Invention Grant
US09276869B2 Dynamically selecting an identity provider for a single sign-on request
有权
动态选择身份提供者进行单一登录请求
- Patent Title: Dynamically selecting an identity provider for a single sign-on request
- Patent Title (中): 动态选择身份提供者进行单一登录请求
-
Application No.: US13732727Application Date: 2013-01-02
-
Publication No.: US09276869B2Publication Date: 2016-03-01
- Inventor: William D. Dodd , William J. O'Donnell , Eduardo N. Spring , Chunlong Liang
- Applicant: International Business Machines Corporation
- Applicant Address: US NY Armonk
- Assignee: International Business Machines Corporation
- Current Assignee: International Business Machines Corporation
- Current Assignee Address: US NY Armonk
- Agent Joseph Petrokaitis; David H. Judson
- Main IPC: G06F15/173
- IPC: G06F15/173 ; H04L12/911 ; H04L29/06 ; H04L29/08
Abstract:
An identity provider (IdP) discovery service operative at a service provider (SP) is described. In operation, and as valid requests are received by the SP via normal IdP-initiated flows, the SP builds-up knowledge about the relationship between the IdP (that redirected the request) and the initiator of the request. The IdP instance typically is inferred from an HTTP referrer field, and information about the initiator may be ascertained from client-specific information, such as client system IP address, client DNS domain, a domain of a user e-mail address, a target URL for the incoming request, or the value associated with a particular HTTP header field. This knowledge is maintained in one or more mapping table(s) that associate request attributes-to-IdP instance data. The mappings are then used to facilitate IdP discovery for a new incoming request to the SP that has been determined to originate from other than an IdP.
Public/Granted literature
- US20140189123A1 Dynamically selecting an identity provider for a single sign-on request Public/Granted day:2014-07-03
Information query
