Systems and methods for logging out of cloud-based applications managed by single sign-on services

US 9,699,171 B1
Filed: 06/23/2014
Issued: 07/04/2017
Est. Priority Date: 06/23/2014
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for logging out of cloud-based applications managed by single sign-on services, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:

identifying, by a client agent running on a computing device of a user, an attempt, initiated by the user on the computing device and performed by a single sign-on service, to log the user out of a set of cloud-based applications managed by the single sign-on service and not managed by the client agent, at least a portion of the set of cloud-based applications being hosted in a separate domain than the client agent;

in response to identifying the attempt to log the user out of the set of cloud-based applications, tracking, by a script implemented by the client agent that is capable of monitoring cross-domain communications from the domain in which the portion of the set of cloud-based applications are hosted, a logout status of each application within the set of cloud-based applications by, for each application;

identifying a logout request sent by the single sign-on service to the application via a protocol limited by cross-domain restrictions; and

determining whether the application has sent a logout response via the protocol limited by cross-domain restrictions to the single sign-on service that verifies that the user has been successfully logged out of the application; and

determining that the user is still logged into at least one application managed by the single sign-on service by determining that the application did not send a logout response to the single sign-on service that verifies that the user has been successfully logged out of the application.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The disclosed computer-implemented method for logging out of cloud-based applications managed by single sign-on services may include (1) identifying an attempt by a single sign-on service to log a user out of a set of cloud-based applications, (2) in response to identifying the attempt to log the user out of the set of applications, tracking a logout status of each application within the set of cloud-based applications by, for each application (a) identifying a logout request sent by the single sign-on service to the application and (b) determining whether the application has sent a logout response to the single sign-on service that verifies that the user has been successfully logged out of the application, and (3) determining that the user is still logged into at least one application managed by the single sign-on service by determining that the application did not send a logout response to the single sign-on service.

11 Citations

View as Search Results

20 Claims

1. A computer-implemented method for logging out of cloud-based applications managed by single sign-on services, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
- identifying, by a client agent running on a computing device of a user, an attempt, initiated by the user on the computing device and performed by a single sign-on service, to log the user out of a set of cloud-based applications managed by the single sign-on service and not managed by the client agent, at least a portion of the set of cloud-based applications being hosted in a separate domain than the client agent;
  
  in response to identifying the attempt to log the user out of the set of cloud-based applications, tracking, by a script implemented by the client agent that is capable of monitoring cross-domain communications from the domain in which the portion of the set of cloud-based applications are hosted, a logout status of each application within the set of cloud-based applications by, for each application;
  
  identifying a logout request sent by the single sign-on service to the application via a protocol limited by cross-domain restrictions; and
  
  determining whether the application has sent a logout response via the protocol limited by cross-domain restrictions to the single sign-on service that verifies that the user has been successfully logged out of the application; and
  
  determining that the user is still logged into at least one application managed by the single sign-on service by determining that the application did not send a logout response to the single sign-on service that verifies that the user has been successfully logged out of the application.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein determining that the application did not send the logout response to the single sign-on service comprises determining that the application did not send the logout response within a predetermined amount of time.
  - 3. The method of claim 1, wherein determining that the application did not send the logout response to the single sign-on service comprises determining that the application was unresponsive at a time the single sign-on service sent the logout request.
  - 4. The method of claim 1, wherein tracking the logout status of each application further comprises:
    - presenting to the user, via a graphical user interface, a number of applications that the single sign-on service is attempting to log the user out of; and
      
      presenting to the user, via the graphical user interface, the number of applications that the user has been successfully logged out of.
  - 5. The method of claim 4, wherein presenting to the user the number of applications that the user has been successfully logged out of comprises dynamically updating the number of applications that the user has been successfully logged out of as each logout response is received by the single sign-on service.
  - 6. The method of claim 1, further comprising, in response to determining that the user is still logged into the application:
    - notifying the user that the user is still logged into the application; and
      
      prompting the user to log out of the application.
  - 7. The method of claim 6, wherein prompting the user to log out of the application comprises at least one of:
    - prompting the user to log out of the application directly instead of logging out of the single sign-on service; and
      
      prompting the user to close an open browser window rendering the application.
  - 8. The method of claim 6, further comprising:
    - determining that the user has been successfully logged out of the application; and
      
      in response to determining that the user has been successfully logged out of the application, notifying the user that the user has been successfully logged out of each of the set of cloud-based applications managed by the single sign-on service.

9. A system for logging out of cloud-based applications managed by single sign-on services, the system comprising:
- an identification module, stored in memory, that identifies, by a client agent running on a computing device of a user, an attempt, initiated by the user on the computing device and performed by a single sign-on service, to log the user out of a set of cloud-based applications managed by the single sign-on service and not managed by the client agent, at least a portion of the set of cloud-based applications being hosted in a separate domain than the client agent;
  
  a tracking module, stored in memory, that in response to identifying the attempt to log the user out of the set of cloud-based applications, tracks, by a script implemented by the client agent that is capable of monitoring cross-domain communications from the domain in which the portion of the set of cloud-based applications are hosted, a logout status of each application within the set of cloud-based applications by, for each application;
  
  identifying a logout request sent by the single sign-on service to the application via a protocol limited by cross-domain restrictions; and
  
  determining whether the application has sent a logout response via the protocol limited by cross-domain restrictions to the single sign-on service that verifies that the user has been successfully logged out of the application;
  
  a determination module, stored in memory, that determines that the user is still logged into at least one application managed by the single sign-on service by determining that the application did not send a logout response to the single sign-on service that verifies that the user has been successfully logged out of the application; and
  
  at least one processor that executes the identification module, the tracking module, and the determination module.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The system of claim 9, wherein the determination module determines that the application did not send the logout response to the single sign-on service by determining that the application did not send the logout response within a predetermined amount of time.
  - 11. The system of claim 9, wherein the determination module determines that the application did not send the logout response to the single sign-on service by determining that the application was unresponsive at a time the single sign-on service sent the logout request.
  - 12. The system of claim 9, wherein a presentation module further tracks the logout status of each application by:
    - presenting to the user, via a graphical user interface, a number of applications that the single sign-on service is attempting to log the user out of; and
      
      presenting to the user, via the graphical user interface, the number of applications that the user has been successfully logged out of.
  - 13. The system of claim 12, wherein the presentation module presents to the user the number of applications that the user has been successfully logged out of by dynamically updating the number of applications that the user has been successfully logged out of as each logout response is received by the single sign-on service.
  - 14. The system of claim 9, wherein, in response to determining that the user is still logged into the application:
    - a presentation module notifies the user that the user is still logged into the application; and
      
      the presentation module prompts the user to log out of the application.
  - 15. The system of claim 14, wherein the presentation module prompts the user to log out of the application by at least one of:
    - prompting the user to log out of the application directly instead of logging out of the single sign-on service; and
      
      prompting the user to close an open browser window rendering the application.
  - 16. The system of claim 15, wherein:
    - the determination module determines that the user has been successfully logged out of the application; and
      
      in response to determining that the user has been successfully logged out of the application, the presentation module notifies the user that the user has been successfully logged out of each of the set of cloud-based applications managed by the single sign-on service.

17. A non-transitory computer-readable medium comprising one or more computer-executable instructions that, when executed by at least one processor of a computing device, cause the computing device to:
- identify, by a client agent running on a computing device of a user, an attempt, initiated by the user on the computing device and performed by a single sign-on service, to log the user out of a set of cloud-based applications managed by the single sign-on service and not managed by the client agent, at least a portion of the set of cloud-based applications being hosted in a separate domain than the client agent;
  
  in response to identifying the attempt to log the user out of the set of cloud-based applications, track, by a script implemented by the client agent that is capable of monitoring cross-domain communications from the domain in which the portion of the set of cloud-based applications are hosted, a logout status of each application within the set of cloud-based applications by, for each application;
  
  identifying a logout request sent by the single sign-on service to the application via a protocol limited by cross-domain restrictions; and
  
  determining whether the application has sent a logout response via the protocol limited by cross-domain restrictions to the single sign-on service that verifies that the user has been successfully logged out of the application; and
  
  determine that the user is still logged into at least one application managed by the single sign-on service by determining that the application did not send a logout response to the single sign-on service that verifies that the user has been successfully logged out of the application.
- View Dependent Claims (18, 19, 20)
- - 18. The computer-readable medium of claim 17, wherein the computer-executable instructions cause the computing device to track the logout status of each application by:
    - presenting to the user, via a graphical user interface, a number of applications that the single sign-on service is attempting to log the user out of; and
      
      presenting to the user, via the graphical user interface, the number of applications that the user has been successfully logged out of.
  - 19. The computer-readable medium of claim 17, wherein the computer-executable instructions cause the computing device to, in response to determining that the user is still logged into the application:
    - notify the user that the user is still logged into the application; and
      
      prompt the user to log out of the application.
  - 20. The computer-readable medium of claim 17, wherein the computer-executable instructions cause the computing device to:
    - determine that the user has been successfully logged out of the application; and
      
      in response to determining that the user has been successfully logged out of the application, notify the user that the user has been successfully logged out of each of the set of cloud-based applications managed by the single sign-on service.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Gen Digital Inc.
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Sokolov, Ilya, Newstadt, Keith
Primary Examiner(s)
Lanier, Benjamin

Application Number

US14/312,675
Time in Patent Office

1,107 Days
Field of Search

726 8
US Class Current
CPC Class Codes

G06F 21/41   where a single sign-on prov...

G06F 21/50   Monitoring users, programs ...

H04L 63/0815   providing single-sign-on or...

Systems and methods for logging out of cloud-based applications managed by single sign-on services

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

11 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for logging out of cloud-based applications managed by single sign-on services

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

11 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links