Single sign-on method for appliance secure shell
First Claim
1. An authentication system comprising:
- a third-party identity provider (IDP) configured to authenticate a plurality of users through a series of one or more Hypertext Transfer Protocol (HTTP) redirections;
a storage device hosting an application; and
a client device configured to;
send a first request to establish a secure HTTP session with the storage device in order to access the application; and
send a second request different from the first request to establish a secure shell (SSH) session, wherein the second request comprises at least an access token generated during establishing of the secure HTTP session using the third-party IDP, wherein the access token is to be used for both verifying subsequent accesses of the application from the client device via the secure HTTP session and establishing the SSH session; and
wherein in response to receiving the second request, the storage device is configured to authorize the client device to establish the SSH session although the second request lacks a password, in further response to verifying the access token corresponds to the previously established secure HTTP session.
7 Assignments
0 Petitions
Accused Products
Abstract
A system and method for efficiently establishing a secure shell connection for accessing Web resources. A user attempts to establish a secure Hypertext Transfer Protocol (HTTP) session between a client computing device and a remote storage device. The storage device redirects the Web browser of the client computing device to a single sign-on (SSO) third-party identity provider for authorizing the user. After successful authorization, the client computing device receives information to use to maintain a secure HTTP session. This information is stored on the storage device. The user attempts to establish a text-based secure shell session. The user is not prompted for login credentials. However, the user is authenticated using the previously stored information and a text-based secure shell session is established.
-
Citations
20 Claims
-
1. An authentication system comprising:
-
a third-party identity provider (IDP) configured to authenticate a plurality of users through a series of one or more Hypertext Transfer Protocol (HTTP) redirections; a storage device hosting an application; and a client device configured to; send a first request to establish a secure HTTP session with the storage device in order to access the application; and send a second request different from the first request to establish a secure shell (SSH) session, wherein the second request comprises at least an access token generated during establishing of the secure HTTP session using the third-party IDP, wherein the access token is to be used for both verifying subsequent accesses of the application from the client device via the secure HTTP session and establishing the SSH session; and wherein in response to receiving the second request, the storage device is configured to authorize the client device to establish the SSH session although the second request lacks a password, in further response to verifying the access token corresponds to the previously established secure HTTP session. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for executing on a processor, the method comprising:
-
authenticating with a third-party identity provider (IDP) a plurality of users through a series of one or more Hypertext Transfer Protocol (HTTP) redirections; hosting an application on a storage device; sending a first request from a client device to establish a secure HTTP session with the storage device in order to access the application; sending a second request different from the first request from the client device to the storage device to establish a secure shell (SSH) session, wherein the second request comprises at least an access token generated during establishing of the secure HTTP session using the third-party IDP, wherein the access token is to be used for both verifying subsequent accesses of the application from the client device via the secure HTTP session and establishing the SSH session; and authorizing the client device to establish the SSH session although the second request lacks a password, in response to verifying the access token corresponds to the previously established secure HTTP session. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A storage device comprising:
-
a processor; and a memory configured to; store an application; and store program instructions executable by the processor to; send requests to a third-party identity provider (IDP) configured to authenticate a plurality of users through a series of one or more Hypertext Transfer Protocol (HTTP) redirections; receive a given request from a client device to establish a secure shell (SSH) session, wherein the given request comprises at least an access token generated during establishing of a secure HTTP session for the client device using the third-party IDP, wherein the access token is to be used for both verifying subsequent accesses of the application from the client device via the secure HTTP session and establishing the SSH session; and authorize the client device to establish the SSH session although the given request lacks a password, in further response to verifying the access token corresponds to the previously established secure HTTP session. - View Dependent Claims (18, 19, 20)
-
Specification