Information
This documentation supports the 9.0 version of BMC Atrium Single Sign-On, which is in "End of Version Support." However, the documentation is available for your convenience. You will not be able to leave comments.Click here to view the documentation for a supported version of Remedy Single Sign-On.

Using SAMLv2 for authentication


Security Assertion Markup Language (SAML) is an XML-based OASIS standard for exchanging user identity and security attributes information. It uses security tokens containing assertions to pass information about a principal (usually an end user) between an identity provider (IdP) and a web service.

SAMLv2 is implemented by grouping a collection of entities to form a Circle of Trust. The Circle of Trust is composed of a Service Provider (SP) and an Identity Provider (IdP). The Identity Provider authenticates the users and provides this information to the Service Provider. The Service Provider hosts services that the user accesses.

Configuring SAMLv2 video

Click the following BMC Atrium Single Sign-On SAMLv2 configuration video for more information:

Error

Unsupported parameter(s) for macro hide-if: linkText, href, url. Due to this, the macro might have unexpected results.

SAMLv2 configuration options

BMC Atrium Single Sign-On can be configured to perform as an SP or as an IdP. In addition, the user accounts can be federated in bulk.

SAMLv2 implementation

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Warning

The macro unmigrated-inline-wiki-markup from Confluence is no longer available.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Typical SAMLv2 deployment

In a typical SAMLv2 deployment scenario, the BMC Atrium Single Sign-On server is configured as an SP for BMC products. The BMC Atrium Single Sign-On SP is then added to a Circle of Trust which includes an IdP. The IdP provides the authentication services for the BMC Atrium Single Sign-On system.

In addition, the IdP caches authentication information within the browser. This information allows the IdP to automatically re-authenticate a user without the user re-entering their credentials. For more information about automatic logon behavior, see Troubleshooting-logon-and-logoff-issues.

Warning

Note

BMC Atrium Single Sign-On SAMLv2 implementation is limited to:

  • SAML 2.0 browser-based transient Federation and Federated SSO
  • Browser-based HTTP GET and POST binding mechanisms of the SAML 2.0 protocol

Typical SAMLv2 deployment architecture

The following illustration shows BMC Atrium Single Sign-On configured as an SP. BMC products are integrated with BMC Atrium Single Sign-On which, in turn, hosts the SP for the Circle of Trust. For the IdP, any SAMLv2 IdP can be used. In addition, a second BMC Atrium Single Sign-On server can be configured to host an IdP.

BMC Atrium Single Sign-On server configured as an SP
SAMLv2 Deployment architecture.png

Related topics

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC Atrium Single Sign-On 9.0