Key concepts
This topic provides information about important concepts used in BMC Atrium Single Sign-On.
| Concept | Description |
|---|---|
| BMC Atrium Single Sign-On architecture | BMC Atrium Single Sign-On server and agents provide the necessary integration to BMC products which can avail various authentication options provided by BMC Atrium Single Sign-On. |
| Administrator password | The administrator password is used to access BMC Atrium Single Sign-On Admin Console through a browser. You can create user accounts and other authentication algorithms from the BMC Atrium Single Sign-On Admin Console. |
| Default cookie domain | The default cookie domain value is the network domain of user facing application server (or load balancer for the application) and BMC Atrium Single Sign-On server (or load balancer of BMC Atrium Single Sign-On servers). |
| Log on and log off behavior | When you log on to or log off from a BMC product using BMC Atrium Single Sign-On, you are automatically logged on to or logged off from other BMC products as well. |
| Certificates | BMC Atrium Single Sign-On installation provides a self-signed certificate installed on the Tomcat server with its own pair of private and public keys. The certificates are used for providing a secure communication channel between the BMC Atrium Single Sign-On server and other products. |
| Authentication chaining | An authentication chaining is a mechanism for specifying multiple authentication modules (AR, LDAP, Keberos) in BMC Atrium Single Sign-On. The user will be authenticated against this chain of modules. If any one of the modules succeeds, then the user will be authenticated. |
| High Availability deployment | When two or more BMC Atrium Single Sign-On servers are used, they can be installed as a cluster. A load balancer is used as a front end to the cluster, giving the external applications the appearance of a single server. |
| Kerberos authentication | Kerberos, a network authentication protocol, is designed to provide strong authentication for client/server applications by using secret-key cryptography. After the user logs on to the company domain using Kerberos authentication, the user can access the BMC applications supported by BMC Atrium Single Sign-On without providing any additional credentials. |
| SAMLv2 authentication | Security Assertion Markup Language (SAML) is an XML-based OASIS standard for exchanging user identity and security attributes information. It uses security tokens containing assertions to pass information about a principal (usually an end user) between an identity provider (IdP) and a service provider (BMC Atrium Single Sign-On). |
| Common Access Card | The Common Access Card (CAC) is a smart card based authentication mechanism. The CAC satisfies two-factor authentication: what you have (the physical card) and what you know (the PIN). This CAC technology allows for rapid authentication, and enhanced physical and logical security. |
| RSA SecurID | The RSA SecurID is a solution for a weak security mechanism such as a password, as anyone who steals the password will appear completely genuine. RSA adds a second, physical proof that makes the certainty of authenticity exponentially higher. |
Comments
Log in or register to comment.