Systems and methods for system login and single sign-on
Abstract
Systems and methods for system login and single sign-on are described. A first application of a first system receives a request to access a protected application of a second system. An assertion is generated in response to the request. The assertion asserts an identity in the first system of a user generating the request. The assertion is validated and first account information corresponding to the assertion is extracted. The first account information is information of a first account of the user in the first system. Second account information is determined that is information of a second account of the user in the second system. A mapping is generated between the first account and the second account using the first account information and the second account information. The mapping is used to provide access to the protected application by the requestor.
Claims
exact text as granted — not AI-modified1 . A method comprising:
receiving at a first application of a first system a request to access a protected application of a second system; generating in response to the request an assertion that asserts an identity in the first system of a user generating the request; validating the assertion and extracting first account information corresponding to the assertion, wherein the first account information is information of a first account of the user in the first system; determining second account information that is information of a second account of the user in the second system; and generating a mapping between the first account and the second account using the first account information and the second account information.
2 . The method of claim 1 , comprising providing access to the protected application by the user via the mapping.
3 . The method of claim 1 , wherein the second system is remote to the first system.
4 . The method of claim 1 , wherein the generating of the assertion is performed at the first system.
5 . The method of claim 1 , wherein the generating of the assertion uses security assertion markup language.
6 . The method of claim 1 , comprising generating a query string parameter in response to the request, wherein the query string parameter includes the assertion.
7 . The method of claim 6 , comprising generating the query string parameter to include a uniform resource locator corresponding to an electronic location of the protected application.
8 . The method of claim 7 , comprising, following the mapping, redirecting the user to the protected application using the uniform resource locator.
9 . The method of claim 6 , comprising generating the query string parameter at the first system and propagating the query string parameter to the second system.
10 . The method of claim 1 , wherein the validating is performed at the second system using a key provided by the first system.
11 . The method of claim 1 , wherein the determining the second account information comprises, in response to the first account information, generating a prompt for the second account information.
12 . The method of claim 1 , wherein the generating the mapping comprises generating the mapping in response to receipt of the second account information.
13 . The method of claim 1 , comprising authenticating the second account information prior to the generating of the mapping.
14 . The method of claim 13 , comprising determining that the second account information is associated with a plurality of organizations and prompting the user to select an organization of the plurality of organizations.
15 . The method of claim 14 , comprising generating the mapping to include the organization selected.
16 . The method of claim 1 , wherein the mapping comprises generating a logical link between the first account information and the second account information.
17 . The method of claim 1 , comprising storing the mapping in the second system.
18 . The method of claim 1 , wherein the first account information comprises an account name of the first account in the first system.
19 . The method of claim 1 , wherein the second account information comprises an account name of the second account in the second system.
20 . The method of claim 19 , wherein the second account information comprises a password corresponding to the second account.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.