Providing single sign-on (SSO) in disjoint networks with non-overlapping authentication protocols

Assignee

• Akamai Technologies, Inc. · US

Inventors

• Seetharama Sarma Ayyadevara · San Jose, US
• Seemant Choudhary · Fremont, US
• Stephan Benny · San Jose, US
• Punit Kandoi · Sunnyvale, US
• Pravin Tatti · Sunnyvale, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L2463/082
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A method of enabling single sign-on (SSO) access to an application executing in an enterprise, wherein authorized, secure access to specific enterprise applications are facilitated via an enterprise-based connector. In response to successful authentication of an end user via a first authentication method, a credential associated with the successful authentication is encrypted to generate an encrypted user token. The encrypted user token is then forwarded for storage in a database accessible by the enterprise-based connector. Following a redirect (e.g., from a login server instance) that returns the end user to the enterprise-based connector, the encrypted user token is fetched and decrypted to recover the credential. The credential so recovered is then used to attempt to authenticate the user to an application via a second authentication method distinct from the first authentication method. Typically, the first authentication method is an HTML form-based authentication initiated from a client browser, and the second authentication method is one of: NTLM, and Kerberos.