OpenID Connect authentication
BMC Helix Single Sign-On provides the OpenID Connect authentication method which is built on top of the OAuth 2.0 protocol. Clients use the OpenID Connect authentication to check the identity of users. The identification is based on the authentication done at the authorization server.
OpenID Connect authentication flow
OpenID Connect authentication involves the following processes:
- The registered client (BMC Helix SSO) sends the authorization request to the OpenID Connect provider.
- The OpenID Connect provider authenticates the end user and redirects the authorization code to BMC Helix SSO.
- BMC Helix SSO sends a request with the authorization code to get the access token from the OpenID Connect provider.
- BMC Helix SSO forwards the access token to the OpenID Connect provider and requests for information about the end user.
- The OpenID Connect provider forwards information about the end user to BMC Helix SSO.
- BMC Helix SSO creates a user session.