Changing to an external Remedy Single Sign-On instance after installation
If you are using the embedded version of Remedy Single Sign-On (Remedy SSO) authentication and you want to switch to an external Remedy SSO instance, all BMC Atrium Orchestrator (BAO) components that point to embedded Remedy SSO must be reconfigured to point to the external Remedy SSO instance.
Notes
- Complete these instructions only if you are changing to an external Remedy SSO.
- If you make this change, the instructions in Configuring a fail-safe enterprise service bus after installation or Configuring a fail-safe enterprise service bus after upgrade do not apply.
The following BAO components must be reconfigured:
- Repository
- CDP
- OCP (if installed)
- HA-CDP (if installed)
- AP (if installed)
In these instructions, AO_HOME represents the component installation directory.
To configure components for an external Remedy SSO, complete the following steps for each component.
- Stop the component service (see Starting and stopping product components and services).
- Navigate to the AO_HOME/config directory.
Edit the authentication.xml file.
The file will look similar to the following example:<?xml version="1.0" encoding="ISO-8859-1"?> <authentication> <config> <service-type>RSSO_EMBEDDED</service-type> <url>https://BAOhost.bmc.com:8443</url> <tenant>BAOLocal</tenant> </config> </authentication>Change the authentication service-type and URL settings to those for the external Remedy SSO as follows:
<?xml version="1.0" encoding="ISO-8859-1"?> <authentication> <config> <service-type>RSSO_EXTERNAL</service-type> <url>https://RSSOhost.bmc.com:8443</url> <tenant>BAOLocal</tenant> </config> </authentication>- Navigate to the AO_HOME/tomcat/conf directory.
- Edit the context.xml file.
Locate the following lines and, if they exist, comment them out, and save your changes.
Note that the port numbers and IP address values will be different in your file.<Parameter name="com.bmc.ao.ha.cdp.port" override="true" value="9999"/> <Parameter name="com.bmc.ao.ha.cdp.ip" override="true" value="111.222.333.444"/> <Parameter name="com.bmc.ao.ha.repo.port" override="true" value="9999"/> <Parameter name="com.bmc.ao.ha.repo.ip" override="true" value="111.222.333.444"/> <Parameter name="com.bmc.ao.USE_HA_FAIL_SAFE_MODE" override="true" value="false"/> <Parameter name="com.bmc.ao.USE_HA" override="true" value="true"/>
- Restart the BAO component service.
Create the default user, role, and realm
Note
Perform these steps after you have changed your authentication system to external Remedy SSO.
After installing Remedy SSO, you must complete the following tasks before installing BMC Atrium Orchestrator Platform components:
- Create a realm named BAOLocal (see Working with realms).
- Create a user called aoadmin (see Creating and managing local users and roles in Remedy Single Sign-On). Use the default password (see Installing the repository for the default password, which is listed after the installation instructions).
- Create a role called AoAdmin (see Creating and managing local users and roles in Remedy Single Sign-On).
- Assign the aoadmin user to the AoAdmin role (see Creating and managing local users and roles in Remedy Single Sign-On).
Comments
Is covered when installing and using External RSSO but not here
Hi Peter,
I have added the section on creating a user, role, and realm after moving to external RSSO here.
Hope this helps!
Hi Shweta, sorry but there appears to be authrisation issues all over the site, this is the second page that I am getting the following error on :( .
Error rendering macro 'excerpt-include' : User 'iain.taylor@tiberone.com' does not have permission to view the page '_Changing to an external Remedy Single Sign-On instance'.
Thank you for resolving the fail safe enterprise service bus page error.
Hi Iain, Sorry for the problems. I have fixed the current page. I will look for more instances.
Thank you Shweta.