Single sign-on authentication via browser for client application

US 9,992,187 B2
Filed: 12/21/2015
Issued: 06/05/2018
Est. Priority Date: 12/21/2015
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

extending web based single sign-on authentication to a client application to allow the client application to work with web browser based applications, extending web based single sign-on authentication comprising;

initiating at the client application at a client device, said single sign-on authentication with a security device to create an out of band single sign-on based session key;

receiving at the client application, a session identifier comprising said session key and location of a web portal for said single sign-on authentication from the security device, the session identifier generated by the security device and identifying a client session with the security device;

launching a browser, by the client application, by passing the session identifier and the location of the web portal from the client application to the browser for use by the browser in said single sign-on authentication with the web portal in a single sign-on session bound to the client session by the session identifier, the browser installed at the client device and comprising a web application communicating with the security device;

performing authentication at the client device through the web portal using the browser, with direct communication between the client application and the browser;

receiving a notification at the client application that the authentication was successful; and

performing a sign-in to an authentication server through the browser.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, a method includes initiating at a client application at a client device, a single sign-on authentication with a security device, receiving at the client application, a session identifier and location of a web portal for the single sign-on authentication from the security device, and passing the session identifier and location of the web portal from the client application to a browser installed at the client device, for use by the browser in performing the single sign-on authentication at the client device. An apparatus and logic are also disclosed herein.

43 Citations

View as Search Results

17 Claims

1. A method comprising:
- extending web based single sign-on authentication to a client application to allow the client application to work with web browser based applications, extending web based single sign-on authentication comprising;
  
  initiating at the client application at a client device, said single sign-on authentication with a security device to create an out of band single sign-on based session key;
  
  receiving at the client application, a session identifier comprising said session key and location of a web portal for said single sign-on authentication from the security device, the session identifier generated by the security device and identifying a client session with the security device;
  
  launching a browser, by the client application, by passing the session identifier and the location of the web portal from the client application to the browser for use by the browser in said single sign-on authentication with the web portal in a single sign-on session bound to the client session by the session identifier, the browser installed at the client device and comprising a web application communicating with the security device;
  
  performing authentication at the client device through the web portal using the browser, with direct communication between the client application and the browser;
  
  receiving a notification at the client application that the authentication was successful; and
  
  performing a sign-in to an authentication server through the browser.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 further comprising submitting login credentials via the browser.
  - 3. The method of claim 1 further comprising transmitting an HTTP (Hypertext Transfer Protocol) GET request comprising the session identifier.
  - 4. The method of claim 3 wherein the HTTP GET request redirects the client device to the web portal.
  - 5. The method of claim 1 wherein the web portal location comprises a URL (Uniform Resource Locator).
  - 6. The method of claim 1 further comprising receiving a timeout value with the session identifier and the web portal location.
  - 7. The method of claim 1 wherein the session identifier comprises a session key generated by the security device upon receiving a login request from the client device.
  - 8. The method of claim 1 wherein the session identifier identifies a client session between the client application and the security device and wherein the client session is associated with a web session generated at the security device based on communication between the browser and the security device.

9. An apparatus comprising:
- a hardware port interface for communication with a client device comprising a client application and a browser; and
  
  a processing device for;
  
  processing a request from the client application for a single sign-on authentication,receiving a web portal location,generating a client session between the apparatus and the client application to create an out of band single sign-on based session key,transmitting a client session identifier comprising said session key and the location of a web portal for said single-sign on authentication to the client application, andprocessing said single sign-on authentication by the processing device, with the browser using the client session identifier and the web portal location received from the browser;
  
  wherein the client session is associated with a web session used to perform said single-sign on authentication with the browser and wherein the browser comprises a web application functioning independently from the client application, the client application configured to launch the browser using security information obtained from the apparatus for use in said single sign-on authentication, and wherein direct communication between the client application and the browser allows the client application to use the browser to perform authentication; and
  
  wherein web based single sign-on is extended to the client application to allow the client application to work with web browser based applications.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The apparatus of claim 9 wherein processing said single sign-on authentication with the browser comprises processing an HTTP (Hypertext Transfer Protocol) GET request received from the browser and comprising the client session identifier.
  - 11. The apparatus of claim 9 wherein processing said single sign-on authentication with the browser comprises receiving user credentials from the browser.
  - 12. The apparatus of claim 9 wherein the processor is further configured to notify the client device of a successful authentication.
  - 13. The apparatus of claim 9 wherein the session identifier comprises a session key generated by the security device upon receiving said request from the client device.

14. Logic encoded on one or more non-transitory computer readable media for execution and when executed perform the steps of:
- extending web based single sign-on authentication to a client application to allow the client application to work with web browser based applications, extending web based single sign-on authentication by;
  
  initiating at the client application at a client device, said single sign-on authentication with a security device to create an out of band single sign-on based session key;
  
  receiving at the client application, a session identifier comprising said session key and location of a web portal for said single sign-on authentication from the security device, the session identifier generated by the security device and identifying a client session with the security device;
  
  launching a browser, by the client application, by passing the session identifier and the location of the web portal from the client application to the browser for use by the browser in said single sign-on authentication with the web portal in a single sign-on session bound to the client session by the session identifier, the browser installed at the client device and comprising a web application communicating with the security device;
  
  performing authentication at the client device through the web portal using the browser, with direct communication between the client application and the browser;
  
  receiving a notification at the client application that the authentication was successful; and
  
  performing a sign-in to an authentication server through the browser.
- View Dependent Claims (15, 16, 17)
- - 15. The logic of claim 14 wherein the session identifier comprises a session key generated by the security device upon receiving a login request from the client device.
  - 16. The logic of claim 14 wherein the session identifier identifies a client session between the client application and the security device and wherein the client session is associated with a web session generated at the security device based on communication between the browser and the security device.
  - 17. The logic of claim 14 wherein the client application passes the session identifier and the web portal location in a one way communication between the client application and the browser upon launching the browser from the client application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Lu, Jiajun, Han, Songling, Kielbasinski, Andrzej, Davis, Peter
Primary Examiner(s)
Kabir, Jahangir
Assistant Examiner(s)
Baum, Ronald

Application Number

US14/977,569
Publication Number

US 20170180351A1
Time in Patent Office

897 Days
Field of Search

726 6
US Class Current
CPC Class Codes

G06F 21/41   where a single sign-on prov...

H04L 63/0272   Virtual private networks

H04L 63/061   for key exchange, e.g. in p...

H04L 63/0815   providing single-sign-on or...

H04L 63/0876   based on the identity of th...

H04L 63/168   above the transport layer

H04L 67/02   based on web technology, e....

H04L 67/146   Markers for unambiguous ide...

Single sign-on authentication via browser for client application

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

43 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Single sign-on authentication via browser for client application

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

43 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links