This documentation supports the 9.0 version of BMC Atrium Single Sign-On, which is in "End of Version Support." However, the documentation is available for your convenience. You will not be able to leave comments.

Click here to view the documentation for a supported version of Remedy Single Sign-On.

SAMLv2 authentication

Security Assertion Markup Language (SAML) is an XML-based OASIS standard for exchanging user identity and security attributes information. It uses security tokens containing assertions to pass information about a principal (usually an end user) between an identity provider (IdP) and a web service.

SAMLv2 is implemented by grouping a collection of entities to form a Circle of Trust. The Circle of Trust is composed of a Service Provider (SP) and an Identity Provider (IdP). The Identity Provider authenticates the users and provides this information to the Service Provider. The Service Provider hosts services that the user accesses. BMC Atrium Single Sign-On provides support for SP Initiated Single Sign-On.

SAML workflow

The following image and the steps the follow the image provide the SAML workflow.

  1. User accesses the protected application from a mobile device or through a web browser.
  2. Web Agent redirects the user to BMC Atrium Single Sign-On console.
  3. BMC Atrium Single Sign-On sends a request to IDP to authenticate user.
  4. IDP presents a login form to user for authentication.
  5. User enters valid credentials.


    The IdP does authentication depending on the supported and configured authentication type (Kerberos, RSA, LDAP or any other authentication). In case of form-based authentication, the IdP presents a logon page to the user, and the user enters valid credentials.

  6. IDP checks the user credentials from the database.
  7. IDP then confirms user authentication.
  8. BMC Atrium Single Sign-On creates a session for the user.
  9. The user is allowed to access the application.

The following steps provide the log off process:

  1. User logs off from the application.
  2. Web Agent redirects the user to BMC Atrium Single Sign-On console.
  3. BMC Atrium Single Sign-On sends a request to IDP to log off the user from the application.
  4. The IDP validates the log off request and finds out the session associated with the log off request.
  5. IDP invalidates the session and issues a log off response to BMC Atrium Single Sign-On.
  6. BMC Atrium Single Sign On invalidates the user session and redirects back to application.
  7. The user is logged off from the application.

Related topics

BMC Atrium Single Sign-On using SAMLv2 deployment example

Using SAMLv2 for authentication

Managing certificates in BMC Atrium Single Sign-On

Troubleshooting SAMLv2

Was this page helpful? Yes No Submitting... Thank you