BMC Server Automation authentication process
The BMC Server Automation Console includes many security mechanisms for authenticating users.
When you use the BMC Server Automation Console to log on, the logon process first connects to the BMC Server Automation Authentication Service, which is a service dedicated to validating user identities. The Authentication Service is implemented as a service within the BMC Server Automation Application Server. Processing logon requests for all authentication protocols, the Authentication Service examines user credentials, such as IDs and passwords, to determine if a user is valid.
If the Authentication Service successfully authenticates you, it generates a session credential and delivers the credential back to the BMC Server Automation Console. A session credential validates you as a legitimate user for a finite period of time. When you log on, you can optionally choose to cache sessions credentials. If you have a valid session credential cached, you do not have to authenticate the next time you start BMC Server Automation.
BMC Server Automation uses transport layer security (TLS) and X.509 certificates to secure communication between all of its components. BMC Server Automation Application Servers generate their own self-signed X.509 certificates. The first time you use the BMC Server Automation Console to contact an Application Server, the Application Server presents a self-signed certificate and asks you to trust it. If you choose to trust the certificate, secure communication is established with the Application Server. The certificate you trust is added to a keystore, which holds all of the certificates that the BMC Server Automation Console has chosen to trust. When you communicate with the same Application Server in the future, the Application Server again presents its certificate. This time, however, the system can determine that the certificate is already included in the keystore and a secure connection is established immediately. You do not have to explicitly trust the certificate again.
Before a user tries to log on to BMC Server Automation, some preliminary steps are necessary (see Preparation for user logons).