Using SAMLv2 for authentication

In SAMLv2, a collection of entities are grouped together to form a Circle of Trust. The Circle of Trust is composed of a Service Provider (SP) and an Identity Provider (IdP). The Identity Provider authenticates the users and provides this information to the Service Provider. The Service Provider hosts services that the user accesses.

In a typical SAMLv2 deployment scenario, the BMC Atrium Single Sign-On server is configured as an SP for BMC products. The BMC Atrium Single Sign-On SP is then added to a Circle of Trust which includes an IdP. The IdP provides the authentication services for the BMC Atrium Single Sign-On system.

In addition, the IdP caches authentication information within the browser. This information allows the IdP to automatically re-authenticate a user without the user re-entering their credentials. For more information about automatic logon behavior, see Logon-and-logoff-issues.

• BMC Atrium Single Sign-On as an SP - See Configuring BMC Atrium Single Sign-On as an SP
• MC Atrium Single Sign-On as an IdP - See Configuring BMC Atrium Single Sign-On as an IdP

The following illustration shows BMC Atrium Single Sign-On configured as an SP. BMC products are integrated with BMC Atrium Single Sign-On which, in turn, hosts the SP for the Circle of Trust. For the IdP, any SAMLv2 IdP can be used. In addition, a second BMC Atrium Single Sign-On server can be configured to host an IdP.

BMC Atrium Single Sign-On server configured as an SP

Related topics

• Troubleshooting-SAMLv2