Out of support This documentation supports the 8.0 version of BMC Atrium Single Sign-On, which is in "End of Version Support." However, the documentation is available for your convenience. You will not be able to leave comments.Click here to view the documentation for a supported version of Remedy Single Sign-On.

Specifying CAC users

BMC Atrium Single Sign-On can be configured to allow any valid CAC card access or it can be configured to allow a known subset authentication. This section describes the following methods for specifying CAC users:

To allow any user with a valid CAC card access

  1. Navigate to Access Control > BmcRealm link > Authentication
  2. Click All Core Settings.
  3. Click Dynamic or Ignore.
  4. Click Save.

To allow user access through the internal data store

The set of known users that are allowed access can be specified by using the internal data store.

  1. Verify that the User Profile is set to Required.
    1. Navigate to Access Control > BmcRealm link > Authentication
    2. Click All Core Settings.
    3. Click Required.
    4. Click Save.
  2. Create the users that need access in the internal data store.
    1. Navigate to Access Control > BmcRealm link > Subjects
    2. Click New.
    3. Enter the new user ID.
       The ID of the new user must match the Common Name (CN) of the owner of the CAC card.
    4. Enter the user information.
    5. Enter the default password into the Password and Password (confirm) fields.
       The password field must be specified, although with CAC authentication, it is ignored.
    6. In the User Status field, verify that Active is selected (default).
    7. Click OK.

To allow user access through an external LDAP server

The set of known users that are allowed access can be specified by using an external LDAP server where the user certificates are stored.

  1. Navigate to Access Control > BmcRealm link > Authentication
  2. Click Module Instances.
  3. Click CAC.
  4. In the Match Certificate in LDAP field, click Enabled.
  5. In the Subject DN Attribute Used to Search LDAP for Certificates field, enter the attribute from the Subject DN of the certificate that is used to search the LDAP server for certificates.
     The default value is CN.
  6. In the LDAP Server Where Certificates are Stored field, enter the LDAP server information.
     The host name must end with a colon followed by the port number for the LDAP server.
  7. In the LDAP Search Start DN field, enter the DN of the node.
     The DN of the node starts the search within the LDAP server.
     To connect with the LDAP server, the user must have sufficient privileges to perform the search.
  8. In the LDAP Server Principal User field, enter the DN of the user with search privileges in the LDAP server.
  9. In the LDAP Server Principal Password field, enter the password for this user and repeat this password in the LDAP Server Principal Password (confirm) field to confirm the first entry.
  10. If you plan to use SSL for communication with the LDAP server, in the Use SSL for LDAP Access field, click Enabled.
     If you are using SSL, the LDAP server certificate must be imported into the BMC Atrium Single Sign-On truststore so that SSL can connect with the LDAP server.
  11. Click Save.

Where to go from here

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*