System and method for single sign-on session management without central server

摘要

A method and system for single-session sign-on management are provided. Multiple servers may be provided. The servers may have both log-in plug-in modules and session management plug-in modules. Providing the plug-ins on individual servers reduces network traffic generally required in order to grand a validate user credentials. Thus, a second server may validate a user credential created by a first server and may additionally create a user credential if it cannot validate the credential created by the first server.

主权项

1. A computer-implemented method for single sign-on session management from a user browser over a network, the method comprising:
receiving, by each of a first server and a second server, a list of authorized users from a global repository; establishing a session credential using computer processing components at the first server, the first server having a first log-in plug-in and a first session management plug-in; validating the session credential at the first session management plug-in of the first server, the first session management plug-in establishing and validating the session credential based on the list of authorized users previously received from the global repository; granting access to the user browser to a first resource of the first server based on validation of the session credential at the first session management plug-in of the first server; receiving a request from the user browser for a second resource at the second server, the second server including a second log-in plug-in and a second session management plug-in, the request including the session credential established at the first server; checking for the validity of the session credential established at the first server at the second session management plug-in of the second server upon determining that the session credential is present, wherein the second session management plug-in checks for and verifies the validity of the session credential entirely within the second server without communicating with other servers in real time; when the session credential is not valid, then establishing a new session credential at the second server using the second log-in plug-in based on the list of authorized users previously received from the global repository and validating the new session credential at the second session management plug-in of the second server; and granting access to the second resource of the second server based on the validation at the second session management plug-in of the second server, wherein the first log-in plug-in and the second log-in plug-in are each configured to authenticate the user browser independently without redirecting it to a central sign-on server.