This documentation supports the 18.08 version of Remedy Single Sign-On.

To view the latest version, select the version from the Product version menu.

Remedy SSO architecture

The following diagram provides an illustration of the Remedy Single Sign-On (Remedy SSO) architecture.

Related topic

The following table provides information about the major components of Remedy SSO.


Remedy SSO agent

The agent filters protect resources from unauthenticated logins. When an agent detects an unauthenticated request, it redirects the user to the Remedy SSO server web application. The agent defines the right domains for the users depending on their domains. It defines the right server to communicate in a multi server environment.

Remedy SSO web application

Authenticates users and gets validation requests from agents. If authentication succeeds, the Remedy SSO web application generates authentication tokens and stores them in its database. It now supports SAML V2.0 and BMC Remedy AR System authentications. If SAML is selected, Remedy SSO acts like a SAML service provider and redirects authentication requests to the SAML IDP to display the logon page with an encoded SAML authentication request. The Remedy SSO web application then processes the authentication response by allowing or disallowing the authentication request.

BMC Mid Tier Remedy SSO authenticator plugin

It validates the token from the user request and extracts user information from the context. It then passes the information to the BMC Remedy AR System Server through the BMC Remedy Mid Tier authentication infrastructure. The authentication request is then processed on the BMC Remedy AR System side by Remedy SSO AREA plugin.

Remedy SSO AREA plug-in

Gets user information from the BMC Remedy Mid Tier API call as an authentication token and then makes a REST API call to the Remedy SSO web application to verify the token's validity.

Remedy SSO database

Remedy SSO uses the database for storing the following details:

  • Configuration and authentication data including server settings, realms and authentication configuration, OAuth settings, and so on.
  • Sessions data such as Remedy SSO authentication tokens, OAuth access, and refresh tokens.

With one database, all Remedy SSO server nodes can share the configuration and authentication data and work as a high-availability cluster.

Was this page helpful? Yes No Submitting... Thank you