BMC Atrium SSO authentication

BMC Atrium SSO authenticates user credentials if your Infrastructure Management setup is integrated with it. You can use either the URL-encoded format or the Base64-encoded format to send the user credentials with the authentication request. Based on your Infrastructure Management setup, there can be two scenarios:

• Single BMC TrueSight Infrastructure Management Server installation with BMC Atrium SSO integration
• Multiple Child Servers and a Central Server Router with BMC Atrium SSO integration

For information about BMC Atrium SSO, see the BMC Atrium Single Sign-On Administrator's Guide.

 Single BMC TrueSight Infrastructure Management Server installation with BMC Atrium SSO integration

The following figure explains the architecture of web services for a single Infrastructure Management installation integrated with BMC Atrium SSO.

Infrastructure Management architecture for a single BMC TrueSight Infrastructure Management Server installation with Single Sign-On implementation

URL-encoded format for a single BMC TrueSight Infrastructure Management Server installation with BMC Atrium SSO integration

A web service client sends an authentication request to the BMC TrueSight Infrastructure Management Server. The server sends the user credentials to BMC Atrium SSO. BMC Atrium SSO authenticates the user credentials, and after successful authentication, it generates an authentication token. The authentication token is sent to the BMC TrueSight Infrastructure Management Server. The server sends the authentication token to the web service client in the JSON format.

You can use this authentication token in your subsequent web service requests until the token expires. When a web service request with an authentication token is sent to the BMC TrueSight Infrastructure Management Server, the server validates the authentication token and sends an appropriate response to the web service client in the JSON format.

Base64-encoded format for a single BMC TrueSight Infrastructure Management Server installation with BMC Atrium SSO integration

A web service client sends a web service request, with user credentials encoded in the Base64-format, to the BMC TrueSight Infrastructure Management Server. The server sends the user credentials to BMC Atrium SSO. BMC Atrium SSO authenticates the user credentials and responds to the BMC TrueSight Infrastructure Management Server, indicating whether the user credentials are valid or not. If the user credentials are valid, the server sends an appropriate response to the web service client in the JSON format.

 Multiple Child Servers and a Central Server Router with BMC Atrium SSO integration

The following figure explains the architecture of web services for multiple BMC TrueSight Infrastructure Management Servers and a Central Server Router integrated with BMC Atrium SSO.

Infrastructure Management architecture for multiple BMC TrueSight Infrastructure Management Servers with Single Sign-On implementation

URL-encoded format for multiple Child Servers and a Central Server Router with BMC Atrium SSO integration

A web service client sends an authentication request to Central Server Router. The router sends the user credentials to BMC Atrium SSO. BMC Atrium SSO authenticates the user credentials and generates an authentication token after successful authentication. The authentication token is sent to the router. The router sends the user credentials and the authentication token to all the Child Servers. Each child server authenticates the user credentials with BMC Atrium SSO and responds to the router, indicating whether the user credentials are valid or not.

The router's response to the web service client depends on the value of the routerAuthenticationScheme property set in the bppmws.properties file. For more information, see routerAuthenticationScheme property. The file is located in the pw\pronto\conf folder.

You can use the authentication token in your subsequent web service requests until the token expires. When a web service request with an authentication token is sent to the router, the router validates the authentication token, and it directs the web service request to the appropriate child servers. Each child server validates the authentication token and sends an appropriate response to the router if the authentication is valid. The router cumulates the responses from all the child servers and sends them to the web service client in the JSON format. The router's response to the web service client depends on the value of the routerAuthenticationScheme property set in the bppmws.properties file.

Base64-encoded format for multiple Child Servers and a Central Server Router with BMC Atrium SSO integration

A web service request is sent to Central Server Router, with user credentials in the Based64-encoded format. The router sends the user credentials to BMC Atrium SSO. BMC Atrium SSO authenticates the user credentials and responds to the router indicating whether the user credentials are valid or not. If the user credentials are valid, the router directs the web service request to the appropriate child servers. Each child server authenticates the user credentials with BMC Atrium SSO and sends an appropriate response to the router if the user credentials are valid.

The router's response to the web service client depends on the routerAuthenticationScheme property value set in the bppmws.properties file. For more information, see routerAuthenticationScheme property.