Propagating delegated authorized credentials through legacy systems

US 9,172,694 B2
Filed: 05/22/2012
Issued: 10/27/2015
Est. Priority Date: 05/22/2012
Status: Active Grant

First Claim

Patent Images

1. A method implemented by an information handling system comprising:

receiving, over an electronic data channel, a delegated access token from a requesting client application, the delegated access token including references to a resource owner, a client application and a scope, wherein the client application is acting on behalf of a resource owner, wherein the client application received the delegated access token from the resource owner, and wherein the request is designated to a legacy system;

validating the delegated access token; and

in response to a successful validation;

transforming the delegated access token into one or more legacy access tokens; and

transmitting at least one of the one or more legacy access tokens to the legacy system.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An approach is provided to access resources at legacy systems. In this approach, a resource request destined to a legacy system is receiving from a requestor with the resource request including an access token and being on behalf of a resource owner. A validation process is performed on the access token. If the access token is valid, the approach identifies the resource owner and one or more legacy access tokens used to access the legacy system. Another request is formed with the new request including the legacy access tokens. The new request is transmitted to the legacy system and a response is received back from the legacy system. The response received from the legacy system is transmitted back to the requestor.

36 Citations

View as Search Results

21 Claims

1. A method implemented by an information handling system comprising:
- receiving, over an electronic data channel, a delegated access token from a requesting client application, the delegated access token including references to a resource owner, a client application and a scope, wherein the client application is acting on behalf of a resource owner, wherein the client application received the delegated access token from the resource owner, and wherein the request is designated to a legacy system;
  
  validating the delegated access token; and
  
  in response to a successful validation;
  
  transforming the delegated access token into one or more legacy access tokens; and
  
  transmitting at least one of the one or more legacy access tokens to the legacy system.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1 further comprising:
    - identifying the resource owner corresponding to the delegated access token, wherein the one or more legacy access tokens correspond to the identified resource owner.
  - 3. The method of claim 1 further comprising:
    - intercepting the request at a delegated authorization enforcement point; and
      
      transmitting the request to a Security Token Service (STS), wherein the STS performs the validating of the delegated access token and the transformation of the delegated access token to the one or more legacy access tokens.
  - 4. The method of claim 1, wherein transforming the delegated access token further comprises:
    - formatting at least one of the one or more legacy access tokens prior to the transmitting, wherein the at least one formatted legacy access token is in a format suitable for use by the legacy system.
  - 5. The method of claim 1 further comprising:
    - identifying a legacy system type pertaining to the legacy system that is being accessed;
      
      identifying the one or more legacy access tokens used to access the identified legacy system type; and
      
      creating the one or more legacy access tokens by transforming the delegated access token to the one or more legacy access tokens based on a format that corresponds to each of the one or more legacy access tokens.
  - 6. The method of claim 1 further comprising:
    - retrieving a legacy format corresponding to a selected one of the one or more legacy access tokens; and
      
      formatting the selected legacy access token based on the retrieved legacy format.

7. An information handling system comprising:
- one or more processors;
  
  a memory coupled to at least one of the processors;
  
  a network adapter that connects the information handling system to a computer network; and
  
  a set of instructions stored in the memory and executed by at least one of the processors, wherein the set of instructions perform actions of;
  
  receiving, over an electronic data channel, a delegated access token from a requesting client application, the delegated access token including references to a resource owner, a client application and a scope, wherein the client application is acting on behalf of a resource owner, wherein the client application received the delegated access token from the resource owner, and wherein the request is designated to a legacy system;
  
  validating the delegated access token; and
  
  in response to a successful validation;
  
  transforming the delegated access token into one or more legacy access tokens; and
  
  transmitting at least one of the one or more legacy access tokens to a legacy system.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The information handling system of claim 7 wherein the actions further comprise:
    - identifying the resource owner corresponding to the delegated access token,wherein the one or more legacy access tokens correspond to the identified resource owner.
  - 9. The information handling system of claim 7 whereinthe actions further comprise:
    - intercepting the request at a delegated authorization enforcement point; and
      
      transmitting the request to a Security Token Service (STS), wherein the STS performs the validating of the delegated access token and the transformation of the delegated access token to the one or more legacy access tokens.
  - 10. The information handling system of claim 7 wherein the actions further comprise:
    - formatting at least one of the one or more legacy access tokens prior to the transmitting, wherein the at least one formatted legacy access token is in a format suitable for use by the legacy system.
  - 11. The information handling system of claim 7 wherein the actions further comprise:
    - identifying a legacy system type pertaining to the legacy system that is being accessed;
      
      identifying the one or more legacy access tokens used to access the identified legacy system type; and
      
      creating the one or more legacy access tokens by transforming the delegated access token to the one or more legacy access tokens based on a format that corresponds to each of the one or more legacy access tokens.
  - 12. The information handling system of claim 7 wherein the actions further comprise:
    - retrieving a legacy format corresponding to a selected one of the one or more legacy access tokens; and
      
      formatting the selected legacy access token based on the retrieved legacy format.

13. A computer program product stored in a non-transitory computer readable storage medium, comprising computer instructions that, when executed by an information handling system, causes the information handling system to perform actions that include:
- receiving, over an electronic data channel, a delegated access token from a requesting client application, the delegated access token including references to a resource owner, a client application and a scope, wherein the client application is acting on behalf of a resource owner, wherein the client application received the delegated access token from the resource owner, and wherein the request is designated to a legacy system;
  
  validating the delegated access token; and
  
  in response to a successful validation;
  
  transforming the delegated access token into one or more legacy access tokens; and
  
  transmitting at least one of the one or more legacy access tokens to a legacy system.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The computer program product of claim 13 further comprising:
    - identifying the resource owner corresponding to the delegated access token,wherein the one or more legacy access tokens correspond to the identified resource owner.
  - 15. The computer program product of claim 13 further comprising:
    - intercepting the request at a delegated authorization enforcement point; and
      
      transmitting the request to a Security Token Service (STS), wherein the STS performs the validating of the delegated access token and the transformation of the delegated access token to the one or more legacy access tokens.
  - 16. The computer program product of claim 13 further comprising:
    - formatting at least one of the one or more legacy access tokens prior to the transmitting, wherein the at least one formatted legacy access token is in a format suitable for use by the legacy system.
  - 17. The computer program product of claim 13 further comprising:
    - identifying a legacy system type pertaining to the legacy system that is being accessed;
      
      identifying the one or more legacy access tokens used to access the identified legacy system type; and
      
      creating the one or more legacy access tokens by transforming the delegated access token to the one or more legacy access tokens based on a format that corresponds to each of the one or more legacy access tokens.
  - 18. The computer program product of claim 13 further comprising:
    - retrieving a legacy format corresponding to a selected one of the one or more legacy access tokens; and
      
      formatting the selected identified legacy access token based on the retrieved legacy format.

19. A method implemented by an information handling system comprising:
- receiving, from a requestor, a first resource request destined to a legacy system,wherein the first resource request includes a delegated access token from a requesting client application, the delegated access token including references to a resource owner, a client application and a scope, wherein the requesting client application is acting on behalf of a resource owner, wherein the client application received the delegated access token from the resource owner;
  
  performing a validation process on the delegated access token; and
  
  in response to the delegated access token being valid;
  
  identifying the resource owner corresponding to the delegated access token;
  
  transforming the delegated access token into one or more legacy access tokens;
  
  forming a second resource request that includes at least one of the one or more legacy access tokens;
  
  transmitting the second resource request to the legacy system;
  
  receiving a response from the legacy system; and
  
  transmitting the response to the requestor.

20. A method implemented by an information handling system comprising:
- receiving, over an electronic data channel, a delegated access token with a request from a requesting client application, the delegated access token including references to a resource owner, a client application and a scope,wherein the client application is acting on behalf of the resource owner, wherein the client application received the delegated access token from the resource owner, and wherein the request is designated to a legacy system;
  
  validating the delegated access token; and
  
  in response to a successful validation and receipt of the delegated access token;
  
  selecting one of a plurality of legacy access tokens, wherein the selected legacy access token corresponds to the delegated access token and is of an appropriate format for the legacy system for which the request is directed; and
  
  transmitting the selected legacy access token to the legacy system.
- View Dependent Claims (21)
- - 21. The method as recited in claim 20, further comprising changing the scope of the delegated access token in response to user input prior to receiving the delegated access token.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Canning, Simon Gilbert, Readshaw, Neil Ian, Viselli, Stephen, Weeden, Shane Bradley
Primary Examiner(s)
Poltorak, Peter

Application Number

US13/477,052
Publication Number

US 20130318569A1
Time in Patent Office

1,253 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 21/335 for accessing specific reso...

H04L 63/0815 providing single-sign-on or...

Propagating delegated authorized credentials through legacy systems

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

36 Citations

21 Claims

Specification

Use Cases

Quick Links

Others

Propagating delegated authorized credentials through legacy systems

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

36 Citations

21 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others