×

Single sign-on between multiple data centers

  • US 9,887,981 B2
  • Filed: 01/25/2016
  • Issued: 02/06/2018
  • Est. Priority Date: 09/20/2013
  • Status: Active Grant
First Claim
Patent Images

1. A method comprising:

  • generating, by a first computer system managing access at a first data center, an authentication cookie associated with a user, wherein the authentication cookie is generated using a first session object for a first session established at the first data center, the first session established based on upon successful authentication of the user at the first data center for access to a first resource at a client device, wherein the first session object is stored at the first data center, and wherein the authentication cookie includes an identifier that identifies the first data center;

    sending the generated authentication cookie to the client device associated with the user to provide the access to the first resource;

    based on no active session for the user at a second data center and responsive to a request, by the user at the client device, to the second data center for access to a second resource at the client device, the request including the generated authentication cookie having the identifier of the first data center as having a session;

    receiving, by the first computer system, from a second computer system managing access at the second data center, a retrieval request having the identifier of the first data center obtained from the generated authentication cookie provided in the request to the second data center, wherein the retrieval request is a message requesting session information for the first session established for the user at the first data center;

    responsive to the retrieval request, determining, based on the first session object, whether the first session for the user is active at the first data center;

    based on determining that the first session for the user is active at the first data center, transmitting, by the first computer system, to the second computer system of a second data center, session data indicated by the first session object, wherein a second session object is generated for a second session enabling access to the second resource by the second computer system for the second data center using the session data, and wherein the second session object is generated for authentication of the user at the second data center; and

    based on receiving an indication that the second session object at the second data center has been generated for the second session using the session data, terminating, by the first computer system, the first session associated with the user at the first data center based on receiving the indication that the second session object at the second data center has been generated.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×