Remedy SSO agent
The Remedy Single Sign-On agent is a component of the Remedy SSO system that intercepts user requests to applications integrated with Remedy SSO.
Each application integrated with Remedy SSO has a Remedy SSO agent installed on its server. For more information about the place of the Remedy SSO agent in the Remedy SSO architecture, see Remedy SSO architecture.
The Remedy SSO agent role in an authentication flow
The Remedy SSO agent, designed as a request filter, performs the following tasks:
- In an environment with one Remedy SSO server, the Remedy SSO intercepts user requests and then redirects these requests to the Remedy SSO server.
- In an environment with multiple Remedy Single Sign-On servers, the Remedy Single Sign-On agent defines application domains based on the domains present in user requests, and then defines the right server for communication. For more information about an environment with multiple Remedy Single Sign-On servers, see Connecting the same BMC Helix SSO agent to different BMC Helix SSO servers.
On intercepting a user request to an application, the Remedy SSO agent verifies whether the user is already authenticated by searching for the authentication cookie in the request. Depending on the cookie availability, the Remedy SSO agent performs the following tasks:
- If the authentication cookie is available, the Remedy SSO agent validates it by making a service call to the Remedy SSO server. This validation is made on a regular basis, and the validation period can be scheduled to not impact the server performance.
- If the authentication cookie is unavailable, the Remedy SSO agent defines a domain parameter from the application URL, and then identifies a realm based on the application domain. After that, the user is redirected to the Remedy SSO server to pass authentication based on the realm settings.
If the validation is successful, the request is passed to the application. Otherwise, it is redirected to the Remedy SSO server to go through the authentication process again.