• Spaces
  • Collections
  • Help
    • ×
     
     
    •  
    BMC Helix Single Sign-On 22.3

    Page tree

     

    This documentation supports the 22.3 version of BMC Helix Single Sign-On, which is available only to BMC Helix customers (SaaS). 

    To view an earlier version, select the version from the Product version menu.

    BMC Helix Single Sign-On provides preauthentication mechanism to allow end users to access applications if they have already been authenticated by another authentication provider. 

    To be able to use the preauthentication method, the following preconditions must be met:

    • A third-party authentication provider must issue a JSON Web Token (JWT) as a result of authentication
    • The JWT which contains the user principals must be signed.

    To use preauthentication, as the BMC Helix SSO administrator, you must first configure an appropriate realm for the preauthentication type. You must then specify the JWT attributes and the certificate that will be used to validate the authentication server signature under the user principals.

    Related topics

    Configuring preauthentication

    Enabling cross launch for applications integrated with different Remedy SSO servers

    Preauthentication flow

    The following table provides the preauthentication login flow:

    StageDescription
    1

    An end user passes authentication against a third-party authentication server, and gets the JWT representing the authenticated person and signed by the authentication server.

    2

    The BMC Helix SSO agent deployed on the application side forwards the unauthenticated request to the BMC Helix SSO server and passes the JWT value in the rsso_preauth parameter in the HTTP request.

    3

    The BMC Helix SSO server verifies that the JWT has been issued by the trusted server and is valid, and then extracts the user name by using the configured JWT attribute.

    4

    BMC Helix SSO proceeds with the standard authentication flow. It authenticates the user, creates the session, sets the authentication cookie, and redirects the request to the original application.


    Write a comment...
    © Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.