主权项 |
1. A method of authenticating a user accredited in an application (app A) to another application (app B), the method comprising:
receiving, at a single sign-on (SSO) service, a request from app A to access app B, the request including a user identifier and an application identifier; generating, at the SSO service, a request identifier and a nonce; providing the request identifier and the nonce to app A for use by app A in contacting app B; receiving, at app B, the request identifier and the nonce from app A; receiving, at the SSO service, from app B the request identifier and the nonce provided to app A; verifying, at the SSO service, that a mapping exists for app B; providing, from the SSO service, a mapping token to app B, the mapping token corresponding to a previous registration of the user by app B with the SSO service; extracting, at app B, login information from the mapping token; and accepting, at app B, the login information when the login information meets a local security policy. |