Single sign-on authentication via browser for client application
First Claim
Patent Images
1. A method comprising:
- extending web based single sign-on authentication to a client application to allow the client application to work with web browser based applications, extending web based single sign-on authentication comprising;
initiating at the client application at a client device, said single sign-on authentication with a security device to create an out of band single sign-on based session key;
receiving at the client application, a session identifier comprising said session key and location of a web portal for said single sign-on authentication from the security device, the session identifier generated by the security device and identifying a client session with the security device;
launching a browser, by the client application, by passing the session identifier and the location of the web portal from the client application to the browser for use by the browser in said single sign-on authentication with the web portal in a single sign-on session bound to the client session by the session identifier, the browser installed at the client device and comprising a web application communicating with the security device;
performing authentication at the client device through the web portal using the browser, with direct communication between the client application and the browser;
receiving a notification at the client application that the authentication was successful; and
performing a sign-in to an authentication server through the browser.
1 Assignment
0 Petitions
Accused Products
Abstract
In one embodiment, a method includes initiating at a client application at a client device, a single sign-on authentication with a security device, receiving at the client application, a session identifier and location of a web portal for the single sign-on authentication from the security device, and passing the session identifier and location of the web portal from the client application to a browser installed at the client device, for use by the browser in performing the single sign-on authentication at the client device. An apparatus and logic are also disclosed herein.
43 Citations
17 Claims
-
1. A method comprising:
extending web based single sign-on authentication to a client application to allow the client application to work with web browser based applications, extending web based single sign-on authentication comprising; initiating at the client application at a client device, said single sign-on authentication with a security device to create an out of band single sign-on based session key; receiving at the client application, a session identifier comprising said session key and location of a web portal for said single sign-on authentication from the security device, the session identifier generated by the security device and identifying a client session with the security device; launching a browser, by the client application, by passing the session identifier and the location of the web portal from the client application to the browser for use by the browser in said single sign-on authentication with the web portal in a single sign-on session bound to the client session by the session identifier, the browser installed at the client device and comprising a web application communicating with the security device; performing authentication at the client device through the web portal using the browser, with direct communication between the client application and the browser; receiving a notification at the client application that the authentication was successful; and performing a sign-in to an authentication server through the browser. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
9. An apparatus comprising:
-
a hardware port interface for communication with a client device comprising a client application and a browser; and a processing device for; processing a request from the client application for a single sign-on authentication, receiving a web portal location, generating a client session between the apparatus and the client application to create an out of band single sign-on based session key, transmitting a client session identifier comprising said session key and the location of a web portal for said single-sign on authentication to the client application, and processing said single sign-on authentication by the processing device, with the browser using the client session identifier and the web portal location received from the browser; wherein the client session is associated with a web session used to perform said single-sign on authentication with the browser and wherein the browser comprises a web application functioning independently from the client application, the client application configured to launch the browser using security information obtained from the apparatus for use in said single sign-on authentication, and wherein direct communication between the client application and the browser allows the client application to use the browser to perform authentication; and wherein web based single sign-on is extended to the client application to allow the client application to work with web browser based applications. - View Dependent Claims (10, 11, 12, 13)
-
-
14. Logic encoded on one or more non-transitory computer readable media for execution and when executed perform the steps of:
-
extending web based single sign-on authentication to a client application to allow the client application to work with web browser based applications, extending web based single sign-on authentication by; initiating at the client application at a client device, said single sign-on authentication with a security device to create an out of band single sign-on based session key; receiving at the client application, a session identifier comprising said session key and location of a web portal for said single sign-on authentication from the security device, the session identifier generated by the security device and identifying a client session with the security device; launching a browser, by the client application, by passing the session identifier and the location of the web portal from the client application to the browser for use by the browser in said single sign-on authentication with the web portal in a single sign-on session bound to the client session by the session identifier, the browser installed at the client device and comprising a web application communicating with the security device; performing authentication at the client device through the web portal using the browser, with direct communication between the client application and the browser; receiving a notification at the client application that the authentication was successful; and performing a sign-in to an authentication server through the browser. - View Dependent Claims (15, 16, 17)
-
Specification