Skip to Content
Information
This documentation supports the 9.0 version of BMC Atrium Single Sign-On, which is in "End of Version Support." However, the documentation is available for your convenience. You will not be able to leave comments.Click here to view the documentation for a supported version of Remedy Single Sign-On.

Chaining different modules

If a complex certificate chain is needed, you can create a certificate chain by using the Realm Editor on the BMC Atrium SSO Admin Console.

The following topics are provided:

Warning

Note

When you create an authentication chain, the MIT Kerberos modules should be first authentication module in the list.

To create an additional module

  1. In the BMC Atrium SSO Admin Console, select the realm you want to configure and click Edit.
  2. Click Add.
  3. Select the type of new module instance.
  4. Provide the module parameters.
    For more information about the parameters, see Realm-Editor.
  5. Click Save.

To edit an additional module

  1. In the BMC Atrium SSO Admin Console, select the realm you want to configure and click Edit.
  2. Select the module instance check box.
  3. Click Edit.
    A pop-up window opens, allowing you to configure the module attributes.

To change the criteria for a module

  1. In the BMC Atrium SSO Admin Console, select the realm you want to configure and click Edit.
  2. On the Flag option for the module, select new criteria from the list.

    The criteria for a module alters the authentication status of the chain. The criteria categories are Required, Requisite, Sufficient, and Optional.
    • Required—This module must authenticate the user. Regardless of whether authentication passes or fails, processing of the chain continues.
    • Requisite—This module must authenticate the user. If authentication fails, processing of the chain stops.
    • Sufficient—This module might authenticate the user. If authentication passes, processing of the chain stops; otherwise, processing continues.
    • Optional—This module might authenticate the user. Processing continues regardless of whether authentication passes or fails.
Warning

Note

The Sufficient flag is the most commonly used flag when using authentication chains.

If all of the Required and Requisite modules pass before either the end of the chain or the first successful Sufficient module, the overall status is successful. When there are no Required or Requisite modules, at least one Sufficient or Optional module must authenticate the user.

To reorder the modules in a chain

  1. In the BMC Atrium SSO Admin Console, select the realm that you want to configure and click Edit.
  2. Select the module instance that you want to move.
  3. Click Up or Down to change the order in which the module instances are processed.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC Atrium Single Sign-On 9.0