Single sign on (SSO) authorization and authentication for mobile communication devices

摘要

Single sign on (SSO) functionality is provided across native and hybrid applications executing on a mobile communication device, such that both native and hybrid applications can access authenticated services offered through respective application servers without repeatedly providing authentication credentials. In operation, the mobile device obtains an SSO token from an SSO server providing the SSO functionality, and native applications executing on the mobile device retrieve the SSO token from memory for use in accessing authenticated services. In the case of hybrid applications, an alias is assigned to the mobile device in response to receiving a page request received from the hybrid application. The alias is associated with SSO token of the mobile device in the SSO server, and is used to provide the SSO token directly to the hybrid application from the SSO server such that the hybrid application can use the SSO token for authentication.

主权项

1. A method comprising:
transmitting, from the mobile communication device to an application server associated with one application among a native application executing on the mobile communication device and a hybrid application executing in a native application container on the mobile communication device, authentication credentials for a user of the mobile device and a single sign on (SSO) token for authenticating the mobile communication device in communications with application servers; in response to transmitting the authentication credentials and the SSO token to the application server associated with the one application, receiving services reserved for authenticated users of the one application from the application server associated with the one application; following the transmitting of the authentication credentials and the SSO token to the application server associated with the one application, transmitting, from the mobile communication device to an application server associated with another application among the native application executing on the mobile communication device and the hybrid application executing in the native application container on the mobile communication device, the SSO token without the authentication credentials; and in response to transmitting the SSO token without the authentication credentials to the application server associated with the other application, receiving services reserved for authenticated users of the other application from the application server associated with the other application; receiving, in the mobile communication device from the application server associated with the hybrid application, an alias assigned to the mobile communication device; and in response to requesting a token associated with the alias from an SSO server in communication with the application servers, receiving in the hybrid application the SSO token from the SSO server, wherein the native application is configured to retrieve the SSO token from a memory of the mobile communication device, and the hybrid application executing in the native application container on the mobile communication device is not configured to retrieve the SSO token from the memory of the mobile communication device.