BMC Remedy Single Sign-On agent supporting multiple servers
The BMC Remedy Single Sign-On web agent is usually configured to communicate with only one BMC Remedy Single Sign-On server. In such a configuration, the agent performs tasks such as checking configuration, checking the Single Sign-On token, and redirecting logons and logoffs.
An advanced feature of the BMC Remedy Single Sign-On web agent supports communication with multiple BMC Remedy Single Sign-On servers for different domains.
The mapping between a domain and a BMC Remedy Single Sign-On server (<domain>:<url>) is defined through the following properties in the “rsso-agent.properties” file.
- Agent redirects the browser (user’s request) to this url when it detects that the request needs to be authenticated.
- Agent redirects browser to this URL when it detects that the application logout is completed (i.e. if the request refers to ‘logout-urls’).
- Agent uses this URL to call BMC Remedy Single Sign-On webapp APIs to:
- Retrieve configuration details such as cookie name, cookie domain, and realm-domain mappings.
- Check if the token cookie from the browser (user's request) is valid and if it is valid, retrieve BMC Remedy Single Sign-On.
- Register on BMC Remedy Single Sign-On server to track other application agents. The tracking helps the agent to know the login status of other application agents prior to logging out.
To support multiple BMC Remedy Single Sign-On servers on an agent, set the different values of domain to server mapping as comma-separated strings. For example, assume that the BMC Remedy Single Sign-On server for the domain “firstcompany” is firstcompany-rsso.bmc.com and the BMC Remedy Single Sign-On server for the domain “secondcompany” is secondcompany-rsso.bmc.com. Then the properties definition will be as follows: