Who is the assignee on this patent?

Agarwal Mugdha, Choudhary Akshat, Agarwal Puneet, and 4 more

What technology area does this patent fall under?

Primary CPC classification H04L63/0884. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Mar 08 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Systems and methods for providing single sign on access to enterprise SAAS and cloud hosted applications

US9282097B2 · US · B2

Patent metadata
Field	Value
Publication number	US-9282097-B2
Application number	US-201113102902-A
Country	US
Kind code	B2
Filing date	May 6, 2011
Priority date	May 7, 2010
Publication date	Mar 8, 2016
Grant date	Mar 8, 2016

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

The solution of the present application addresses the problem of authentication across disparately hosted systems by providing a single authentication domain across SaaS and cloud hosted applications as well as traditional enterprise hosted applications. An application delivery controller intermediary to a plurality of clients and the disparately hosted applications providing single sign on management, integration and control. A user may log in via an interface provided, controlled or managed by the ADC, which in turns, authenticates the user to the application in accordance with policy and the host of the application. As such, the user may login once to gain access to a plurality of disparately hosted applications. From the user's perspective, the user seamlessly and transparently gains access to different hosted systems with different passwords and authentication via the remote access provided by the system of the present solution.

First claim

Opening claim text (preview).

What is claimed: 1. A method for providing via an intermediary device single sign on across one or more disparately hosted applications, the method comprising: (a) intercepting, by a device intermediary to a plurality of clients and a plurality of servers, a first request of a client of the plurality of clients to access a login page of a third-party hosted application of a plurality of disparately hosted applications on the plurality of servers accessible via the device using a single set of authentication credentials; (b) redirecting, by the device intermediary to the client and a server of the plurality of servers hosting the third-party hosted application, the client to a single sign on system for redirection to a domain of the third-party hosted application identified by a corresponding fully qualified domain name, the single sign on system providing single sign on access to one or more third-party hosted applications of the plurality of disparately hosted applications; (c) intercepting, by the device, a second request from the client to be redirected to the domain of the third-party hosted application identified by the corresponding fully qualified domain name; (d) redirecting, by a content redirection virtual server executing on the device, using the fully qualified domain name and responsive to applying a first policy to the second request and the first policy matching one or more keywords of a first uniform resource locator of the second request, the second request to the single sign on system for redirection to the domain; (e) intercepting, by the device, the second request redirected by the single sign on system to the domain, the redirected second request having a second uniform resource locator instead of the first uniform resource locator; and (f) responsive to intercepting the redirected second request and determining that the first policy does not match one or more keywords of the second uniform resource locator, forwarding, by the device, the redirected second request to the domain of the third-party hosted application. 2. The method of claim 1 , wherein step (a) further comprises providing, via the device, access to the plurality of disparately hosted applications comprising a first application hosted by a server of an enterprise of the device and at least one of a second application of the enterprise hosted via a cloud computing service or a third application hosted by a third party application provider. 3. The method of claim 1 , wherein step (b) further comprises generating, by a responder of the device, a redirect response to the first request of the client. 4. The method of claim 1 , wherein step (b) further comprises generating, by a responder of the device a redirect response to the first request of the client responsive to content of the first request matching a responder policy, a redirect response to the first request of the client, the responder policy configured to identify at least a portion of a uniform resource locator of the login page of the third-party hosted application. 5. The method of claim 1 , wherein step (c) further comprises intercepting, by the device, the second request from the client responsive to the single sign on system redirecting the client to send the second request to the domain of the third-party hosted application. 6. The method of claim 5 , further comprising redirecting the second request to the domain of first third-party hosted application to set one or more cookies for the domain. 7. The method of claim 1 , wherein step (d) further comprises redirecting, by the content redirection virtual server of the device, the second request responsive to the first policy identifying the second request as a single sign on request. 8. The method of claim 1 , wherein step (f) further comprises applying, by the device, the first policy to the redirected second request. 9. The method of claim 1 , wherein step (e) further comprises intercepting, by the device, the second request and bypassing the content redirection virtual server of the device. 10. The method of claim 1 , wherein the device is configured to forward the second request to the server of the plurality of servers responsive to the first policy not matching one or more keywords of the uniform resource locator of the second request. 11. A system for providing a single sign on across one or more disparately hosted applications, the system comprising: a device intermediary to a plurality of clients and a plurality of servers and providing access to a plurality of disparately hosted applications on the plurality of servers using a single set of authentication credentials, the device receiving a first request of a client of the plurality of clients to access a login page of a third party hosted application of the plurality of disparately hosted applications; a responder of the device intermediary to the client and a server of the plurality of servers hosting the third-party hosted application redirecting the client to a single sign on system for redirection to a domain of the third-party hosted application identified by a corresponding fully qualified domain name, the single sign on system providing single sign on access to one or more third-party hosted applications of the plurality of disparately hosted applications; a content redirection virtual server executing on the device, the content redirection virtual server intercepting a second request from the client to be redirected to the domain of the third-party hosted application identified by the corresponding fully qualified domain name, redirecting, using the fully qualified domain name, and responsive to applying a first policy to the second request and the first policy matching one or more keywords of a first uniform resource locator of the second request, the second request to the single sign on system for redirection to the domain, and intercepting the second request redirected by the single sign on system to the domain, the redirected second request having a second uniform resource locator instead of the first uniform resource locator; and wherein the device responsive to intercepting the redirected second request and determining that the first policy does not match one or more keywords of the second uniform resource locator, forwards the redirected second request to the domain of the third-party hosted application. 12. The system of claim 11 , wherein the device provides access to the plurality of disparately hosted applications comprising a first application hosted by a server of an enterprise of the device and at least one of a second application of the enterprise hosted via a cloud computing service or a third application hosted by a third party application provider. 13. The system of claim 11 , wherein the responder generates a redirect response to the first request of the client. 14. The system of claim 11 , wherein the responder generates a redirect response responsive to content of the first request matching a responder policy, a redirect response to the first request of the client, the responder policy configured to identify at least a portion of a uniform resource locator of the login page of the third-party hosted application. 15. The system of claim 11 , wherein the device intercepts the second request from the client responsive to the single sign on system redirecting the client to send the second request to the domain of the third-party hosted application. 16. The system of claim 15 , where the second request is redirected to the domain of first third-party hosted application to set one or more cookies for the domain.

Assignees

Inventors

Classifications

G06F21/554
involving event detection and direct action · CPC title
G06F21/31
User authentication · CPC title
H04L63/0884Primary
by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity · CPC title
G06F21/41
where a single sign-on provides access to a plurality of computers · CPC title
H04L63/0815
providing single-sign-on or federations · CPC title

Patent family

Related publications grouped by family.

View patent family 44902875

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US9282097B2 cover?: The solution of the present application addresses the problem of authentication across disparately hosted systems by providing a single authentication domain across SaaS and cloud hosted applications as well as traditional enterprise hosted applications. An application delivery controller intermediary to a plurality of clients and the disparately hosted applications providing single sign on man…
Who is the assignee on this patent?: Agarwal Mugdha, Choudhary Akshat, Agarwal Puneet, and 4 more
What technology area does this patent fall under?: Primary CPC classification H04L63/0884. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Mar 08 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).