Can't tell from your question if you are asking about Atrium SSO or just using the AREA plug-in technology from AR System. But in any case, take a look at the chaining ability of AREA within AR System and see if that addresses your issue:
" Specifying authentication chaining mode
You can specify the order in which internal and external authentication methods are attempted by specifying a value for the Authentication Chaining Mode field. When Authentication Chaining is enabled, all authentication methods in the chain are attempted in the specified order until either authentication succeeds or all the methods in the chain fail."
Information on this can be found in the Integration Guide for AR System.
David J. Easter
Product Line Manager
BMC Software, Inc.
Thx for your email.
I have the following situation. My customer A is an outsourcing company and they will go live with Remedy on Demand. They would like fir their users and their customers users to be able to use SSO (ad authentication method). The problem we found is that we need to setup RoD to validate against customer A domain and its customers domains too. Customer A ( the service provider) and its customers are in different networks.
Will area plugin solve the problemm?
Sent from my iPhone
If you have 7.6.03 Documentation then refer to Page 146 of Integration Guide. Following is relevant text from this page which I think is answer for your question –
If any AREA LDAP adapters are configured for your AR System server, they are
displayed in the Configuration List at the top of the form. When AR System
attempts to authenticate a user, it searches each LDAP adapter configuration in the
I had this conversation with two multi-service providers only yesterday.
There is no easy answer to this nor is there any functionality provided by BMC to tackle the problem. Your customer needs a VPN tunnel to the AD with an Integrated Windows Authentication solution, or a local Mid Tier that connects back to AR System over the Internet/a VPN. You can't do IWA over the Internet.
The current BMC approach appear to be recommending a rather insecure system of encrypting a username and sending it to something they've cooked up in the Mid Tier which decrypts it. This is similar to giving every user the same password. It also involves installing something on the customer's network, which should be flagged up by a good security team as a concern.
SSO Plugin for BMC, HP and more