This documentation supports the 9.0 version of Remedy Action Request System.

To view the latest version, select the version from the Product version menu.

BMC Remedy Single Sign-On Security concepts

User credentials and authentication tokens are security sensitive data. Hence to protect such data, HTTPS has to be configured.

Standalone

For standalone installations, HTTPS has to be configured on the Tomcat server (in the server.xml file). After the configuration, the interactions between the user and BMC Remedy Single Sign-On node happens through HTTPS only. But the interactions between the supported BMC application and BMC Remedy Single Sign-On node happens through either HTTP or HTTPS, depending on the relevant configuration.



High Availability

For High Availability installations, HTTPS has to be configured on the load balancer. After configuration, while the interactions between the user and the load balancer happen through HTTPS connections, the interactions between the load balancer and the BMC Remedy Single Sign-On nodes and the supported BMC applications can use both HTTP and HTTPS protocols, depending on the requirements for performance and certificate management.

 

Where to go from here

Related topics

  • Orientation
  • Installing BMC Remedy Single Sign-On

After configuration, while the interactions between the user and the load balancer happen through HTTPS connections, the interactions between the load balancer and the BMC Remedy Single Sign-On nodes and the supported BMC applications can use both HTTP and HTTPS protocols, depending on the requirements for performance and certificate management.

Was this page helpful? Yes No Submitting... Thank you

Comments

  1. Martin Penev

    Hello,

     

    How can we configure only the communication between the mid-tier and the SSO to be over HTTP? As far as I know, they communicate through browser redirects that are visible to the user. And since the users should access the SSO through HTTPS, I guess that the mid-tier will connect to the SSO through HTTPS as well. Is there something that I am missing?

     

    Best Regards,

    Martin

    Mar 16, 2016 02:11
    1. Kamalakannan Srinivasan

      Hi Martin,

      Thank you for your comment. I will check with the technical team and keep you informed.

      Regards,

      Kamal

      Mar 16, 2016 03:17
    1. Anagha Deshpande

      Hello Martin,

      What you have mentioned in the above comment is correct. Mid Tier will connect to SSO through HTTPS as well.

      Regards,

      Anagha

      Apr 26, 2016 03:39