System for and method of providing single sign-on (SSO) capability in an application publishing environment

摘要

A client-server computing system includes a computer cluster for hosting certain resources, applications, programs, processes, files, and/or data that are published to users who are accessing the computer cluster remotely. The computer cluster includes a network of one or more host computers, a gateway server, a gateway service database, and a user database. A single sign-on (SSO) method of the disclosure includes performing a computer cluster authentication process in which a user enters his/her credentials followed by a resource authentication process in which there is no need for the user to reenter his/her credentials, having entered them already in the computer cluster authentication process.

主权项

1. A method for providing single-sign-on capability, the method comprising:
receiving at a gateway service an access request regarding an identified resource, the access request sent by a client device associated with a user that had previously been authenticated on an initial host computer based on credential provided by the user; executing instructions stored in memory of the gateway service, wherein execution of the instructions by a processor of the gateway service:
automatically erases user credentials from memory of the gateway service subsequent to successful authentication of the user credentials on the initial host computer,selects another host computer from the cluster that has the requested resource, andidentifies that a host session is running on the initial host computer, forwarding the access request from the gateway service to the initial host computer for authentication on the other host computer from the cluster based on the credentials; and executing further instructions, wherein execution of the further instructions by the processor:
determines that the authentication on the other host computer is successful, wherein the other host computer creates a host session for the authenticated user, andprovides the requested resource to the authenticated user at the client device.