Single sign on for native and wrapped web resources on mobile devices
First Claim
1. A method of operating a mobile device, the method comprising:
- performing operations as follows on a processor of the mobile device;
associating, by the processor of the mobile device, a single sign on module with a native application residing on the mobile device;
detecting, by the processor of the mobile device using the single sign on module, user invocation of the native application, the native application to request access to a resource from a service provider server;
determining, by the processor of the mobile device using the single sign on module, whether the mobile device has a token stored thereon that indicates the user has been previously authenticated with an identity provider server;
requesting, by the processor of the mobile device using the single sign on module, identity credentials from the user when the token is determined not to be stored on the mobile device;
receiving, at the processor of the mobile device using the single sign on module, the identity credentials from the user;
sending, by the processor of the mobile device using the single sign on module, the identity credentials to the identity provider server;
receiving, at the processor of the mobile device using the single sign on module, a plurality of tokens including the token from the identity provider server;
sending, by the processor of the mobile device using the single sign on module, the token to the identity provider server to request an identity assertion;
receiving, at the processor of the mobile device using the single sign on module, the identity assertion for the user from the identity provider server responsive to sending the token to the identity provider server to request the identity assertion; and
providing, by the processor of the mobile device using the single sign on module, the identity assertion to the native application;
sending, by the processor of the mobile device using the native application, a request to access the resource to the service provider server, the request to access the resource comprising the identity assertion; and
providing, by the processor of the mobile device using the native application, access to the resource to the service provider server based on the identity assertion after sending the request;
wherein the service provider server is independent of the identity provider server.
1 Assignment
0 Petitions
Accused Products
Abstract
A method includes performing operations as follows on a processor: associating a single sign on module with a native application residing on a mobile device, detecting, using the single sign on module, user invocation of the native application, the native application to request access to a resource from a service provider server, determining, using the single sign on module, whether the mobile device has a token stored thereon that indicates the user has been previously authenticated with an identity provider server, sending, using the single sign on module, the token to the identity provider server when the token is determined to be stored on the mobile device, receiving, at the single sign on module, an identity assertion for the user from the identity provider server responsive to sending the token to the identity provider server, and providing, using the single sign on module, the identity assertion to the native application. The service provider server is independent of the identity provider server.
15 Citations
17 Claims
-
1. A method of operating a mobile device, the method comprising:
-
performing operations as follows on a processor of the mobile device; associating, by the processor of the mobile device, a single sign on module with a native application residing on the mobile device; detecting, by the processor of the mobile device using the single sign on module, user invocation of the native application, the native application to request access to a resource from a service provider server; determining, by the processor of the mobile device using the single sign on module, whether the mobile device has a token stored thereon that indicates the user has been previously authenticated with an identity provider server; requesting, by the processor of the mobile device using the single sign on module, identity credentials from the user when the token is determined not to be stored on the mobile device; receiving, at the processor of the mobile device using the single sign on module, the identity credentials from the user; sending, by the processor of the mobile device using the single sign on module, the identity credentials to the identity provider server; receiving, at the processor of the mobile device using the single sign on module, a plurality of tokens including the token from the identity provider server; sending, by the processor of the mobile device using the single sign on module, the token to the identity provider server to request an identity assertion; receiving, at the processor of the mobile device using the single sign on module, the identity assertion for the user from the identity provider server responsive to sending the token to the identity provider server to request the identity assertion; and providing, by the processor of the mobile device using the single sign on module, the identity assertion to the native application; sending, by the processor of the mobile device using the native application, a request to access the resource to the service provider server, the request to access the resource comprising the identity assertion; and providing, by the processor of the mobile device using the native application, access to the resource to the service provider server based on the identity assertion after sending the request; wherein the service provider server is independent of the identity provider server. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method of operating a mobile device, the method comprising:
-
performing operations as follows on a processor of the mobile device; associating, by the processor of the mobile device, a single sign on module with a browser residing on a mobile device; detecting, by the processor of the mobile device using the single sign on module, user invocation of a Web resource provided by a service provider server using the browser; determining, by the processor of the mobile device using the single sign on module, whether the mobile device has the token stored thereon responsive to user invocation of the browser; requesting, by the processor of the mobile device using the single sign on module, identity credentials from the user when the token is determined not to be stored on the mobile device; receiving, at the processor of the mobile device using the single sign on module, the identity credentials from the user; sending, by the processor of the mobile device using the single sign on module, the identity credentials to the identity provider server; receiving, at the processor of the mobile device using the single sign on module, a plurality of tokens including the token from the identity provider server; sending, by the processor of the mobile device using the single sign on module, the token to an identity provider server to request an identity assertion, the token indicating that the user has been previously authenticated with the identity provider server; receiving, at the processor of the mobile device using the single sign on module, the identity assertion for the user from the identity provider server responsive to sending the token to the identity provider server to request the identity assertion; and providing, by the processor of the mobile device using the single sign on module, the identity assertion to the browser; sending, by the processor of the mobile device using the browser, a request to access the Web resource to the service provider server, the request to access the resource comprising the identity assertion; and providing, by the processor of the mobile device using the native application, access to the resource to the service provider server based on the identity assertion after sending the request; wherein the service provider server is independent of the identity provider server. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A computer program product, comprising:
-
a non-transitory computer readable storage medium comprising computer readable program code embodied in the medium that when executed by a processor of a mobile device causes the processor of the mobile device to perform operations comprising; associating, by the processor of the mobile device, a single sign on module with a native application residing on the mobile device; detecting, by the processor of the mobile device using the single sign on module, user invocation of the native application, the native application to request access to a resource from a service provider server; determining, by the processor of the mobile device using the single sign on module, whether the mobile device has a token stored thereon that indicates the user has been previously authenticated with an identity provider server; requesting, by the processor of the mobile device using the single sign on module, identity credentials from the user when the token is determined not to be stored on the mobile device; receiving, at the processor of the mobile device using the single sign on module, the identity credentials from the user; sending, by the processor of the mobile device using the single sign on module, the identity credentials to the identity provider server; receiving, at the processor of the mobile device using the single sign on module, a plurality of tokens including the token from the identity provider server; sending, by the processor of the mobile device using the single sign on module, the token to the identity provider server to request an identity assertion; receiving, at the processor of the mobile device using the single sign on module, the identity assertion for the user from the identity provider server responsive to sending the token to the identity provider server to request the identity assertion; providing, by the processor of the mobile device using the single sign on module, the identity assertion to the native application; sending, by the processor of the mobile device using the native application, a request to access the resource to the service provider server, the request to access the resource comprising the identity assertion; and providing, by the processor of the mobile device using the native application, access to the resource to the service provider server based on the identity assertion after sending the request; wherein the service provider server is independent of the identity provider server. - View Dependent Claims (14, 15, 16, 17)
-
Specification