2.4. Plugin framework

PSM provides a plugin framework to integrate PSM with external authentication and authorization systems, such as an external Credential Store, a ticketing system, or any third-party authentication or authorization solution.

Figure 2.6, Authenticating users to an external authentication and authorization system and the process overview that follows describe how user authentication works at a high level when there is an external authentication and authorization system involved:

Figure 2.6. Authenticating users to an external authentication and authorization system

Authenticating users to an external authentication and authorization system
  1. The client tries to establish a connection to the target server.

  2. PSM notices that an AA plugin is configured in the connection policy matching the connection. This is treated as gateway authentication. For details on gateway authentication, see Procedure 2.13, The gateway authentication process.

  3. PSM prompts the client for credentials.

  4. The client provides authentication details to PSM when prompted.

  5. PSM forwards the client's details to the external authentication and authorization system using the PSM API.

  6. The external authentication and authorization system verifies the data received and provides feedback to PSM about the result.

  7. If the client is granted access by the external authentication and authorization system, then PSM authenticates the client to the target server, and establishes the connection.

For further information on plugins including configuration details, see Section 18.5.5, Integrating ticketing systems and Section 18.5, Integrating external authentication and authorization systems.