METHOD AND APPARATUS FOR PROTECTING A SINGLE SIGN ON DOMAIN FROM CREDENTIAL LEAKAGE

摘要

Disclosed is a method for protecting a single sign on domain from credential leakage. In the method an authentication server (210) provides an authentication cookie (102) to a browser client (220). The cookie has an authentication credential for the domain and is associated with an authentication subdomain of the domain. The server (10) receives the cookie from the browser client (114). Upon authentication of the user authentication credential in the received cookie the server (210) responds to the access request by forwarding to the browser client a limited use cookie for the domain (132). The server (210) receives a request (134) from the content server (230) to validate a session identifier of the limited use cookie received from the browser client. Upon validation the server (210) provides a valid session message (182) to the content server (230) for enabling the content server to forward requested content (184) to the client.