Remedy SSO architecture
This topic provides the basic model of the Remedy Single Sign-On architecture and describes the Remedy SSO components.
After integration with Remedy SSO, end users can securely authenticate with multiple BMC applications by using just one set of credentials. For example, Allen logs in to BMC Helix Digital Workplace, browses a catalog and opens a knowledge article that contains a link to BMC Helix Business Workflows with more details about this article. Allen accesses BMC Helix Business Workflows without repeated credentials provision.
Remedy SSO architecture model
The following diagram shows the Remedy Single Sign-On (Remedy SSO) architecture, and includes the following details:
- Remedy Single Sign-On components
- BMC applications that can be integrated with Remedy SSO
- Third-party components
Remedy SSO components
The following table provides information about the major components of Remedy SSO.
Remedy SSO web application
Authenticates users and gets validation requests from Remedy SSO agents. If authentication succeeds, the Remedy SSO web application generates authentication tokens and stores them in the Remedy SSO database. The Remedy SSO web application then processes the authentication response by allowing or denying the authentication request.
Remedy SSO database
Remedy SSO uses the database for storing the following details:
With one database, all Remedy SSO server nodes can share the configuration and authentication data and work as a high-availability cluster.
Remedy SSO Admin Console
Provides an interface for accessing the Remedy SSO web application. Remedy SSO administrators perform tasks required to set up authentication and configure the Remedy SSO server from the Remedy SSO Admin Console.
|Identity provider (IdP)|
Stores users and user groups information.
Identity providers are external systems, such as Active Directory, Okta, Oracle Access.
Remedy SSO components required for integration with BMC applications
To achieve successful integration with BMC applications, ensure that you have configured the following Remedy SSO components:
Remedy SSO agent
Filters protected resources from unauthenticated requests. When the Remedy SSO agent detects an unauthenticated request, it redirects the user to the Remedy SSO server web application. The agent defines the right realms for the users depending on their domains. It also defines the right server to communicate in a multi server environment.
BMC Mid Tier Remedy SSO authenticator plug-in
Validates the token from the user request and extracts user information from the context. It then passes the information to the Remedy AR System through the BMC Remedy Mid Tier authentication infrastructure. The authentication request is then processed on the Remedy AR System side by the Remedy SSO AREA plug-in.
Remedy SSO AREA plug-in
Gets user information from the BMC Remedy Mid Tier API call as an authentication token and then makes a REST API call to the Remedy SSO web application to verify the token's validity.