Legal claims defining the scope of protection, as filed with the USPTO.
1. A computer-implemented method of utilizing an authentication scheme for a single sign-on between disparate servers, comprising: receiving, by a first server, a request for data stored on a second server; retrieving, by the first server, a root certificate for accessing the second server via a single sign-on operation; dynamically generating, by the first server, a user certificate for identifying a currently logged-in user on the first server; signing, by the first server, the user certificate with the root certificate; sending, by the first server, the user certificate to the second server for binding with the request for data; sending, by the first server, the request for data to the second server for authentication using the user certificate, the authentication comprising accessing a mapping table for mapping a subject name in the user certificate to a user of the second server; enabling, by the first server, the single sign-on with the second server, upon an entry being found in the mapping table for the currently logged-in user, the found entry enabling data operations to occur between the currently logged-in user and the second server; and receiving, by the first server, an open web protocol response containing the requested data from the second server.
2. The computer-implemented method of claim 1 , wherein receiving, by the first server, an open web protocol response containing the requested data from the second server comprises receiving an open protocol data (OData) response from an SAP server.
3. The computer-implemented method of claim 1 , wherein receiving, by a first server, a request for data stored on a second server, comprises receiving, by a SHAREPOINT server, a request for data stored on an SAP server.
4. The computer-implemented method of claim 1 , wherein retrieving, by the first server, a root certificate for accessing the second server via a single sign-on operation comprises retrieving a root certificate which is trusted by both the first and second servers.
5. The computer-implemented method of claim 1 , wherein retrieving, by the first server, a root certificate for accessing the second server via a single-sign on operation comprises retrieving an X.509 root certificate.
6. The computer-implemented method of claim 1 , wherein dynamically generating, by the first server, a user certificate for identifying a currently logged-in user on the first server comprises dynamically generating a user certificate for identifying a currently logged-in on-premises user on the first server.
7. The computer-implemented method of claim 6 , wherein dynamically generating a user certificate for identifying a currently logged-in on-premises user on the first server comprises specifying a subject name for the currently logged-in on-premises user in a fixed format, wherein the fixed format is defined such that a plurality of domain users are supported.
8. The computer-implemented method of claim 1 , wherein dynamically generating, by the first server, a user certificate for identifying a currently logged-in user on the first server comprises generating a user certificate for identifying a currently logged-in online user on the first server.
9. The computer-implemented method of claim 8 , wherein dynamically generating a user certificate for identifying a currently logged-in online user on the first server comprises specifying a subject name for the currently logged-in online user in a fixed format, wherein the fixed format is defined such that a plurality of domain users are supported.
10. A system for utilizing X.509 authentication for a single sign-on between disparate servers, comprising: an SAP server comprising at least a memory storage device and a processor; and a plurality of SHAREPOINT servers in communication with the SAP server, at least one of the plurality of SHAREPOINT servers being operative to: receive a request for data stored on the SAP server; retrieve an X.509 root certificate for accessing the SAP server via a single sign-on operation; dynamically generate a user certificate for identifying a currently logged-in user; sign the user certificate with the X.509 root certificate; send the user certificate to the SAP server for binding with the request for data; send the request for data to the SAP server for authentication using the user certificate, the authentication comprising accessing a mapping table for mapping a subject name in the user certificate to a user of the SAP server; and enable the single sign-on between the plurality of SHAREPOINT servers and the SAP server, upon an entry being found in the mapping table for the currently logged-in user, the found entry enabling data operations to occur between the currently logged-in user and the SAP server.
11. The system of claim 10 , wherein the SHAREPOINT servers are further operative to receive an open protocol data (OData) response containing the requested data from the SAP server.
12. The system of claim 11 , wherein the currently logged-in user is an on-premises user on the SHAREPOINT server.
13. The system of claim 12 , wherein the dynamically generated user certificate specifies a subject name for the currently on-premises user in a fixed format, wherein the fixed format is defined such that a plurality of domain users are supported.
14. The system of claim 11 , wherein the currently logged-in user is an online user on the SHAREPOINT server.
15. The system of claim 14 , wherein the dynamically generated user certificate specifies a subject name for the online user in a fixed format, wherein the fixed format is defined such that a plurality of domain users are supported.
16. A computer-readable storage device comprising computer executable instructions which, when executed on a computer, will cause the computer to perform a method of utilizing X.509 authentication for a single sign-on between a plurality of SHAREPOINT servers and an SAP server, comprising: receiving, by the plurality of SHAREPOINT servers, a request for data stored on the SAP server; retrieving a trusted X.509 root certificate for accessing the SAP server via a single sign-on operation, wherein the trusted X.509 root certificate is trusted by the plurality of SHAREPOINT servers and the SAP server; dynamically generating a user certificate for identifying a currently logged-in user; signing the user certificate with the trusted X.509 root certificate; sending the user certificate to the SAP server for binding with the request for data; sending the request for data to the SAP server for authentication using the user certificate, the authentication comprising accessing a mapping table for mapping a subject name in the user certificate to a user of the SAP server; enabling the single sign-on with the SAP server, upon an entry being found in the mapping table for the currently logged-in user, the found entry enabling data operations to occur between the currently logged-in user and the SAP server; and receiving an open protocol data (OData) response containing the requested data from the SAP server.
17. A computer-readable storage device of claim 16 , wherein dynamically generating a user certificate for identifying a currently logged-in user comprises dynamically generating a user certificate for identifying a currently logged-in on-premises user.
18. A computer-readable storage device of claim 17 , wherein dynamically generating a user certificate for identifying a currently logged-in on-premises user comprises specifying a subject name for the currently logged-in on-premises user in a fixed format, wherein the fixed format is defined such that a plurality of domain users are supported.
19. A computer-readable storage device method of claim 16 , wherein dynamically generating a user certificate for identifying a currently logged-in user comprises generating a user certificate for identifying a currently logged-in online user.
20. A computer-readable storage device of claim 19 , wherein dynamically generating a user certificate for identifying a currently logged-in online user comprises specifying a subject name for the currently logged-in online user in a fixed format, wherein the fixed format is defined such that a plurality of domain users are supported.
Unknown
February 23, 2016
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.