In many computer implementations, it is desirable to be able to navigate between multiple sites in a computing environment in order to access resources without having to re-authenticate at each site. Conventional approaches to accessing resources spread across more than one web site typically do not share security information about the user between the sites. Accordingly, in conventional approaches the user must require the user to re-authenticate at the new site.
As shown in the above referenced parent application, it is possible to alleviate this multiple authentication problem. In one approach, single sign-on techniques are provided to enable a first site that has authenticated a user to share security information indicating that the user has been authenticated at the first site with a subsequent site accessed by the user. The sharing of this security information and enables the user to not have to be authenticated at the second site. Thus, single sign-on is achieved.
In the approach described in the above referenced parent application, when a first site sends an assertion to a second site indicating that the user has been authenticated, it includes in the assertion some subject information that allows the second site to map a specific account on the second site with a specific account on the first site, so that there is a one-to-one mapping between accounts on the first site and the second site. The first site also includes in the assertion some attributes pertaining to the subject (e.g., user). These attributes are used by the second site to process requests from the user. By providing this information, the first site enables the second site to properly process requests from the user.