BMC Remedy Single Sign-On logon and logoff
When using a single sign-on system, the normal authentication behavior is altered. The practice of logging on when you start a product is automatically performed when the second product is started. This change happens without any user involvement.
When you log off, you are logged off of all BMC Remedy Single Sign-On integrated products.
When a user logs on to the BMC Remedy Mid Tier, the following events are triggered:
- If BMC Remedy Single Sign-On is configured for SAML authentication, the access request is redirected by the BMC Remedy Single Sign-On web application to the external Identity Provider (IdP); for example, the Active Directory Federation Services (ADFS) logon page.
- If BMC Remedy Single Sign-On is configured for BMC Remedy Action Request System (BMC Remedy AR System) authentication, the web application logon page is displayed to the user.
After the user enters valid credentials, a web filter (part of the web agent) that is placed within the web container checks to see if the request is intended for a protected page. If so, it verifies that the user is authenticated and then displays the BMC Remedy Mid Tier UI. If authentication does not occur, the user is redirected to the logon page.
When the user tries to access the BMC Remedy Mid Tier from another browser tab or window, the filter checks for an existing user session, and checks to determine whether or not the user is already logged on. If the user has already logged on, as in this case, the BMC Remedy Mid Tier UI is displayed without the user being prompted for credentials. If the user session does not exist yet, or the user is not already logged on, the filter does the normal token check (from a cookie) and redirects the user to the logon page.
When the user logs off, the BMC Remedy Mid Tier web agent sends a request to the web application. A reference counter on the user token table in the web application increments or decrements the application count when the user logs on or logs off an application. The reference counter is implemented by the applications logged on to by using the BMC Remedy Single Sign-On token.
When a user logs off an application but the application count is greater than 0, it means the user is still logged on. The user will not be prompted for credentials when accessing applications.
If the user logs off an application and the application count is 0, it means the user is logged off from BMC Remedy Single Sign-On. The user will be prompted for credentials when accessing applications.