Patent application number | Description | Published |
20140096190 | DYNAMIC FLOW CONTROL FOR ACCESS MANAGERS - A master flow controller can branch to a dynamic flow controller for a specific event in an authentication process. The master flow controller saves the state of the plug-in execution before branching the control into the dynamic flow controller. All the attributes stored in the authentication context by the authentication plug-in is saved and synchronized before the control is branched to the child flow controller. After the dynamic flow controller finishes execution, the state information is synchronized between flow controllers. | 04-03-2014 |
20150088978 | COOKIE BASED SESSION MANAGEMENT - An enterprise software system access manager saves cookies for users' sessions on client devices but creates server-side sessions on the fly when needed for the users to access certain features, when there is a constraint on the client device, or due to application policies. The server-side session objects can have references to the client-side cookies and can have key-value pairs added to them instead of the associated cookie. | 03-26-2015 |
20150089614 | SINGLE SIGN-ON BETWEEN MULTIPLE DATA CENTERS - Systems and methods are disclosed for a single sign-on (SSO) enterprise system with multiple data centers that use a lightweight cookie on a user's client device. The lightweight cookie includes a reference to a data center in which the user is already authenticated, and a new data center contacts the old data center for creating a session for the user on the new data center. If the old data center is unavailable, then the new data center may fall back to accessing a local security store, a backup of keys, security tokens, and/or other security data, in order to create a local session for the user on the new data center. | 03-26-2015 |
Patent application number | Description | Published |
20120210413 | FACILITATING SINGLE SIGN-ON (SSO) ACROSS MULTIPLE BROWSER INSTANCE - Facilitating single sign-on (SSO) across multiple browser instances such that user authentication at one browser instance is used as a basis to permit access to protected resources (hosted on server systems) from other browser instances. In an embodiment, the different browser instances are executing on different client systems. An authentication server may maintain a registration data indicating the different client systems/browser instances registered by a user for SSO feature. After a user is authenticated for a first session from one browser instance, the authentication server enables the user to access any protected resource from registered client systems/browser instances without requiring further authentication (based on the presence of the authenticated first session). | 08-16-2012 |
20130212665 | SIGNING OFF FROM MULTIPLE DOMAINS ACCESSIBLE USING SINGLE SIGN-ON - An aspect of the present invention simplifies signing-off from multiple domains. In an embodiment, upon receiving a sign-off request from a user signed-on to multiple domains, the user is signed-off from at least two, but not all, the signed-on domains in due course. According to another aspect, the domains of an enterprise are organized as groups of domains. In response to receiving a request for signing-off from a first domain, the user is signed-off from each of a group of domains corresponding to the first domain (in addition to the first domain). In an embodiment, an administrator of the enterprise specifies a master domain for each group, to facilitate identification of the group to be signed-off. According to another aspect, a user selects a set of domains to sign-off from. The user is signed-off from only the selected set of domains. | 08-15-2013 |
20130340054 | CREDENTIAL COLLECTION IN AN AUTHENTICATION SERVER EMPLOYING DIVERSE AUTHENTICATION SCHEMES - An aspect of the present invention facilitates flexible credential collection in an authentication server employing diverse authentication schemes. In an embodiment, an access manager in the authentication server determines that an authentication scheme is to be used for allowing access to a resource requested by a user. A custom module (implementing the authentication scheme) in the authentication server then sends to the access manager commands indicating corresponding sets of credentials to be collected. The access manager, in response to receiving each command, collects the corresponding credentials from the user and checks whether the collected credentials authenticates the user. The custom module sends each command after the checking of the previously collected credentials. Accordingly, a developer of the custom module is enabled to request for and to perform the authentication of the user based on different sets of credentials. | 12-19-2013 |