Simulated sso functionality by means of multiple authentication procedures and out-of-band communications

What is claimed is: 1 . A method for using an out-of-band password to provide enhanced SSO functionality, the method comprising: a processor of a computer system receiving notice of a user's access request from an Identity Provider (IDP) of a Federated Single Sign-On (F-SSO) federation, where the access request requests access to a service provided by a Service Provider (SP) of the federation, and where the federation does not support Single Sign-On functionality for that service; the processor, in response to receiving the notice, identifying and authenticating the user; the processor, in response to the authentication, sending a temporary password to the user through an out-of-band communications mechanism; the processor directing the user to sign onto the service by entering the temporary password and concurrently performing an additional authentication procedure; the processor detecting that the user has correctly entered the temporary password and performed the additional authentication procedure; the processor generating a single-use password; the processor communicating the single-use password to the user on a device under control of the Service Provider through a secured communication in a medium under control of the Service Provider; and the processor requiring the user to replace the temporary password with the single-use password when further accessing the service. 2 . The method of claim 1 , where the temporary password is subject to constraints selected from the group consisting of: limiting the temporary password to a certain number of uses; limiting the temporary password to use during a single session of the secured service; limiting the temporary password to use during a specified period of time; and limiting the temporary password to use during a specified duration of time after the first use of the temporary password. 3 . The method of claim 1 , where the out-of-band communications mechanism is selected from the group consisting of: transmitting the password to a smartphone or mobile device by means of a Short Messaging Service (SMS) text message, where the smartphone or mobile device is distinct from the computer system; transmitting to a smartphone or mobile device a Web page that identifies the password, where the smartphone or mobile device is distinct from the computer system; transmitting to a smartphone or mobile device, by means of a Short Messaging Service (SMS), a text message that identifies a URL of a Web page that identifies the password, where the smartphone or mobile device is distinct from the computer system; and reading the password, by means of a synthesized voice, to the user during a phone call initiated by the user. 4 . The method of claim 2 , where the out-of-band communication mechanism comprises a communication sent to a destination that is not part of the F-SSO federation and that is not under control of the Service Provider, and where the out-of-band communication is selected from a group consisting of: a voice message; a fax; an SMS text message; an email message; a communication to a social-media service; an instant message; and a communication sent through the Internet to a software program running on a device that is accessible to the user. 5 . The method of claim 1 , where the identifying and validating the user comprises: the processor, in response to the receiving notice, requesting that the IDP identify and authenticate the user; the processor redirecting the user to a portal under control of the IDP; the processor receiving authentication data from the IDP, and the processor redirecting the user to a portal under control of the SP. 6 . The method of claim 1 , further comprising: the processor storing a copy of the temporary password in an enterprise directory under control of the SP; the processor, upon receiving from the user the response to the sending, where the response is a password entered by the user, attempting to match the entered password with the password stored in the enterprise directory; and the processor, deeming the user to have been identified and authenticated as a result of having successfully matched the entered password to the stored password. 7 . The method of claim 1 , where the Service Provider is an Information as a Service cloud-service provider, the service is a cloud-based service deployed and controlled by the Service Provider on cloud infrastructure under control of the Service Provider, and the IDP is a client of the Service Provider that controls an application deployed on cloud infrastructure under control of the Service Provider. 8 . The method of claim 1 , further comprising: the processor selecting the temporary password as a function of the user's location, where the user's location comprises an Internet Protocol address of a device by which the user entered the sign-on request. 9 . The method of claim 1 , further comprising providing at least one support service for at least one of creating, integrating, hosting, maintaining, and deploying computer-readable program code in the computer system, where the computer-readable program code in combination with the computer system is configured to implement the receiving notice, the identifying and authenticating, the sending, the detecting, the generating, the communicating, and the requiring. 10 . A system for using an out-of-band password to provide enhanced SSO functionality comprising a processor, a memory coupled to the processor, and a computer-readable hardware storage device coupled to the processor, the storage device containing program code configured to be run by the processor via the memory to implement a method for using an out-of-band password to provide enhanced SSO functionality, the method comprising: a processor of a computer system receiving notice of a user's access request from an Identity Provider (IDP) of a Federated Single Sign-On (F-SSO) federation, where the access request requests access to a service provided by a Service Provider (SP) of the federation, and where the federation does not support Single Sign-On functionality for that service; the processor, in response to receiving the notice, identifying and authenticating the user; the processor, in response to the authentication, sending a temporary password to the user through an out-of-band communications mechanism; the processor directing the user to sign onto the service by entering the temporary password and concurrently performing an additional authentication procedure; the processor detecting that the user has correctly entered the temporary password and performed the additional authentication procedure; the processor generating a single-use password; the processor communicating the single-use password to the user on a device under control of the Service Provider through a secured communication in a medium under control of the Service Provider; and the processor requiring the user to replace the temporary password with the single-use password when further accessing the service. 11 . The system of claim 10 , where the temporary password is subject to constraints selected from the group consisting of: limiting the temporary password to a certain number of uses; limiting the temporary password to use during a single session of the secured service; limiting the temporary password to use during a specified period of time; and limiting the temporary password to use during a specified duration of time after the first use of the temporary password. 12 . The system of claim 10 , where the out-of-band communications method is selected from the group consisting of: transmitting the password to a s