System and method for multi-tenant SSO with dynamic attribute retrieval
First Claim
1. A method for multi-tenant SSO identity management with dynamic attribute retrieval, the method utilizing a system comprising at least one service provider, at least one service provider plug-in, and a service automation platform, the at least one service provider plug-in further comprising a service provider handler implementation, and the service automation platform further comprising a single sign-on (SSO) dispatcher, the method comprising the steps:
- a. activating, by a user, a link to a service provided by the at least one service provider;
b. receiving at an SSO dispatcher, the link activated by the user;
c. identifying by the SSO dispatcher the service provided by the at least one service provider;
d. requesting at the SSO dispatcher, user attributes for the at least one service provider from a service provider handler;
e. assembling at a service provider handler implementation, a response query with the user attributes, the user attributes assembled according to a user attributes schema and service provider settings;
f. checking at the SSO dispatcher, whether the response query is a success, and if successful, proceeding to the next step, and if unsuccessful, displaying a message;
g. checking at the SSO dispatcher, whether the response query includes identification of an identity provider, and if the response query does not include identification of an identity provider, retrieving public identity provider credentials from the service automation platform, and if the response query is successful, proceeding to the next step;
h. determining at the SSO dispatcher, whether the response query identifies a managed identity provider, or an exclusive identity provider, and requesting the respective identity provider'"'"'s credentials identified herein;
i. signing at the SSO dispatcher, a package for a user'"'"'s authentication with the credentials;
j. redirecting at the SSO dispatcher, the package to the service provider.
7 Assignments
0 Petitions
Accused Products
Abstract
A system and method for multi-tenant single sign-on (SSO) identity management with dynamic attribute retrieval, the system includes at least one service provider, at least one service provider plug-in, and a service automation platform. A method for multi-tenant SSO identity management with dynamic attribute retrieval, includes the steps of receiving a link to a service provider at an SSO dispatcher, the SSO dispatcher identifying a service, requesting at the SSO dispatcher, user attributes for the at least one service provider, assembling at a service provider handler implementation, a response query, retrieving identity provider credentials from the service automation platform, signing at the SSO dispatcher, a package for a user'"'"'s authentication, and redirecting the package to the service provider.
-
Citations
6 Claims
-
1. A method for multi-tenant SSO identity management with dynamic attribute retrieval, the method utilizing a system comprising at least one service provider, at least one service provider plug-in, and a service automation platform, the at least one service provider plug-in further comprising a service provider handler implementation, and the service automation platform further comprising a single sign-on (SSO) dispatcher, the method comprising the steps:
-
a. activating, by a user, a link to a service provided by the at least one service provider; b. receiving at an SSO dispatcher, the link activated by the user; c. identifying by the SSO dispatcher the service provided by the at least one service provider; d. requesting at the SSO dispatcher, user attributes for the at least one service provider from a service provider handler; e. assembling at a service provider handler implementation, a response query with the user attributes, the user attributes assembled according to a user attributes schema and service provider settings; f. checking at the SSO dispatcher, whether the response query is a success, and if successful, proceeding to the next step, and if unsuccessful, displaying a message; g. checking at the SSO dispatcher, whether the response query includes identification of an identity provider, and if the response query does not include identification of an identity provider, retrieving public identity provider credentials from the service automation platform, and if the response query is successful, proceeding to the next step; h. determining at the SSO dispatcher, whether the response query identifies a managed identity provider, or an exclusive identity provider, and requesting the respective identity provider'"'"'s credentials identified herein; i. signing at the SSO dispatcher, a package for a user'"'"'s authentication with the credentials; j. redirecting at the SSO dispatcher, the package to the service provider. - View Dependent Claims (2, 3, 4, 5, 6)
-
Specification
-
- Resources
-
Current AssigneeCloudblue LLC
-
Original AssigneeIngram Micro Incorporated (HNA Technology Co. Ltd.)
-
InventorsKostyukov, Andrey, Kuzkin, Maxim
-
Primary Examiner(s)Lwin, Maung T
-
Application NumberUS15/821,375Publication NumberTime in Patent Office1,000 DaysField of SearchNoneUS Class CurrentCPC Class CodesG06F 9/44526 Plug-ins; Add-onsG06F 9/547 Remote procedure calls [RPC...H04L 63/0815 providing single-sign-on or...H04L 9/3263 involving certificates, e.g...
