BMC ProactiveNet Database or LDAP server authentication
User credentials are authenticated against the information in the BMC ProactiveNet Database or the LDAP server if your BMC ProactiveNet setup is not integrated with BMC Atrium SSO. You can use either the URL-encoded format or the Base64-encoded format to send the user credentials with the authentication request. Based on your BMC ProactiveNet setup, there can be two scenarios:
Single BMC ProactiveNet Server
The following figure explains the architecture of the web services for a single BMC ProactiveNet Server installation.
BMC ProactiveNet web services architecture for a single BMC ProactiveNet Server installation
URL-encoded format for a single BMC ProactiveNet Server installation
A web service client sends an authentication request to the BMC ProactiveNet Server. The server authenticates the user credentials against the information in the BMC ProactiveNet Database or the LDAP server. After successful authentication, the web service API generates an authentication token. The authentication token is sent to the web service client in the JSON format.
You can use this authentication token in your subsequent web service requests until the token expires, and the server provides an appropriate response to the web service client in the JSON format.
Base64-encoded format for a single BMC ProactiveNet Server installation
A web service client sends a web service request with the user credentials encoded in the Base64-format to the BMC ProactiveNet Server. The server authenticates the user credentials against the information in the BMC ProactiveNet Database or the LDAP server. After successful authentication, the server sends an appropriate response to the web service client in the JSON format.
Multiple BMC ProactiveNet Child Servers with a Central Server Router
The following figure explains the architecture of web services for multiple BMC ProactiveNet Child Servers with a Central Server Router.
BMC ProactiveNet web services architecture for multiple BMC ProactiveNet Servers
URL-encoded format for multiple BMC ProactiveNet Child Servers with a Central Server Router
A web service client sends an authentication request to Central Server Router. The router authenticates the user credentials against the information in the BMC ProactiveNet Database or the LDAP server. After successful authentication, the web service API generates an authentication token. The router sends the user credentials and the authentication token to the BMC ProactiveNet Child Servers. Each child server authenticates the user credentials against the information in the BMC ProactiveNet Database or the LDAP server and responds to the router, indicating whether the user credentials are valid or not.
The router's response to the web service client depends on the value of the routerAuthenticationScheme property set in the bppmws.properties file. The file is located in the pw\pronto\conf directory.
Central Server Router's response to a web service request based on the value of the routerAuthenticationScheme property
You can use the authentication token in your subsequent web service requests until the token expires. When a web service request with the authentication token is sent to the router, the router validates the authentication token and directs the web service request to the appropriate child servers. Each child server in turn validates the authentication token and sends an appropriate response to the router if the authentication is valid. The router cumulates the responses from all the child servers and sends them to the web service client in the JSON format. The router's response to the web service client depends on the value of the routerAuthenticationScheme property set in the bppmws.properties file.
Base64-encoded format for multiple BMC ProactiveNet Child Servers with a Central Server Router
A web service request is sent to Central Server Router with the user credentials in the Based64-encoded format. The router authenticates the user credentials against the information in the BMC ProactiveNet Database or the LDAP server. The router directs the web service request to the appropriate child servers. Each child server authenticates the user credentials against the information in the BMC ProactiveNet Database or the LDAP server and sends appropriate responses to the router if the user credentials are valid.
The router's response to the web service client depends on the value of routerAuthenticationScheme property set in the bppmws.properties file. For more information, see routerAuthenticationScheme property.
Related topic