AREA plug-ins introduction
AR System External Authentication (AREA) provides a way to validate users by connecting BMC Remedy AR System to a data source outside the AR System database. This can be done using the AREA LDAP plug-in or by creating your own custom plug-in for authentication services such as Kerberos. See Creating C plug-ins and AREA plug-in C API functions for details.
When users first log on to BMC Remedy AR System through a client or when a client issues an API call to BMC Remedy AR System, the AR System server verifies the user name and password.
If the server verifies that the user name and password are in the User form, it authenticates the information and processes the login or API call.
If the user information is not in the User form or if the user password is blank in the User form, the AR System server sends an authentication request to the plug-in server. The request passes from the plug-in server through the AREA plug-in instance to the external authentication source. The external authentication source sends authentication information back through the same path to the AR System server.
If the authentication source verifies that the user information is valid, the AR System server processes the API call or allows the user to log in.
When the authentication information is not verified (that is, the information is incorrect, incomplete, or cannot be found in the external data source), the AR System server returns an error message to the client.
The plug-in can load only one AREA plug-in instance at a time. An AREA plug-in can be configured to access one or more data sources.
AREA plug-ins can selectively override field values entered in the User form.
The plug-in behavior depends on how you configure the plug-in, such as whether you enable the Cross Reference Blank Password and the Authenticate Unregistered users options.
External authentication architecture
This section contains information on: