×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')

This documentation supports the 21.05 version of Action Request System.
To view an earlier version, select the version from the Product version menu.

AR System 21.05 ... Securing AR system Authentication and passwords in AR System

How double authentication works

The process of double authentication is as follows:

  1. After the first level of authentication, the user's browser sends a reauthentication request to  Mid Tier URL.

  2. An  BMC Helix Single Sign-On  ( BMC Helix Single Sign-On ) agent redirects the user to the  BMC Helix Single Sign-On  server URL for reauthentication.

    For SAML authentication, BMC Helix Single Sign-On  redirects the user to the SAML IdP for reauthentication. If the SAML IdP supports the ForceAuthn feature on an authentication request, the IdP requests the user for reauthentication.

    The  BMC Helix Single Sign-On  agent identifies a reauthentication request by the query parameter reauth, which is set to true by default. For a reauthentication request, the agent identifies the BMC Helix Single Sign-On server and the application realm the same way that the agent identifies these for any other authentication request. 

  3. For AR System  authentication, the BMC Helix Single Sign-On  server prompts the user to confirm the password.
    For SAML authentication, the IdP prompts the user for both username and password. If the authentication is successful, the IdP redirects the user back to the  BMC Helix Single Sign-On  server with a SAML response. The BMC Helix Single Sign-On   server checks whether the user in the SAML response is the same user who is currently logged in to BMC Helix Single Sign-On . If they are not the same user, the reauthentication fails.
  4. If the reauthentication process is successful, the BMC Helix Single Sign-On  server generates a reauthentication token and redirects the user to the  Mid Tier URL. 
    The reauthentication token is valid only for a short period and is specific only to the reauthentication process. It cannot be used for the usual authentication process.
  5. The  BMC Helix Single Sign-On  agent retrieves the reauthentication token and passes it on to Mid Tier  servlet.
  6. The  Mid Tier  servlet retrieves the reauthentication token and passes it on to the AR System  as an authentication string.
  7. AR System  verifies the user's credential, user name, and reauthentication token through the  BMC Helix Single Sign-On  AREA plugin.
  8. The BMC Helix Single Sign-On  AREA plugin verifies the reauthentication token through an API call to the BMC Helix Single Sign-On  server.



Was this page helpful? Yes No Submitting... Thank you
Last modified by Anagha Deshpande on May 02, 2022
configuration single_sign_on remedy_single_sign_on sso rsso server_configuration server administering_single_sign_on administering

Comments

Log in or register to comment.

Restrictions when logging in to a AR System server
Data privacy
© Copyright 1991-2021 BMC Software, Inc. © Copyright 1991-2021 BladeLogic, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.