Secure management of user rights during accessing of external systems

摘要

In an external system, a request handler may receive, at the external system, a logon ticket from a proprietary software system, the logon ticket associated with a request from a user of the proprietary system for access to the external system. A ticket handler may provide the logon ticket to an authentication service which is configured to perform a validation of the logon ticket at the proprietary system. A session manager may receive, from the authentication service and based on the validation, a user session and access rights related to the requested access. An access control manager may provide the requested access to the user via the proprietary system, according to the access rights and within the user session.

主权项

1. An external system comprising:
at least one processor; a non-transitory computer readable medium including instructions, when executed by the at least one processor, are configured to implement, a remote function call (RFC) server configured to create and maintain a connection between the external system and a proprietary system such that information can be exchanged between the external system and the proprietary system; a request handler configured to cause the at least one processor to receive, at the external system, a logon ticket from the proprietary system, the logon ticket associated with a request from a user of the proprietary system for access to the external system, the external system providing at least one functionality not provided by the proprietary system, the logon ticket including information that identifies a first user session associated with the proprietary system, the first user session indicating that the user has been successfully logged-in with respect to the proprietary system; a ticket handler configured to cause the at least one processor to provide the logon ticket to an authentication service to perform a validation of the logon ticket at the proprietary system; a session manager configured to cause the at least one processor to receive, from the authentication service, a second user session and access rights related to the requested access in response to the validation, the second user session being associated with the external system, the session manager configured to synchronize the second user session associated with the external system with the first user session associated with the proprietary system such the first user session and the second user session are concurrently valid; an access control list configured to store information defining levels of access rights of users including the user of the proprietary system; and an access control manager configured to cause the at least one processor to interact with the access control list to provide a level of access for the user for utilizing the at least one functionality of the external system in conjunction with the proprietary system within the synchronized user sessions.