Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

Web Oriented, Mobile-code based Client-Server Single Sign-On Mechanism

IP.com Disclosure Number: IPCOM000099102D
Original Publication Date: 2005-Mar-14
Included in the Prior Art Database: 2005-Mar-14
Document File: 4 page(s) / 783K

Publishing Venue

IBM

Abstract

Disclosed is a system for an integrated single sign-on (SSO) mechanism covering both Web-based and client-server based solutions, which is effectively designed and can be implemented from Web SSO product base rather than traditional client-server based (or client initiated) framework. This mechanism utilizes a Web based mobile code as an SSO driver in the client environment.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 51% of the total text.

Page 1 of 4

Web Oriented, Mobile-code based Client-Server Single Sign-On Mechanism

A Single Sign-On environment allows users to provide his/her sign-on information once and the subsequent log-in's to other applications can be omitted. Systematically such SSO identity information is passed to those applications. In the traditional Single Sign-On (client initiated SSO) environment, the client machines have to start a local installed client code to enable SSO functionality.

In stand-alone mode, this SSO local client code does not communicate with the management server that centrally manages all the SSO information for all the connected client machines. In this mode, the SSO client code locally keeps all the SSO information for the particular client. Normally such SSO information is appropriately encrypted and protected by a password or other protection methods. The typical scenario of the client initiated SSO in this mode is as follows.

The user starts the SSO client code (program) and the program displays a password

prompt.

When the correct password is entered, the SSO client code is ready to automatically


2.

sign-on to all the application programs that are previously defined.

As a Notes client is started, for example, the SSO client code detects the password


1.


3.

prompt of the Notes client and automatically enter the user ID and its associated password. The Notes client starts to communicate with the Notes/Domino server and log-in operation is completed without user interaction.

In client-server mode, the SSO client code communicates with the management server and obtains the client specific SSO information from the server (See Figure 1). Therefore all the clients' SSO information is centrally controlled. The typical scenario of SSO in this mode is as follows.

The user starts the SSO client code (program) and the program displays a password

prompt.

When the correct password is entered, the SSO client code starts to communicate


2.

with the management server and receives the SSO information for the applications that the client is to run.

When the necessary SSO information is received from the management server, the


3.

SSO client code is ready to automatically sign-on to all the application programs that are previously defined.

The SSO operations and flows are the same as the one in stand-alone mode above.


4.

This mode requires communication with the management server so that a certain practice should be implemented for the case which the client cannot communicate with the server.


1.

1

Page 2 of 4

Figure 1

The other typical SSO mechanism is the one for Web environment. The following example is the one with IBM Tivoli Access Manager for e-business (TAMeb) product that manages user authentication and resource access authorization in HTTP based Web environment. In this case, the client talks to TAMeb with HTTP protocol, normally through Web browsers. TAMeb provides user authentication capability with standardized methods and centrally controls all...