Remedy SSO agent
The Remedy Single Sign-On agent is designed as an HTTP request filter to identify unauthenticated requests and redirect those requests to the Remedy SSO server to complete authentication.
The Remedy SSO agent uses the
401 Unauthorized HTTP response code for redirection to the Remedy SSO server. In addition, the Remedy SSO agent returns an HTML page with a form that is automatically redirected to the Remedy SSO server.
During initialization, the Remedy SSO agent requests a configuration from the Remedy SSO server. The Remedy Single Sign-On agent defines the right domains for the users depending on their domains and also defines the right server to communicate in a multi-server environment.
After getting the HTTP request, the agent verifies whether the user is already authenticated by looking for the authentication cookie in the request:
- If the authentication cookie is not present, the agent identifies the realm based on the application domain from application URL and domain parameter in the application URL or provided by the user. After that, the user is redirected to theRemedy SSO server to pass authentication based on the realm settings.
- If the authentication cookie is present, the agent validates it by making a service call to Remedy SSO server. This validation is made on a regular basis and the validation period can be scheduled to not impact the server performance.
If validation is successful, the request is passed to the application. Otherwise it is redirected to Remedy SSO server to go through the authentication process again.