The disclosure generally relates to the field of computer systems, and more particularly to single sign-on and identity federation systems.
Single sign-on (“SSO”) systems allow a user to access a variety of resources after entering logon credentials a single time. When a user tries to access a resource that is protected by the SSO system, the user is redirected to an SSO provider. The SSO provider provides an interface for the user to enter credentials. The SSO provider authenticates the user's credentials against a user store or database containing user identity information. The SSO provider then generates a token for the user. The token is stored on the user's system or is provided to the SSO resource. The SSO resource validates the token based on an established trust relationship between the resource and the SSO provider, and then grants access to the user. When the user attempts to access another SSO resource, the user does not reenter credentials; instead, the user's token is provided to gain access to the SSO resource.