IP address of the first device; and
  
  sending, by the server associated with the first domain in the database system, the prepared data to the first device associated with the administrative user of the first domain in the database system and redirecting the administrative device to a second server associated with the second domain in the database system to thereby allow the administrative user of the first domain to post the prepared data along with the IP address of the first device to the second domain and allowing the administrative user to access the second domain as if the administrative user was associated with another user'"'"'s profile on the second domain when the second server determines that the encrypted version of the IP address of the administrative device included within the prepared data matches the IP address sent with the prepared data;
  
  receiving, by a server associated with the second domain, the prepared data from the user of the first domain;
  
  validating, by a server associated with the second domain, the received prepared data; and
  
  sending, by a server associated with the second domain, a new session identification, if the prepared date is validated, to the user of the first domain allowing the user of the first domain to login to the application on the second domain;
  
  sending, by the administrative device, a request to log out of the application of the second domain to the second server, the second server clearing the new session identification upon receipt of the request to log out of the application; and
  
  receiving, by the administrative device from the second server, a previous session identification to the user of the first domain redirecting the user of the first domain back to the first domain.
- View Dependent Claims (10, 11, 12)
- - 10. The method of claim 9, wherein the new session identification is sent using a HTTP put instruction.
  - 11. The method of claim 9, wherein the first domain is an administrative domain.
  - 12. The method of claim 9, wherein the new session identification limits the user of the first domain from modifying data on the second domain.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Salesforce.com, Inc.
Original Assignee
Salesforce.com, Inc.
Inventors
Sureshchandra, Jayesh, Luh, Addison
Primary Examiner(s)
LEUNG, ROBERT B

Application Number

US12/981,833
Publication Number

US 20110302631A1
Time in Patent Office

2,063 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 16/28   Databases characterised by ...

G06F 21/34   involving the use of extern...

G06F 21/41   where a single sign-on prov...

G06F 21/6227   where protection concerns t...

H04L 63/0815   providing single-sign-on or...

Systems and methods for logging into an application on a second domain from a first domain in a multi-tenant database system environment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for logging into an application on a second domain from a first domain in a multi-tenant database system environment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links