摘要 |
A method for single sign-on in a client-server system including a server and a client and a remote presentation protocol based on ITU T.120, communicates between the client node and the server. The client obtains a ticket for a user operating the client. The ticket identifies the security context of the user on the client. Upon connecting the client to the server, the ticket is transferred from the client to the server. The server authenticates the ticket with a security authority and when authenticated the server receives from the security authority a security context for the ticket. When the client so requests, applications are launched using that security context. Preferably, the server is a Microsoft Terminal Server and the remote presentation protocol is Microsoft Remote Desktop Protocol (RDP). The ticket transfer preferably uses a channel within the remote presentation protocol, such as an RDP virtual channel.
|