Enterprises often deploy applications to client devices such as smartphones, personal computers, or laptops. Enterprises also deploy or utilize an identity provider to authenticate access to applications installed on a client device or to authenticate access to a cloud-based service. For example, an enterprise might deploy a browser-based mail or productivity service for which access is authenticated by or federated to the identity provider server.
In some operating system environments, such as Windows 10®, the application programming interfaces (API's) provided by the operating system allow an application to register as a local identity provider for certain contexts. In one example, such as in the Windows 10® environment, an application can register as a local identity provider for requests made to a particular uniform resource identifier (URI). In this scenario, other applications and services can federate authentication by an identity provider server identified by the URI to the local identity provider.
For example, an identity provider, when published in an application distribution repository associated with the operating system, can identify a particular URI or uniform resource locator (URL) for which it is registered as a local identity provider application that can be installed on a user's device. When the application is installed on a user's device, the identity provider application registers as the local identity provider for a particular URI. Accordingly, if another application installed on the client device or an identity provider server makes a request through the operating system of the client device to authenticate a particular user, the local identity provider can handle and/or respond to such a request.
However, even with the capability of a local identity provider registration provided by Windows 10®, there does not exist a framework in which single sign-on can be accomplished for native and web-based applications. Under the current framework, users may have to authenticate for web-based applications and authenticate for native applications, which means that true single sign-on for the user's identity has not been achieved in a Windows 10® environment.