BMC Helix SSO agent

The BMC Helix SSO agent role in an authentication flow

The BMC Helix SSO agent, designed as a request filter, performs the following tasks:

• In an environment with one BMC Helix SSO server, the BMC Helix SSO agent intercepts user requests and then redirects these requests to the BMC Helix SSO server.
• In an environment with multiple BMC Helix SSO servers, the BMC Helix SSO agent defines application domains based on the domains present in user requests, and then defines the right server for communication. For more information about an environment with multiple BMC Helix SSO servers, see Connecting-the-same-BMC-Helix-SSO-agent-to-different-BMC-Helix-SSO-servers.

On intercepting a user request to an application, the BMC Helix SSO agent verifies whether the user is already authenticated by searching for the authentication cookie in the request. Depending on the cookie availability, the BMC Helix SSO agent performs the following tasks:

• If the authentication cookie is available, the BMC Helix SSO agent validates it by making a service call to the BMC Helix SSO server. This validation is made on a regular basis, and the validation period can be scheduled to not impact the server performance. 

• If the authentication cookie is unavailable, the BMC Helix SSO agent defines a domain parameter from the application URL, and then identifies a realm based on the application domain. After that, the user is redirected to the BMC Helix SSO server to pass authentication based on the realm settings.

If the validation is successful, the request is passed to the application. Otherwise, it is redirected to the BMC Helix SSO server for repeating the authentication process.