The present invention relates in general to data processing systems, and in particular, to global sign-on technology in data processing systems.
Users in an enterprise computing environment typically must access several different systems, each potentially having unique and separate user identifiers (UID) and passwords. Global sign-on technology allows all of the UIDs and passwords to be maintained automatically by the global sign-on system (hereinafter, simply xe2x80x9cGSOxe2x80x9d). The GSO allows the user to have only a single GSO UID and password. Thereafter, GSO manages the various UIDs for the target systems that the user needs to access. GSO can automatically start a target application, for example, groupware application or terminal emulation, and log the user into the target system using the appropriate UID and password for that system.
Current implementations of GSO maintain the GSO xe2x80x9cdatabasexe2x80x9d within a distributed computing environment. This, however, requires a system manager that wishes to implement a GSO to develop and maintain a distributed computing environment installation. Consequently, there is a need in the art for systems and methods for implementing a GSO in an open architecture environment, for example the Internet, while preserving the security afforded by a distributed computing environment.
The aforementioned needs are addressed by the present invention. Accordingly, there is provided, in a first form, a method for global sign-on (GSO). The method includes receiving a user login and determining an existence of a first directory entry corresponding to the user in response to a first Lightweight Directory Access Protocol (LDAP) message. The first directory entry represents a data structure in accordance with a defined LDAP GSO schema. The user is logged into one or more data processing services in response to a corresponding one or more second directory entries also representing a data structure in accordance with a corresponding second predetermined LDAP schema object.
There is also provided, in a second form, a computer program product embodied in a tangible storage medium. The program product includes programming for global sign-on (GSO), having instructions for performing the steps of receiving a user login and determining an existence of a first directory entry corresponding to the user in response to a first Lightweight Directory Access Protocol (LDAP) message. Also included are instructions for logging the user into one or more data processing services in response to one or more second directory entries, and wherein each of the first and second directory entries represents a data structure in accordance with a corresponding first and second predetermined LDAP schema object.
Additionally provided, in a third form, is a GSO data processing system. The system contains circuitry operable for receiving a user login, and circuitry operable for determining an existence of a first directory entry corresponding to the user in response to a first Lightweight Directory Access Protocol (LDAP) message. User are logged into the system via circuitry contained therein operable for logging the user into one or more data processing services in response to one or more second directory entries, and wherein each of the first and second directory entries represents a data structure in accordance with a corresponding first and second predetermined LDAP schema object.