System and method for enforcing access control to publicly-accessible web applications
First Claim
1. A method for enforcing access control to a web application, the method comprising:
- generating, by a user account registration module, a computationally-secure pseudo-random password;
associating, by the user account registration module, the generated computationally-secure pseudo-random password with an application username of a web client;
storing, in a user account credential store module, the generated computationally-secure pseudo-random password and the associated application username;
requesting, via a web proxy connected to the web client, access to a protected page offered by the web application;
determining, by the web proxy, whether the web client has previously been authenticated to the web proxy;
responsive to a determination that the web client has previously been authenticated, intercepting, by the web proxy, a login page from the web application;
retrieving, by the web proxy, the stored generated computationally-secure pseudo-random password and the associated application username from the user account credential store module;
inserting, by the web proxy on behalf of the web client, the retrieved stored generated computationally-secure pseudo-random password and the associated application username into the login page;
wherein the retrieving and inserting is performed by the web proxy that is directly connected to the web client without the need for re-authentication of the web client with the web proxy;
wherein the web proxy is configured to read an organization'"'"'s security policy settings from a proxy configuration module to determine credentials required to authenticate the web client and redirect the user to the login page for authentication according to an organization'"'"'s security policy; and
forwarding, by the web proxy, the login page with the inserted computationally-secure pseudo-random password and the associated application username to the web application to complete an authentication process with the web application to allow the web client to access the protected page offered by the web application.
23 Assignments
0 Petitions
Accused Products
Abstract
A method for enforcing access control to a web application. The method includes generating a computationally-secure pseudo-random password, associating the generated computationally-secure pseudo-random password with an application username of at least one web client, and storing, in a user account credential store module, the generated computationally-secure pseudo-random password and the associated application username. The method also includes requesting, via a web proxy connected to the at least one web client, access to a protected page offered by the web application, intercepting, by the web proxy, a login page from the web application, and inserting, by the web proxy on behalf of the at least one web client, the stored generated computationally-secure pseudo-random password and the associated application username into the login page. The method also includes forwarding the login page with the inserted computationally-secure pseudo-random password and the associated application username to the web application to complete, by the web proxy, an authentication process with the web application to allow the at least one web client to access the protected page offered by the web application.
-
Citations
19 Claims
-
1. A method for enforcing access control to a web application, the method comprising:
-
generating, by a user account registration module, a computationally-secure pseudo-random password; associating, by the user account registration module, the generated computationally-secure pseudo-random password with an application username of a web client; storing, in a user account credential store module, the generated computationally-secure pseudo-random password and the associated application username; requesting, via a web proxy connected to the web client, access to a protected page offered by the web application; determining, by the web proxy, whether the web client has previously been authenticated to the web proxy; responsive to a determination that the web client has previously been authenticated, intercepting, by the web proxy, a login page from the web application; retrieving, by the web proxy, the stored generated computationally-secure pseudo-random password and the associated application username from the user account credential store module; inserting, by the web proxy on behalf of the web client, the retrieved stored generated computationally-secure pseudo-random password and the associated application username into the login page; wherein the retrieving and inserting is performed by the web proxy that is directly connected to the web client without the need for re-authentication of the web client with the web proxy; wherein the web proxy is configured to read an organization'"'"'s security policy settings from a proxy configuration module to determine credentials required to authenticate the web client and redirect the user to the login page for authentication according to an organization'"'"'s security policy; and forwarding, by the web proxy, the login page with the inserted computationally-secure pseudo-random password and the associated application username to the web application to complete an authentication process with the web application to allow the web client to access the protected page offered by the web application. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system comprising:
-
a web proxy computer server interoperably connected to at least one of a web application, a proxy configuration module, a user directory, a user account credential store module, and a user account registration server computer; a web client comprising a processor and interoperably coupled to the web proxy computer server, wherein the web client communicates with the web application via the web proxy computer server; wherein the user account registration server computer is configured to generate a computationally-secure pseudorandom password and associate the generated computationally-secure pseudo-random password with an application username of the web client; wherein the web proxy computer server is configured to request access to a protected page offered by the web application, determine whether the web client has previously been authenticated to the web proxy computer server and response to a determination that the web client has previously been authenticated, intercept a login page from the web application, retrieve the computationally-secure pseudo-random password and the associated application username from the user account credential store module, insert the generated computationally-secure pseudo-random password and the associated application username into the login page, and forward the login page with the inserted computationally-secure pseudo-random password and the associated application username to the web application to complete an authentication process with the web application to allow the web client to access the protected page offered by the web application; wherein the retrieval and insertion is performed by the web proxy computer server that is directly connected to the web client without the need for re-authentication of the web client with the web proxy computer server; and wherein the web proxy computer server is configured to read an organization'"'"'s security policy settings from a proxy configuration module to determine credentials required to authenticate the web client and redirect the user to the login page for authentication according to an organization'"'"'s security policy. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
-
19. A computer-program product comprising a non-transitory computer-usable medium having computer-readable program code embodied therein, the computer-readable program code adapted to be executed to implement a method for enforcing access control to a web application, the method comprising:
-
generating, by a user account registration module, a computationally-secure pseudo-random password; associating, by the user account registration module, the generated computationally-secure pseudo-random password with an application username of a web client; storing, in a user account credential store module, the generated computationally-secure pseudo-random password and the associated application username; requesting, via a web proxy connected to the web client, access to a protected page offered by the web application; determining, by the web proxy, whether the web client has previously been authenticated to the web proxy; responsive to a determination that the web client has previously been authenticated, intercepting, by the web proxy, a login page from the web application without re-authentication with the web proxy; retrieving, by the web proxy, the stored generated computationally-secure pseudo-random password and the associated application username from the user account credential store module; inserting, by the web proxy on behalf of the web client, the retrieved stored generated computationally-secure pseudo-random password and the associated application username into the login page; wherein the retrieving and inserting is performed by the web proxy that is directly connected to the web client without the need for re-authentication of the web client with the web proxy; wherein the web proxy is configured to read an organization'"'"'s security policy settings from a proxy configuration module to determine credentials required to authenticate the web client and redirect the user to the login page for authentication according to an organization'"'"'s security policy; and forwarding, by the web proxy, the login page with the inserted computationally-secure pseudo-random password and the associated application username to the web application to complete an authentication process with the web application to allow the web client to access the protected page offered by the web application.
-
Specification