Systems and methods for providing single sign on access to enterprise SAAS and cloud hosted applications

摘要

The solution of the present application addresses the problem of authentication across disparately hosted systems by providing a single authentication domain across SaaS and cloud hosted applications as well as traditional enterprise hosted applications. An application delivery controller intermediary to a plurality of clients and the disparately hosted applications providing single sign on management, integration and control. A user may log in via an interface provided, controlled or managed by the ADC, which in turns, authenticates the user to the application in accordance with policy and the host of the application. As such, the user may login once to gain access to a plurality of disparately hosted applications. From the user's perspective, the user seamlessly and transparently gains access to different hosted systems with different passwords and authentication via the remote access provided by the system of the present solution.

主权项

1. A method for providing via an intermediary device single sign on across one or more disparately hosted applications, the method comprising:
(a) intercepting, by a device intermediary to a plurality of clients and a plurality of servers, a first request of a client of the plurality of clients to access a login page of a third-party hosted application of a plurality of disparately hosted applications on the plurality of servers accessible via the device using a single set of authentication credentials; (b) redirecting, by the device intermediary to the client and a server of the plurality of servers hosting the third-party hosted application, the client to a single sign on system for redirection to a domain of the third-party hosted application identified by a corresponding fully qualified domain name, the single sign on system providing single sign on access to one or more third-party hosted applications of the plurality of disparately hosted applications; (c) intercepting, by the device, a second request from the client to be redirected to the domain of the third-party hosted application identified by the corresponding fully qualified domain name; (d) redirecting, by a content redirection virtual server executing on the device, using the fully qualified domain name and responsive to applying a first policy to the second request and the first policy matching one or more keywords of a first uniform resource locator of the second request, the second request to the single sign on system for redirection to the domain; (e) intercepting, by the device, the second request redirected by the single sign on system to the domain, the redirected second request having a second uniform resource locator instead of the first uniform resource locator; and (f) responsive to intercepting the redirected second request and determining that the first policy does not match one or more keywords of the second uniform resource locator, forwarding, by the device, the redirected second request to the domain of the third-party hosted application.