This topic provides information about important concepts used in BMC Atrium Single Sign-On.
|BMC Atrium Single Sign-On architecture||BMC Atrium Single Sign-On server and agents provide the necessary integration to BMC products which can avail various authentication options provided by BMC Atrium Single Sign-On.|
|Administrator password||The administrator password is used to access BMC Atrium Single Sign-On Admin Console through a browser. You can create user accounts and other authentication algorithms from the BMC Atrium Single Sign-On Admin Console.|
|Default cookie domain|
The default cookie domain value is the network domain of user facing application server (or load balancer for the application) and BMC Atrium Single Sign-On server (or load balancer of BMC Atrium Single Sign-On servers).
|Log on and log off behavior||When you log on to or log off from a BMC product using BMC Atrium Single Sign-On, you are automatically logged on to or logged off from other BMC products as well.|
|Certificates||BMC Atrium Single Sign-On installation provides a self-signed certificate installed on the Tomcat server with its own pair of private and public keys. The certificates are used for providing a secure communication channel between the BMC Atrium Single Sign-On server and other products.|
An authentication chaining is a mechanism for specifying multiple authentication modules (AR, LDAP, Keberos) in BMC Atrium Single Sign-On. The user will be authenticated against this chain of modules. If any one of the modules succeeds, then the user will be authenticated.
|High Availability deployment|
When two or more BMC Atrium Single Sign-On servers are used, they can be installed as a cluster. A load balancer is used as a front end to the cluster, giving the external applications the appearance of a single server.
Kerberos, a network authentication protocol, is designed to provide strong authentication for client/server applications by using secret-key cryptography. After the user logs on to the company domain using Kerberos authentication, the user can access the BMC applications supported by BMC Atrium Single Sign-On without providing any additional credentials.
Security Assertion Markup Language (SAML) is an XML-based OASIS standard for exchanging user identity and security attributes information. It uses security tokens containing assertions to pass information about a principal (usually an end user) between an identity provider (IdP) and a service provider (BMC Atrium Single Sign-On).
|Common Access Card|
The Common Access Card (CAC) is a smart card based authentication mechanism. The CAC satisfies two-factor authentication: what you have (the physical card) and what you know (the PIN). This CAC technology allows for rapid authentication, and enhanced physical and logical security.
|RSA SecurID||The RSA SecurID is a solution for a weak security mechanism such as a password, as anyone who steals the password will appear completely genuine. RSA adds a second, physical proof that makes the certainty of authenticity exponentially higher.|