Single logout functionality for a multi-tenant identity and data security management cloud service
First Claim
1. A non-transitory computer readable medium having instructions stored thereon that, when executed by a processor, cause the processor to provide cloud-based identity and access management, the providing comprising:
- receiving a first request for an identity management service configured to allow for accessing at least two applications comprising a first application that requires a first access protocol and a second application that requires a second access protocol that is different than the first access protocol;
sending the first request to a first microservice, wherein the first microservice performs the identity management service by generating a token, wherein the first microservice generates the token at least in part by sending a second request to a single sign-on (SSO) microservice, wherein the SSO microservice is configured to provide SSO functionality across different microservices that are based on different access protocols;
wherein the SSO microservice implements an SSO and generates a cookie that includes a global state and is used for communicating with different microservices;
receiving a single log-out (SLO) of the SSO; and
using the cookie to iteratively log-out of the applications, wherein, after each logout of an application of the first access protocol, a redirect is performed to the SSO microservice to trigger log-out of applications of a different protocol, wherein the iterative log-out of the applications comprises triggering a log-out of the first application, receiving the redirect and determining that there is another access protocol for log-out that is different from the first access protocol, and triggering a log-out of the second application;
wherein the cookie indicates applications that are signed into the SSO and the redirect is stored on the cookie.
1 Assignment
0 Petitions
Accused Products
Abstract
A cloud-based identity and access management system that implements single sign-on (“SSO”) receives a first request for an identity management service configured to allow for accessing applications. Embodiments send the first request to a first microservice, where the first microservice performs the identity management service by generating a token. The first microservice generates the token at least in part by sending a second request to a SSO. The SSO microservice implements an SSO and generates a cookie that includes a global state and is used for communicating with different microservices. Embodiments receive a single log-out (SLO) of the SSO and use the cookie to iteratively log-out of the applications, where, after each log-out of an application of a first protocol, a redirect is performed to the SSO microservice to trigger log-out of applications of a different protocol.
351 Citations
20 Claims
-
1. A non-transitory computer readable medium having instructions stored thereon that, when executed by a processor, cause the processor to provide cloud-based identity and access management, the providing comprising:
- receiving a first request for an identity management service configured to allow for accessing at least two applications comprising a first application that requires a first access protocol and a second application that requires a second access protocol that is different than the first access protocol;
sending the first request to a first microservice, wherein the first microservice performs the identity management service by generating a token, wherein the first microservice generates the token at least in part by sending a second request to a single sign-on (SSO) microservice, wherein the SSO microservice is configured to provide SSO functionality across different microservices that are based on different access protocols;
wherein the SSO microservice implements an SSO and generates a cookie that includes a global state and is used for communicating with different microservices;
receiving a single log-out (SLO) of the SSO; and
using the cookie to iteratively log-out of the applications, wherein, after each logout of an application of the first access protocol, a redirect is performed to the SSO microservice to trigger log-out of applications of a different protocol, wherein the iterative log-out of the applications comprises triggering a log-out of the first application, receiving the redirect and determining that there is another access protocol for log-out that is different from the first access protocol, and triggering a log-out of the second application;
wherein the cookie indicates applications that are signed into the SSO and the redirect is stored on the cookie. - View Dependent Claims (2, 3, 4, 5, 6, 18)
- receiving a first request for an identity management service configured to allow for accessing at least two applications comprising a first application that requires a first access protocol and a second application that requires a second access protocol that is different than the first access protocol;
-
7. A method of providing cloud-based identity and access management comprising:
- receiving a first request for an identity management service configured to allow for accessing at least two applications comprising a first application that requires a first access protocol and a second application that requires a second access protocol that is different than the first access protocol;
sending the first request to a first microservice, wherein the first microservice performs the identity management service by generating a token, wherein the first microservice generates the token at least in part by sending a second request to a single sign-on (SSO) microservice, wherein the SSO microservice is configured to provide SSO functionality across different microservices that are based on different access protocols;
wherein the SSO microservice implements an SSO and generates a cookie that includes a global state and is used for communicating with different microservices;
receiving a single log-out (SLO) of the SSO; and
using the cookie to iteratively log-out of the applications, wherein, after each logout of an application of the first access protocol, a redirect is performed to the SSO microservice to trigger log-out of applications of a different protocol, wherein the iterative log-out of the applications comprises triggering a log-out of the first application, receiving the redirect and determining that there is another access protocol for log-out that is different from the first access protocol, and triggering a log-out of the second application;
wherein the cookie indicates applications that are signed into the SSO and the redirect is stored on the cookie. - View Dependent Claims (8, 9, 10, 11, 12, 19)
- receiving a first request for an identity management service configured to allow for accessing at least two applications comprising a first application that requires a first access protocol and a second application that requires a second access protocol that is different than the first access protocol;
-
13. A system for providing cloud based identity and access management, comprising:
- a plurality of tenants;
a plurality of microservices; and
one or more processors that;
receive a first request for an identity management service configured to allow for accessing at least two applications comprising a first application that requires a first access protocol and a second application that requires a second access protocol that is different than the first access protocol;
send the first request to a first microservice, wherein the first microservice performs the identity management service by generating a token, wherein the first microservice generates the token at least in part by sending a second request to a single sign-on (SSO) microservice, wherein the SSO microservice is configured to provide SSO functionality across different microservices that are based on different access protocols;
wherein the SSO microservice implements an SSO and generates a cookie that includes a global state and is used for communicating with different microservices;
receive a single log-out (SLO) of the SSO; and
use the cookie to iteratively log-out of the applications, wherein, after each log-out of an application of the first access protocol, a redirect is performed to the SSO microservice to trigger log-out of applications of a different protocol, wherein the iterative log-out of the applications comprises triggering a log-out of the first application, receiving the redirect and determining that there is another access protocol for log-out that is different from the first access protocol, and triggering a log-out of the second application;
wherein the cookie indicates applications that are signed into the SSO and the redirect is stored on the cookie. - View Dependent Claims (14, 15, 16, 17, 20)
- a plurality of tenants;
Specification