公开(公告)号：US10484385B2

公开(公告)日：2019-11-19

申请号：US14730235

申请日：2015-06-04

Applicant: SAP SE

Inventor： Milen Manov ,  Jasen Minov ,  Martin Raepple

IPC: H04L29/06 ,  G06F21/62

Abstract: A request from an application client is received at a protected application. The request includes an access token. A grant information associated with the received access token is retrieved. The grant information includes a plurality of intersecting scopes of rights granted to the application client. In another aspect, a session is established between the protected application and the application client. Furthermore, at least one scope of rights from the plurality of intersecting scopes of rights is determined to be mapped to at least one Application Programming Interface (API) from a number of APIs provided by the protected application.

公开(公告)号：US10015157B2

公开(公告)日：2018-07-03

申请号：US15169841

申请日：2016-06-01

Applicant: SAP SE

Inventor： Jasen Minov ,  Milen Manov ,  Stefan Petrov

IPC: H04L29/06

CPC classification number: H04L63/0815 ,  H04L63/062 ,  H04L63/10

Abstract: A multi-domain application requiring SSO and SLO operations in cloud environment is presented. The computing system of the multi-domain application includes a multi-domain service (MDS) to redirect the calls for the multi-domain application to an identity provider to authenticate the user or to invoke the single logout services (SLOs) on the domains of the multi-domain application and to invalidate the user sessions on the domains. A cookie that includes the multi-domain application URL is generated to reach the assertion consumer service (ASC) and the single logout service (SLO) that receive an identity assertion response from the identity provider. Domain specific SLOs are provided. A trust between these domain specific SLOs and the SLO is provided based on service provider keys. The SAML mechanism for a logout scenario is reused for communication between the SLO and the domain specific SLOs, where the SLO plays a role of a local IDP.