1. Field of the Invention
The present invention relates to a system which provides single sign-on, a control method therefor, a service providing apparatus, a relay apparatus, and a computer-readable medium.
2. Description of the Related Art
A mode in which business data are managed and undergo various processes on a cloud platform service has become widespread. A user accesses a Web page for the cloud platform service through the browser of a client PC via the Internet to display, on the Web page, business data which the user wants to view. If the user sends a document creation instruction through the screen, the instruction is redirected to a document generation service, which acquires the business data existing in the cloud platform service to generate a document. The document generation service then transmits the generated document to the client PC or the cloud platform service. A typical example of the cloud platform service is a Salesforce.com® provided by Salesforce.com, Inc.
The cloud platform service and document generation service operate in a multi-tenant environment. A tenant is a unit such as a company or organization which signs a contract to use the cloud platform service and the document generation service. A service operating in a multi-tenant environment manages data of a plurality of tenants in one system, and separately manages data for each tenant so that a given tenant cannot refer to data for another tenant. To allow each tenant to refer only to its own data, the cloud platform service and the document generation service perform user authentication.
If the cloud platform service and the document generation service cooperate with each other, it is possible to cause the services to cooperate and perform authentication without the need for the user to authenticate each service. There is conventionally known a single sign-on (to be referred to as SSO hereinafter) technique by SAML (Security Assertion Markup Language) as a technique of causing a plurality of services to cooperate to perform authentication. In SSO by SAML, the user holds both the ID of an authentication service providing side (an identity provider which will be referred to as an IdP hereinafter) and the ID of a side (a service provider which will be referred to as an SP hereinafter) which trusts the authentication result of an authentication service to provide a service.
When the user is authenticated by the IdP, the SP trusts the authentication result to authenticate the access as an ID to be managed within the SP (IdP precedence). If an unauthenticated user which has not been authenticated by the IdP accesses the SP, the SP guides the unauthenticated user to an appropriate IdP, which authenticates the user (SP precedence).
Each of the cloud platform service and the document generation service has different tenant information. To perform SSO, the cloud platform service and the document generation service need to know the tenants of each other. This is because each service needs to know its tenant which performs SSO, and a corresponding tenant of the other.
There has conventionally been provided a technique of synchronously holding the pieces of tenant information of the services. Japanese Patent Laid-Open No. 10-187560 discloses a technique of synchronously holding pieces of tenant information in all servers, and receiving a tenant information change notification from another server to update the tenant information.
A tenant which uses the cloud platform service, however, does not necessarily use the document generation service. Some tenants use only the cloud platform service. To the contrary, some tenants use only the document generation service. In such situations, in terms of security, each of the cloud platform service and the document generation service should not hold the tenant information in synchronism with the other. With respect to a tenant which performs SSO, however, if it is impossible to discriminate a tenant of the self service corresponding to a tenant of the other service which accesses the self service, it is necessary to enable an authentication apparatus to perform authentication again to determine the tenant. In this case, the user has to input tenant information again for authentication, thereby disabling SSO.