Patent attributes
A system for providing single sign-on comprises an authentication server, multiple application servers and multiple computing devices. An application server directs a web browser running on a computing device to the authentication server. If the authentication server cannot authenticate the user based on the request it receives, it causes the browser to contact a web server of a local device agent also running on the computing device. The device agent determines whether a token for authenticating the user is available and if so, transmits a response which includes the token. If the authentication server can authenticate the user based on the token, it transmits a response which includes authentication information associated with the token and which causes the browser to direct to the application server. This reduces the number of times the user must authenticate himself without compromising security or requiring adapted web browsers.
