Extending secure single sign on to legacy applications
First Claim
1. A computer method for extending secure single sign on to a legacy web application that does not support a specific single sign on user authentication technique, the method comprising:
- intercepting, by a single sign on proxy, a request by a client computer to access the legacy web application, wherein the legacy web application does not support the specific single sign on user authentication technique;
forwarding the intercepted request to a single sign on identity provider, by the single sign on proxy;
authenticating the user of client computer using the specific single sign on user authentication technique not supported by the legacy web application, by single sign on identity provider;
providing an indication to the single sign on proxy that the authentication using the specific single sign on user authentication technique not supported by the legacy web application was successful, by the single sign on identity provider;
obtaining a master password for the legacy web application from a key vault, by the single sign on proxy;
obtaining an identifier of the user from the intercepted request, by the single sign on proxy;
transmitting the identifier of the user and the master password wrapped in an HTTP request to the legacy web application, by the single sign on proxy;
authenticating the HTTP request and creating a session, by the legacy web application;
receiving cookies concerning management of the session from the legacy web application, by the single sign on proxy; and
transmitting the received cookies to the client computer by the single sign on proxy, wherein the client computer utilizes the cookies to continue the session and communicate directly with the legacy web application, such that the single sign on proxy no longer intercepts additional transmissions between the client computer and the legacy application;
wherein a secure single sign on session using the specific single sign on user authentication technique not supported by the legacy web application is established for the legacy web application, while maintaining integrity of the legacy web application and not violating a license agreement of the legacy web application.
1 Assignment
0 Petitions
Accused Products
Abstract
A secure single sign on is extended to a legacy web application that does not support the specific user authentication technique being used, such as SAML or OAuth. A proxy intercepts a request by a client computer to access the legacy application, and forwards the intercepted request to a single sign on identity provider. The identity provider authenticates the user, using the specific authentication technique not supported by the legacy application, and provides an indication of success to the proxy. The proxy transmits a user id and master password wrapped in an HTTP request to the legacy web application, which authenticates the request, creates a session and provides corresponding cookies to the proxy. The proxy forwards the cookies to the client, which utilizes them to continue the session with the legacy application.
87 Citations
20 Claims
-
1. A computer method for extending secure single sign on to a legacy web application that does not support a specific single sign on user authentication technique, the method comprising:
-
intercepting, by a single sign on proxy, a request by a client computer to access the legacy web application, wherein the legacy web application does not support the specific single sign on user authentication technique; forwarding the intercepted request to a single sign on identity provider, by the single sign on proxy; authenticating the user of client computer using the specific single sign on user authentication technique not supported by the legacy web application, by single sign on identity provider; providing an indication to the single sign on proxy that the authentication using the specific single sign on user authentication technique not supported by the legacy web application was successful, by the single sign on identity provider; obtaining a master password for the legacy web application from a key vault, by the single sign on proxy; obtaining an identifier of the user from the intercepted request, by the single sign on proxy; transmitting the identifier of the user and the master password wrapped in an HTTP request to the legacy web application, by the single sign on proxy; authenticating the HTTP request and creating a session, by the legacy web application; receiving cookies concerning management of the session from the legacy web application, by the single sign on proxy; and transmitting the received cookies to the client computer by the single sign on proxy, wherein the client computer utilizes the cookies to continue the session and communicate directly with the legacy web application, such that the single sign on proxy no longer intercepts additional transmissions between the client computer and the legacy application; wherein a secure single sign on session using the specific single sign on user authentication technique not supported by the legacy web application is established for the legacy web application, while maintaining integrity of the legacy web application and not violating a license agreement of the legacy web application. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. At least one non-transitory computer readable medium for extending secure single sign on to a legacy web application that does not support a specific single sign on user authentication technique, the at least one non-transitory computer readable medium storing computer executable instructions that, when loaded into computer memory and executed by at least one processor of at least one computing device, cause the at least one computing device to perform the following steps:
-
intercepting, by a single sign on proxy, a request by a client computer to access the legacy web application, wherein the legacy web application does not support the specific single sign on user authentication technique; forwarding the intercepted request to a single sign on identity provider, by the single sign on proxy; authenticating the user of client computer using the specific single sign on user authentication technique not supported by the legacy web application, by single sign on identity provider; providing an indication to the single sign on proxy that the authentication using the specific single sign on user authentication technique not supported by the legacy web application was successful, by the single sign on identity provider; obtaining a master password for the legacy web application from a key vault, by the single sign on proxy; obtaining an identifier of the user from the intercepted request, by the single sign on proxy; transmitting the identifier of the user and the master password wrapped in an HTTP request to the legacy web application, by the single sign on proxy; authenticating the HTTP request and creating a session, by the legacy web application; receiving cookies concerning management of the session from the legacy web application, by the single sign on proxy; and transmitting the received cookies to the client computer by the single sign on proxy, wherein the client computer utilizes the cookies to continue the session and communicate directly with the legacy web application, such that the single sign on proxy no longer intercepts additional transmissions between the client computer and the legacy application; wherein a secure single sign on session using the specific single sign on user authentication technique not supported by the legacy web application is established for the legacy web application, while maintaining integrity of the legacy web application and not violating a license agreement of the legacy web application. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification