Method and system for web-based switch-user operation
First Claim
1. A method for accessing protected resources, the method comprising:
- establishing at a proxy server a session for a first user, wherein the session is associated with a credential for the first user;
receiving at the proxy server from the first user a request to assume the identity of a second user;
obtaining a credential for the second user;
saving the credential of the first user;
associating the credential of the second user with the session for the first user;
receiving at the proxy server from the first user during the session for the first user a request for a protected resource; and
providing access to the protected resource in accordance with the credential for the second user.
1 Assignment
0 Petitions
Accused Products
Abstract
A method, an apparatus, a system, and a computer program product are presented for allowing an administrative user to provide help, support, or assistance to other users within a computing environment. An administrator obtains a username of a user who requires assistance through some means. The administrator belongs to a special group of users that is allowed to invoke a switch-user function, which obtains a comprehensive version of that user'"'"'s identity, e.g., security credentials, while maintaining a session. With respect to applications and systems within a computing environment, the administrator'"'"'s session will have the attributes of the assumed user identity as if the administrator had logged in with that user'"'"'s authentication information. The administrator then accesses resources while impersonating that user in order to assist that user or to find a problem.
37 Citations
21 Claims
-
1. A method for accessing protected resources, the method comprising:
-
establishing at a proxy server a session for a first user, wherein the session is associated with a credential for the first user; receiving at the proxy server from the first user a request to assume the identity of a second user; obtaining a credential for the second user; saving the credential of the first user;
associating the credential of the second user with the session for the first user;receiving at the proxy server from the first user during the session for the first user a request for a protected resource; and providing access to the protected resource in accordance with the credential for the second user. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An apparatus for accessing protected resources, the apparatus comprising:
-
means for establishing at a proxy server a session for a first user, wherein the session is associated with a credential for the first user; means for receiving at the proxy server from the first user a request to assume the identity of a second user;
means for obtaining a credential for the second user;means for saving the credential of the first user;
means for associating the credential of the second user with the session for the first user;means for receiving at the proxy server from the first user during the session for the first user a request for a protected resource; and means for providing access to the protected resource in accordance with the credential for the second user. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer program product in a computer readable medium for use in a data processing system for accessing protected resources, the computer program product comprising:
-
means for establishing at a proxy server a session for a first user, wherein the session is associated with a credential for the first user; means for receiving at the proxy server from the first user a request to assume the identity of a second user;
means for obtaining a credential for the second user;means for saving the credential of the first user;
means for associating the credential of the second user with the session for the first user;means for receiving at the proxy server from the first user during the session for the first user a request for a protected resource; and means for providing access to the protected resource in accordance with the credential for the second user. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification