This documentation supports the 9.0 version of BMC Atrium Single Sign-On, which is in "End of Version Support." However, the documentation is available for your convenience. You will not be able to leave comments.Click here to view the documentation for a supported version of Remedy Single Sign-On.

Key concepts

This topic provides information about important concepts used in BMC Atrium Single Sign-On.

 

Concept

Description

BMC Atrium Single Sign-On server and agents provide the necessary integration to BMC products which can avail various authentication options provided by BMC Atrium Single Sign-On.

The administrator password is used to access BMC Atrium Single Sign-On Admin Console through a browser. You can create user accounts and other authentication algorithms from the BMC Atrium Single Sign-On Admin Console.

The default cookie domain value is the network domain of user facing application server (or load balancer for the application) and BMC Atrium Single Sign-On server (or load balancer of BMC Atrium Single Sign-On servers).

When you log on to or log off from a BMC product using BMC Atrium Single Sign-On, you are automatically logged on to or logged off from other BMC products as well.

BMC Atrium Single Sign-On installation provides a self-signed certificate installed on the Tomcat server with its own pair of private and public keys. The certificates are used for providing a secure communication channel between the BMC Atrium Single Sign-On server and other products.

An authentication chaining is a mechanism for specifying multiple authentication modules (AR, LDAP, Keberos) in BMC Atrium Single Sign-On. The user will be authenticated against this chain of modules. If any one of the modules succeeds, then the user will be authenticated.

When two or more BMC Atrium Single Sign-On servers are used, they can be installed as a cluster. A load balancer is used as a front end to the cluster, giving the external applications the appearance of a single server. 

Kerberos, a network authentication protocol, is designed to provide strong authentication for client/server applications by using secret-key cryptography. After the user logs on to the company domain using Kerberos authentication, the user can access the BMC applications supported by BMC Atrium Single Sign-On without providing any additional credentials. 

Security Assertion Markup Language (SAML) is an XML-based OASIS standard for exchanging user identity and security attributes information. It uses security tokens containing assertions to pass information about a principal (usually an end user) between an identity provider (IdP) and a service provider (BMC Atrium Single Sign-On).

The Common Access Card (CAC) is a smart card based authentication mechanism. The CAC satisfies two-factor authentication: what you have (the physical card) and what you know (the PIN). This CAC technology allows for rapid authentication, and enhanced physical and logical security.

The RSA SecurID is a solution for a weak security mechanism such as a password, as anyone who steals the password will appear completely genuine. RSA adds a second, physical proof that makes the certainty of authenticity exponentially higher.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*