Remedy SSO architecture
The following diagram provides an illustration of the Remedy Single Sign-On (Remedy SSO) architecture.
The following table provides information about the major components of Remedy SSO.
Remedy SSO agent
The agent filters protect resources from unauthenticated logins. When an agent detects an unauthenticated request, it redirects the user to the Remedy SSO server web application. The agent defines the right domains for the users depending on their domains. It defines the right server to communicate in a multi server environment.
Remedy SSO web application
Authenticates users and gets validation requests from agents. If authentication succeeds, the Remedy SSO web application generates authentication tokens and stores them in its database. It now supports SAML V2.0 and BMC Remedy AR System authentications. If SAML is selected, Remedy SSO acts like a SAML service provider and redirects authentication requests to the SAML IDP to display the logon page with an encoded SAML authentication request. The Remedy SSO web application then processes the authentication response by allowing or disallowing the authentication request.
BMC Mid Tier Remedy SSO authenticator plugin
It validates the token from the user request and extracts user information from the context. It then passes the information to the BMC Remedy AR System Server through the BMC Remedy Mid Tier authentication infrastructure. The authentication request is then processed on the BMC Remedy AR System side by Remedy SSO AREA plugin.
Remedy SSO AREA plug-in
Gets user information from the BMC Remedy Mid Tier API call as an authentication token and then makes a REST API call to the Remedy SSO web application to verify the token's validity.
Remedy SSO database
Remedy SSO uses the database for storing the following details:
With one database, all Remedy SSO server nodes can share the configuration and authentication data and work as a high-availability cluster.