Using AR for authentication
The AR System Data Store plug-in allows group information associated with BMC Remedy AR System server users to be retrieved and provided to BMC products. The AR authentication module and the AR user store are designed to be used together because it provides additional information for users authenticated against the AR System server.
The AR user store provides read-only access to the user information stored in AR System server and read-only access to user and group lists and memberships.
Before you begin
- Ensure that the AR System Data Store plug-in is installed.
- Ensure that you have the server location and an administrator account since they are required to configure the AR user store..
User management functionality, assigning group information that is retrieved from the AR System server to users that exist in another data store (for example, the internal data store), and saving changes involving information retrieved from the AR System server are not available.
To configure an AR module
For the AR module, the flag is set to Sufficient.
When adding or editing an AR module, the following options are available:
Server Host Name
(Required) Provide the Full Qualified Domain Name (FQDN) for the server where the AR System server is located. The full host name includes the domain name (bmc.com) of the computer and the individual name of the server (yourServer).
Server Port Number
(Required) AR Server Port Number is the location where the AR System server is listening.
Default Authentication String
This string is only used when the AR module is placed downstream in a chain from another authentication module which prompts the user only for a name and password. In this situation, the value of this parameter is used to authenticate the user by re-using the credentials provided by the user along with this authentication string.
Allow AR Guests
If enabled, allows unknown or invalid users to authenticate to the AR System server as guests.
To configure an AR user store
You must study these points if you want to configure an AR user store.
- If you are using a persistent NameID element you cannot define AR User Store. You must use transient NameID element to define an AR User Store.
- Existing profiles within the embedded LDAP User Store should be deleted before adding the AR User Store.
- Log on to the BMC Atrium SSO Admin Console.
- Click Edit BMC Realm.
- On the User Store panel, click Add to create a new AR user store.
Alternatively, if you want to edit an existing AR user store, select the user store and click Edit.
- Select AR User Store.
- Provide the <[^>]+?>","")"/>
Label for the AR user store.
AR Server Host
(Required) Provide the Full Qualified Domain Name (FQDN) for the server where AR System server is located. The full host name includes the domain name (bmc.com) of the computer and the individual name of the server (yourServer). Replace the default values (sample.bmc.com) with the host name of your server (for example, yourServer.bmc.com.
(Required) Default: 0 Provide the port number where the AR Server is listening. The value of 0 is used when the AR Server is using port mapping.
(Required) Provide the user name of an AR Server user store account that has AR System Administrator privileges.
Empty or blank passwords for this internal user are not supported with a new user store.
Provide the authentication string that is needed when the Administrator account is used to connect with the AR System server.
Password and Confirm Password
Password for the AR System administrative user of the AR Server user store account (for example, admin).
Linger Time (seconds)
(Required) Default: 60 Linger Time is the amount of time (in milliseconds) that a connection is allowed to remain unused in the pool before being closed.
(Required) Default: 10 The Pool Size is the maximum number of connections the data store uses to service data requests for the AR System server. for the AR user store.
- Click Save.
When you create a new user or group in BMC Remedy AR System, the user or group is not immediately available in BMC Atrium Single Sign-On server due to caching of user and group information in BMC Atrium SSO.
The AR User Store Editor is used for both editing an existing user store's parameters and for creating a new AR user store. The AR User Store Editor has the following options:
- Save to save your modifications
- Reset to remove your modifications and stay on the LDAP page.
- Back to Data Stores to navigate back to the Authentication tab.
After configuration is finished, the data store is immediately available to provide group information to users who are authenticating with the AR authentication module.
For more information about common problems, see.