System and method of locating identity providers in a data network
First Claim
1. An identity provider locator (IDPL) server comprising:
- an interface to a data network to communicate with a plurality of identity provider servers and to communicate with a plurality of service provider servers;
a processor; and
a computer-readable medium accessible to the processor, the computer-readable medium including;
a list of the plurality of identity provider servers;
a list of the plurality of service provider servers, wherein each service provider server is associated with an identifier; and
mappings between the plurality of identity provider servers and the plurality of service provider servers, wherein a list of identity provider servers associated with a particular service provider server is determined based on the identifier associated with the particular service provider server,wherein a first list of identity provider servers associated with a first service provider server of the plurality of service provider servers is provided to the first service provider server in response to a request an end-user computer to access the first service provider server, the first list of identity provider servers determined based on a first identifier associated with the first service provider server, and wherein the first list of identity provider servers is provided to the first service provider server without being stored as cookie information at the end-user computer.
1 Assignment
0 Petitions
Accused Products
Abstract
A distributed computer system is disclosed and includes a plurality of identity provider servers and a plurality of service provider servers coupled to a data network. Further, an identity provider locator server is coupled to the data network. In response to a request from one of the plurality of service provider servers, the identity provider locator server can provide an identifier of at least one of the plurality of identity provider servers. The identity provider locator server can include a memory that stores a list of active identity provider servers for a particular end-user having access to the data network. Further, one or more of the plurality of identity provider servers is able to add or remove itself from the list of active identity provider servers.
129 Citations
14 Claims
-
1. An identity provider locator (IDPL) server comprising:
-
an interface to a data network to communicate with a plurality of identity provider servers and to communicate with a plurality of service provider servers; a processor; and a computer-readable medium accessible to the processor, the computer-readable medium including; a list of the plurality of identity provider servers; a list of the plurality of service provider servers, wherein each service provider server is associated with an identifier; and mappings between the plurality of identity provider servers and the plurality of service provider servers, wherein a list of identity provider servers associated with a particular service provider server is determined based on the identifier associated with the particular service provider server, wherein a first list of identity provider servers associated with a first service provider server of the plurality of service provider servers is provided to the first service provider server in response to a request an end-user computer to access the first service provider server, the first list of identity provider servers determined based on a first identifier associated with the first service provider server, and wherein the first list of identity provider servers is provided to the first service provider server without being stored as cookie information at the end-user computer. - View Dependent Claims (2)
-
-
3. A method comprising:
-
receiving, at an identity provider locator (IDPL) server, a redirect message from an end-user computer, the redirect message having been received at the end-user computer from a service provider server in response to an end-user accessing the service provider server from the end-user computer, wherein the redirect message includes an identifier of the service provider server; determining, at the IDPL server, a list of identity provider servers associated with the service provider server based on the identifier included in the redirect message; and transmitting a redirect uniform resource locator (URL) from the IDPL server to the end-user computer, wherein the redirect URL includes the list of identity provider servers associated with the service provider server, wherein the list of identity provider servers is provided to the service provider server via the end-user computer without the list of identity provider servers being stored as cookie information at the end-user computer. - View Dependent Claims (4, 5, 6, 7, 8, 9)
-
-
10. A method comprising:
-
accessing a service provider server from an end-user computer; receiving a redirect message at the end-user computer from the service provider server in response to the end-user computer accessing the service provider server, wherein the redirect message includes a request for a list of identity provider servers from an identity provider locator (IDPL) server, wherein the redirect message includes an identifier of the service provider server; delivering the redirect message from the end-user computer to the IDPL server; receiving a redirect response at the end-user computer from the IDPL server, wherein the redirect response includes an ordered list of identity provider servers associated with the service provider server determined based on the identifier of the service provider server; and delivering the redirect response from the end-user computer to the service provider server without storing the ordered list of identity provider servers as cookie information at the end-user computer. - View Dependent Claims (11, 12, 13, 14)
-
Specification