Session activity tracking for session adoption across multiple data centers
First Claim
1. A method comprising:
- establishing a first session for a user at a first computing system, wherein the first session is established based on authentication of the user;
receiving, by the first computing system, from a second computing system, a session adoption request for the first computing system to adopt a second session for the first session, wherein the second session provides the user with access to a resource managed by the second computing system;
storing, by the first computing system, session adoption data indicating an association between the second session and the first session for the user;
detecting that the first session has expired;
requesting, by the first computing system, based on the session adoption data, session activity data of the second session from the second computing system;
determining, based on the session activity data, that the second session has not expired; and
upon determining that the second session has not expired, providing authentication to the user for the first session.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques are disclosed for managing session activity of SSO access across multiple data centers. Session activity of SSO access is managed across multiple geographically disperse computing systems clustered together to form a multi-data center (MDC) system. A first data center in the MDC system may implement session adoption to manage an SSO session of the user in the MDC system. Information about subsequent sessions established by other data centers may be adopted by the first data center. The first data center may obtain session activity data from each session that is adopted for the user. The session activity may be used to determine whether SSO session is active for the user across data centers in the MDC system. Authorization to access a resource at any data center in the MDC system may be granted based on the status of the SSO session using session adoption among the data centers.
109 Citations
20 Claims
-
1. A method comprising:
-
establishing a first session for a user at a first computing system, wherein the first session is established based on authentication of the user; receiving, by the first computing system, from a second computing system, a session adoption request for the first computing system to adopt a second session for the first session, wherein the second session provides the user with access to a resource managed by the second computing system; storing, by the first computing system, session adoption data indicating an association between the second session and the first session for the user; detecting that the first session has expired; requesting, by the first computing system, based on the session adoption data, session activity data of the second session from the second computing system; determining, based on the session activity data, that the second session has not expired; and upon determining that the second session has not expired, providing authentication to the user for the first session. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A system comprising:
-
a first computing system and a second computing system communicatively coupled to each other; and wherein the first computing system performs operations to; establish a first session for a user at a first computing system, wherein the first session is established based on authentication of the user; receive, from a second computing system, a session adoption request for the first computing system to adopt a second session for the first session, wherein the second session provides the user with access to a resource managed by the second computing system; based upon receiving the session adoption request, send, to the second computing system, session data corresponding to the first session for the user; store session adoption data indicating an association between the second session and the first session for the user; detect that the first session has expired; request, based on the session adoption data, session activity data of the second session from the second computing system; determine, based on the session activity data, that the second session has not expired; and upon determining that the second session has not expired, provide authentication to the user for the first session; and wherein the second computing system performs operations to; receive a request for the user to access the resource managed by the second computing system; upon determining that the second session has not been established, send the session adoption request to the first computing system; receive the session data from the first computing system; establish, using the session data, the second session for the user to access the resource; and in response to the request for session activity data, send the session activity data of the second session to the first computing system. - View Dependent Claims (14, 15)
-
-
16. A non-transitory computer-readable medium storing a set of instructions that are executable by one or more processors to:
-
establish a first session for a user at a first computing system, wherein the first session is established based on authentication of the user; receive, by the first computing system, from a second computing system, a session adoption request for the first computing system to adopt a second session for the first session, wherein the second session provides the user with access to a resource managed by the second computing system; store, by the first computing system, session adoption data indicating an association between the second session and the first session for the user; detect that the first session has expired; request, by the first computing system, based on the session adoption data, session activity data of the second session from the second computing system; determine, based on the session activity data, that the second session has not expired; and upon determining that the second session has not expired, provide authentication to the user for the first session. - View Dependent Claims (17, 18, 19, 20)
-
Specification