This documentation supports the 9.0 version of BMC Atrium Single Sign-On, which is in "End of Version Support." However, the documentation is available for your convenience. You will not be able to leave comments.Click here to view the documentation for a supported version of Remedy Single Sign-On.

Managing authentication modules

The basic building block of authentication in BMC Atrium Single Sign-On is the authentication module. These modules specify the type of authentication (LDAP, RSA SecurID, and so on) as well as deployment-specific values such as host names and port numbers.

To manage authentication modules

Module instances can be created, edited, and deleted from the Realm Authentication panel. The Realm Authentication panel is on the Main tab of the realm.

  • Add allows you to create a new module instance.
  • Edit allows you to modify the module instance parameters.
  • Delete allows you to remove the selected module instance.
  • Up and Down allows you to re-order a module instance in the authentication chain.

To create a new module

  1. On the BMC Atrium SSO Admin Console, click Edit BMC Realm.
  2. Click Add.
  3. Select the type of new module instance.
  4. Type a unique name for the module instance.
     The name should be composed of alphanumeric characters and a few punctuation characters such as the underscore, but no spaces, commas, or ampersands.
  5. Provide the module parameters.
  6. Click Save.
  7. If you want to change the module configuration, edit the module.
     The module's configuration must be edited before it can be used within an authentication chain.

To edit a module

  1. On the BMC Atrium SSO Admin Console, click Edit BmcRealm.
  2. Select the module instance check box.

  3. Click Edit.
    A pop-up is launched that allows you to configure module attributes.

    Note

    See the sections on configuring that particular type of module. For example, Using-LDAP-Active-Directory-for-authentication.

To delete a module

  1. On the BMC Atrium SSO Admin Console, click Edit BmcRealm.
  2. Select the module instance check box.
  3. Click Delete.

To change the criteria for a module

  1. On the BMC Atrium SSO Admin Console, click Edit BMC Realm.
  2. On the Flag option for the module, select a new criteria from the drop down menu.

The criteria for a module alters the authentication status of the chain. The criteria categories are Required, Requisite, Sufficient, and Optional.

  • Required — This module must authenticate the user. Regardless of pass or fail, processing of the chain continues.
  • Requisite — This module must authenticate the user. When authentication fails, processing of the chain aborts.
  • Sufficient — This module might authenticate the user. If authentication passes, processing of the chain stops, otherwise processing continues.
  • Optional — This module might authenticate the user. Processing continues regardless of success or failure.

The overall status is successful if all of the Required and Requisite modules pass before either the end of the chain or the first successful Sufficient module. When there are no Required or Requisite modules, then at least one Sufficient or Optional module must authenticate the user.

To reorder the modules in a chain

  1. On the BMC Atrium SSO Admin Console, click Edit BMC Realm.
  2. Select the Module instance that you want to move.
  3. Click Up or Down to change the order in which the module instances are processed.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*