Patent attributes
A secure single sign on is extended to a legacy web application that does not support the specific user authentication technique being used, such as SAML or OAuth. A proxy intercepts a request by a client computer to access the legacy application, and forwards the intercepted request to a single sign on identity provider. The identity provider authenticates the user, using the specific authentication technique not supported by the legacy application, and provides an indication of success to the proxy. The proxy transmits a user id and master password wrapped in an HTTP request to the legacy web application, which authenticates the request, creates a session and provides corresponding cookies to the proxy. The proxy forwards the cookies to the client, which utilizes them to continue the session with the legacy application.