This documentation supports the 9.0 version of BMC Atrium Single Sign-On, which is in "End of Version Support." However, the documentation is available for your convenience. You will not be able to leave comments.

Click here to view the documentation for a supported version of Remedy Single Sign-On.

Key concepts

This topic provides information about important concepts used in BMC Atrium Single Sign-On.

BMC Atrium Single Sign-On architectureBMC Atrium Single Sign-On server and agents provide the necessary integration to BMC products which can avail various authentication options provided by BMC Atrium Single Sign-On.
Administrator passwordThe administrator password is used to access BMC Atrium Single Sign-On Admin Console through a browser. You can create user accounts and other authentication algorithms from the BMC Atrium Single Sign-On Admin Console.
Default cookie domain

The default cookie domain value is the network domain of user facing application server (or load balancer for the application) and BMC Atrium Single Sign-On server (or load balancer of BMC Atrium Single Sign-On servers).

Log on and log off behaviorWhen you log on to or log off from a BMC product using BMC Atrium Single Sign-On, you are automatically logged on to or logged off from other BMC products as well.
CertificatesBMC Atrium Single Sign-On installation provides a self-signed certificate installed on the Tomcat server with its own pair of private and public keys. The certificates are used for providing a secure communication channel between the BMC Atrium Single Sign-On server and other products.
Authentication chaining

An authentication chaining is a mechanism for specifying multiple authentication modules (AR, LDAP, Keberos) in BMC Atrium Single Sign-On. The user will be authenticated against this chain of modules. If any one of the modules succeeds, then the user will be authenticated.

High Availability deployment

When two or more BMC Atrium Single Sign-On servers are used, they can be installed as a cluster. A load balancer is used as a front end to the cluster, giving the external applications the appearance of a single server. 

Kerberos authentication

Kerberos, a network authentication protocol, is designed to provide strong authentication for client/server applications by using secret-key cryptography. After the user logs on to the company domain using Kerberos authentication, the user can access the BMC applications supported by BMC Atrium Single Sign-On without providing any additional credentials. 

SAMLv2 authentication

Security Assertion Markup Language (SAML) is an XML-based OASIS standard for exchanging user identity and security attributes information. It uses security tokens containing assertions to pass information about a principal (usually an end user) between an identity provider (IdP) and a service provider (BMC Atrium Single Sign-On).

Common Access Card

The Common Access Card (CAC) is a smart card based authentication mechanism. The CAC satisfies two-factor authentication: what you have (the physical card) and what you know (the PIN). This CAC technology allows for rapid authentication, and enhanced physical and logical security.

RSA SecurIDThe RSA SecurID is a solution for a weak security mechanism such as a password, as anyone who steals the password will appear completely genuine. RSA adds a second, physical proof that makes the certainty of authenticity exponentially higher.
Was this page helpful? Yes No Submitting... Thank you