Utilizing X.509 authentication for single sign-on between disparate servers

摘要

An authentication scheme may be utilized for a single sign-on operation between servers. One or more servers receive a data request directed to a disparate server. A root certificate (e.g., an X.509 root certificate) is loaded for accessing the disparate server. A user certificate is dynamically generated for identifying a logged-in user. The user certificate is signed with the root certificate and sent to the disparate server for binding with the data request. The data request is sent to the disparate server for authentication using the user certificate. The disparate server accesses a mapping table to map a subject name in the user certificate. When an entry for the logged-in user is found in the mapping table, data operations are enabled between the servers. An open web protocol response containing the requested data is then received from the disparate server.

主权项

1. A computer-implemented method of utilizing an authentication scheme for a single sign-on between disparate servers, comprising:
receiving, by a first server, a request for data stored on a second server; retrieving, by the first server, a root certificate for accessing the second server via a single sign-on operation; dynamically generating, by the first server, a user certificate for identifying a currently logged-in user on the first server; signing, by the first server, the user certificate with the root certificate; sending, by the first server, the user certificate to the second server for binding with the request for data; sending, by the first server, the request for data to the second server for authentication using the user certificate, the authentication comprising accessing a mapping table for mapping a subject name in the user certificate to a user of the second server; enabling, by the first server, the single sign-on with the second server, upon an entry being found in the mapping table for the currently logged-in user, the found entry enabling data operations to occur between the currently logged-in user and the second server; and receiving, by the first server, an open web protocol response containing the requested data from the second server.