Unsupported content


This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.

Installing BMC Atrium Single Sign-On in a cluster

This topic describes how to install BMC Atrium Single Sign-On in a cluster with one or more nodes.

Installing the first node for BMC Atrium Single Sign-On cluster

  1. Run the setup file that you have downloaded from EPD. 
  2. In the BMC Atrium Single Sign-On Server Cluster Options panel:
    1. Select Clustered BMC Atrium SSO Server.
    2. Select New Cluster Installation (First node).
  3. Enter a file name and complete path for storing the cluster configuration information and click Next
    Alternately, you can navigate to the directory and select a file.
    When you enter the file name and click Next, a config file with that name is created on your computer at the specified location automatically. If you are using Microsoft Windows, you must enter the complete path for the cluster configuration file. For example, c:/atriumsso1cluster.dat.


    You must copy this file to the subsequent nodes before installing BMC Atrium Single Sign-On on those nodes. The file contains sensitive information that is used when installing subsequent nodes.

  4. Enter the following values and click Next.
    • LDAP port number: 8091
    • LDAP replication port: 8092
    • LDAP administration port: 8093
  5. Enter the BMC Atrium Single Sign-On node URL address and click Next.
    For example:

  6. Verify that Install New Tomcat is selected and click Next.
  7. Accept the following default port numbers or enter different port numbers and click Next:
    • Tomcat server HTTP port number: 8080
    • HTTPS port number: 8443
    • Shutdown port number: 8005
  8. Enter a cookie domain and click Next.
    The domain value of the cookie should be the network domain of BMC Atrium Single Sign-On or one of its parent domains.
  9. Enter a strong administrator password, confirm the password, and click Next.
    The default administrator name is amadmin.
  10. Review the installation summary and click Install to complete the installation.
    After the first node is successfully installed, additional nodes can be added to the cluster by using the file created during the first installation. For more information about installing the first node, see Installing the first node for an HA cluster on a new Tomcat server.

Installing an additional node for BMC Atrium Single Sign-On cluster

During subsequent node installations, previously installed nodes must be available so the newly added node can fully integrate into the cluster.

  1. Copy the cluster configuration file c:/atriumsso1cluster.dat (created during the first node's installation) to the Disk1 directory of the extracted files before installing BMC Atrium Single Sign-On on the node.
  2. Run the installation program.
    Launch the setup executable located in the Disk1 directory of the extracted files.
    • (Microsoft Windows ) Run setup.cmd
    • (UNIX ) Run setup.sh
  3. In the Host Name Information panel, verify that the host name presented is the Fully Qualified Domain Name (FQDN) for the host, and then click Next.
    Correct the value as needed.
  4. In the BMC Atrium Single Sign-On Server Cluster Options panel, perform the following actions:
    1. Select Clustered Atrium SSO Server.
    2. Select Add this node to an existing cluster.
    3. Click Next.
  5. In the BMC Atrium SSO Cluster Configuration File Information panel, browse to the Disk1 directory where you copied the file, and then click Next.
  6. Enter the LDAP port number (8091), LDAP replication port (8092), LDAP administration port (8093), and click Next.
  7. Verify that Install New Tomcat is selected and click Next.

  8. Accept the default Tomcat server HTTP port number (8080), HTTPS port number (8443), and Shutdown port number (8005), or enter different port numbers, and click Next.
  9. Review the installation summary and click Install.
    After the second node has been successfully installed, additional nodes can be added to the cluster by using the file created during the first installation.

After you have installed both the nodes, you must perform the following post-installation configurations.

You need to create a truststore file that will be placed on the load balancer server. The truststore file must contain the BMC Atrium Single Sign-On node certificates. For example, if you have two nodes, the load balancer will serve the clm-pun-sso1.bmc.com and clm-pun-sso2.bmc.com certificates

To generate the certificates

  1. Run the following command to generate the certificate on the first node.
    In the command, replace SSOkeystorePassword with the keystore password, which you can find in the server.xml file. 

    $SSO_HOME\tomcat\conf>keytool -exportcert -rfc -keystore keystore.p12 -storepass <SSOkeystorePassword> -storetype PKCS12 -alias tomcat -file certificate1.pem -providername JsafeJCE
  2. Run the following command to generate the certificate on the second node.
    In the command, replace SSOkeystorePassword with the keystore password, which you can find in the server.xml file. 

    $SSO_HOME\tomcat\conf>keytool -exportcert -rfc -keystore keystore.p12 -storepass <SSOkeystorePassword> -storetype PKCS12 -alias tomcat -file certificate2.pem -providername JsafeJCE	
  3. After you install the Apache Load Balancer server, you will be required to copy these certificate files to the load balancer server to create a truststore file.  

Where to go from here

Installing and configuring Apache Load Balancer server

Was this page helpful? Yes No Submitting... Thank you


  1. Peter Lowater

    The steps to export above should say where to get the -storepass value from, the default appears to be "internal4bmc" and not "changeit" and it can be checked in the server.xml file.

    Aug 21, 2014 11:03
    1. Shweta Hardikar

      Hi Peter, 

      Thanks for the comment.

      Btw, did you face any issue when you used changeit? 

      Aug 26, 2014 03:58
  2. Peter Lowater

    Yes I had problems because the password is not changit.

    Aug 26, 2014 05:05
    1. Shweta Hardikar

      Okay! Il get it validated from the R&D and change the password in the command.


      Just out of curiosity, what version of SSO are you using? 

      Aug 26, 2014 11:31
  3. Peter Lowater


    Aug 27, 2014 02:57
    1. Dorothy Poole

       The page is updated to tell users where to find the password (in server.xml file) and a generic pwd placeholder is in the command, with instructions to replace it with the pwd in the server.xml file.

      Apr 23, 2015 08:46