Using SAMLv2 for authentication
In SAMLv2, a collection of entities are grouped together to form a Circle of Trust. The Circle of Trust is composed of a Service Provider (SP) and an Identity Provider (IdP). The Identity Provider authenticates the users and provides this information to the Service Provider. The Service Provider hosts services that the user accesses.
Note
BMC Atrium Single Sign-On can be configured to perform as an SP or as an IdP.
In a typical SAMLv2 deployment scenario, the BMC Atrium Single Sign-On server is configured as an SP for BMC products. The BMC Atrium Single Sign-On SP is then added to a Circle of Trust which includes an IdP. The IdP provides the authentication services for the BMC Atrium Single Sign-On system.
In addition, the IdP caches authentication information within the browser. This information allows the IdP to automatically re-authenticate a user without the user re-entering their credentials. For more information about automatic logon behavior, see Logon and logoff issues.
- BMC Atrium Single Sign-On as an SP - See Configuring BMC Atrium Single Sign-On as an SP
- MC Atrium Single Sign-On as an IdP - See Configuring BMC Atrium Single Sign-On as an IdP
Note
BMC Atrium Single Sign-On SAMLv2 implementation is limited to:
- SAML 2.0 browser-based transient Federation and Federated SSO
- Browser-based HTTP GET and POST binding mechanisms of the SAML 2.0 protocol
The following illustration shows BMC Atrium Single Sign-On configured as an SP. BMC products are integrated with BMC Atrium Single Sign-On which, in turn, hosts the SP for the Circle of Trust. For the IdP, any SAMLv2 IdP can be used. In addition, a second BMC Atrium Single Sign-On server can be configured to host an IdP.
BMC Atrium Single Sign-On server configured as an SP
Comments
Log in or register to comment.