Infrastructure Management Database or LDAP server authentication
User credentials are authenticated against the information in the Infrastructure Management Database or the LDAP server if your Infrastructure Management setup is not integrated with Remedy SSO. You can use either the URL-encoded format or the Base64-encoded format to send the user credentials with the authentication request. Based on your Infrastructure Management setup, there can be two scenarios:
- Single BMC TrueSight Infrastructure Management Server
- Multiple Child Servers with a Central Server Router
Single BMC TrueSight Infrastructure Management Server
The following figure explains the architecture of the web services for a single BMC TrueSight Infrastructure Management Server installation.
Infrastructure Management architecture for a single BMC TrueSight Infrastructure Management Server installation
URL-encoded format for a single BMC TrueSight Infrastructure Management Server installation
A web service client sends an authentication request to the BMC TrueSight Infrastructure Management Server. The server authenticates the user credentials against the information in the Infrastructure Management Database or the LDAP server. After successful authentication, the web service API generates an authentication token. The authentication token is sent to the web service client in the JSON format.
You can use this authentication token in your subsequent web service requests until the token expires, and the server provides an appropriate response to the web service client in the JSON format.
Base64-encoded format for a single BMC TrueSight Infrastructure Management Server installation
A web service client sends a web service request with the user credentials encoded in the Base64-format to the BMC TrueSight Infrastructure Management Server. The server authenticates the user credentials against the information in the Infrastructure Management Database or the LDAP server. After successful authentication, the server sends an appropriate response to the web service client in the JSON format.
Multiple Child Servers with a Central Server Router
The following figure explains the architecture of web services for multiple Child Servers with a Central Server Router.
Infrastructure Management architecture for multiple BMC TrueSight Infrastructure Management Servers
URL-encoded format for multiple Child Servers with a Central Server Router
A web service client sends an authentication request to Central Server Router. The router authenticates the user credentials against the information in the Infrastructure Management Database or the LDAP server. After successful authentication, the web service API generates an authentication token. The router sends the user credentials and the authentication token to the Child Servers. Each child server authenticates the user credentials against the information in the Infrastructure Management Database or the LDAP server and responds to the router, indicating whether the user credentials are valid or not.
The router's response to the web service client depends on the value of the routerAuthenticationScheme property set in the bppmws.properties file. The file is located in the pw\pronto\conf directory.
Central Server Router's response to a web service request based on the value of the routerAuthenticationScheme property
Value | Response |
|---|---|
routerAuthenticationScheme=all | Central Server Router sends the authentication token to the web service client only when the user credentials are valid in all the child servers. If the user credentials are not valid in even one child server, the authentication fails, and the router sends the failure error code to the web service client. |
routerAuthenticationScheme=1 | Central Server Router sends the authentication token to the web service client if the user credentials are valid in even one child server. |
You can use the authentication token in your subsequent web service requests until the token expires. When a web service request with the authentication token is sent to the router, the router validates the authentication token and directs the web service request to the appropriate child servers. Each child server in turn validates the authentication token and sends an appropriate response to the router if the authentication is valid. The router cumulates the responses from all the child servers and sends them to the web service client in the JSON format. The router's response to the web service client depends on the value of the routerAuthenticationScheme property set in the bppmws.properties file.
Base64-encoded format for multiple Child Servers with a Central Server Router
A web service request is sent to Central Server Router with the user credentials in the Based64-encoded format. The router authenticates the user credentials against the information in the Infrastructure Management Database or the LDAP server. The router directs the web service request to the appropriate child servers. Each child server authenticates the user credentials against the information in the Infrastructure Management Database or the LDAP server and sends appropriate responses to the router if the user credentials are valid.
The router's response to the web service client depends on the value of routerAuthenticationScheme property set in the bppmws.properties file. For more information, see routerAuthenticationScheme property.
Comments
Log in or register to comment.