This documentation supports the 9.0 version of Remedy Action Request System.

To view the latest version, select the version from the Product version menu.

Manually integrating BMC Remedy Single Sign-On with BMC Remedy applications

This topic explains the steps for setting up BMC Remedy Single Sign-On and integrating it with the following:

  • Action Request System 
  • Midtier
  • SmartIT
  • MyIT
  • Analytics 

The following sections provide the detailed information:

Prerequisites

Before setting up BMC Remedy Single Sign-On, verify that the following prerequisites are met:

  •     JRE version 1.7 and above 
  •     Tomcat 7 
  •     Turn on the Tomcat auto-deployment feature or you should know how to deploy the war-files manually.

Setting up BMC Remedy Single Sign-On

Installation of BMC Remedy Single Sign-On comprises the following stages:

  1. Configure RSSO web server
  2. Configure RSSO web server with database
  3. Configure AR Server
  4. Configure Midtier 
  5. Configure SmartIT/MyIT
  6. Configure Analytics

The table below provides the steps to execute for each stage.

Stage Action Steps
1.

Configure RSSO web server

   

  1. Install Tomcat 7.
  2. You must secure Tomcat before using it for RSSO. To secure Tomcat, remove all directories from CATALINA_HOME/webapps

    except ROOT. Delete all content except index page in the ROOT directory.

  3. Deploy rsso.war from distribution/target/rsso-war to <TOMCAT>/webapps/rsso folder.
2.

Configure RSSO web server with database

  1. Create a database for RSSO
  2. Go to RSSO tomcat folder and stop tomcat.
  3. Edit <tomcat>/webapps/rsso/WEB-INF/classes/database.properties. Modify 'database-type' value to 'Oracle'/'MsSql'.  
  4. Edit <tomcat>/webapps/rsso/META-INF/context.xml. Modify the following attributes to be consistent with the values configured in step 3 of this procedure.         
    url: Value of db-url mentioned in step 3 of this procedure
    username: Value of db-user-id mentioned in step 3 of this procedure
    password: Plain text password corresponding to db-password mentioned in step 3 of this procedure
    driverClassName:
    For MsSql:  net.sourceforge.jtds.jdbc.Driver
    For Oracle: oracle.jdbc.driver.OracleDriver
  5. Copy the following files into <tomcat>/lib folder:
    * distribution/target/lib/jtds-1.3.1.jar
    * distribution/target/lib/ojdbc6-11.2.0.2.0.jar
  6. Restart Tomcat.
3.

Configure AR Server

  1. Make sure the required AREA settings (<AR>/Conf/ar.cfg) are set up on the arserver (can be set from the Server Information form > EA tab)
    External-Authentication-RPC-Socket: 390695
    Authentication-Chaining-Mode: 1       
    Use-Password-File: T        
    Crossref-Blank-Password: T     
  2. Copy and modify rsso.cfg from distribution/target/rsso-area-plugin into <AR>/Conf.
    1. Change the value of the following line to your BMC Remedy Single Sign-On server service url:
      SSO-SERVICE-URL: <rsso_service_url>
  3. Copy rsso-area-plugin-all.jar file from distribution/target/rsso-area-plugin into <AR>/pluginsvr directory.
  4. Edit <AR>/pluginsvr/pluginsvr_config.xml and add RSSO AREA plugin with the following snippet.
    Note: Must be within the <plugins> section of the file. Replace {AR} with corresponding path.
      <plugin> 
    <name>ARSYS.AREA.RSSO</name> 
    <classname>com.bmc.rsso.plugin.area.RSSOPlugin</classname> 
    <pathelement type="location">{AR}/pluginsvr/rsso-area-plugin-all.jar</pathelement> 
    <userDefined> 
    <configFile>{AR}/Conf/rsso.cfg</configFile> 
    </userDefined> 
    </plugin> 
  5. Restart ARServer.
4.

Configure Midtier

  1. Stop midtier/tomcat service.
    For configuring the Authenticator:
  2. Edit the following lines in config.properties (<MT>/WEB-INF/classes) to use the RSSOAuthenticator:
    * arsystem.authenticator=com.bmc.rsso.plugin.authenticator.RSSOAuthenticator
  3. Copy rsso-authenticator-plugin-all.jar from distribution/target to <MT>/WEB-INF/lib.
    For configuring the Web Agent:
  4. Copy rsso-agent-all.jar from distribution/target/rsso-agent into <MT>/WEB-INF/lib.
  5. Copy and modify the following file into <MT>/WEB-INF/classes. You must pay attention to the sso-external-url property. sso-external-url is a public user-faced URL exposed for end-users for authentication. It is recommended to use https connection. 
    * distribution/target/rsso-agent/rsso-agent.properties

    If RSSO is in cluster, both sso-external-url and sso-service-url should be Load Balancer (LB) url. for example, https://solqa-rsso.bmc.com/rsso and internal IP of LB should be mapped to hostname in hosts file on midtier machine.
    If it is a standalone RSSO, sso-external-url should be https e.g https://my-rsso.bmc.com/rsso and sso-service-url should be http url. For example, http://my-rsso.bmc.com/rsso.

     
    Note: The 'agent-id' property value in rsso-agent.properties file should be a unique identifier, but should be same on all nodes in a MidTier cluster. It is recommended to set its value to a simple identifier instead of a HTTP URL. For example, agent-id=midtier_agent
  6. Edit <MT>/WEB-INF/web.xml and add RSSO filter configuration.
    Note: Disable Atrium SSO filter if it exists in web.xml by commenting it.
    <filter> 
    <filter-name>RSSOFilter</filter-name> 
    <filter-class>com.bmc.rsso.agent.RSSOFilter</filter-class> 
    </filter> 
    <filter-mapping> 
    <filter-name>RSSOFilter</filter-name> 
    <url-pattern>/*</url-pattern> 
    </filter-mapping>
    Specified place of log4j.properties file can be configured with filter init-param with key 'log4j-properties'. If no specific parameter set then WEB-INF/classes/log4j.rsso-webagent.properties file will be used by default.
    For example: 
    <init-param> 
    <param-name>log4j-properties</param-name> 
    <param-value>/WEB-INF/classes/log4j.rsso-webagent.properties</param-value> 
    </init-param> 
  7. Copy distribution/target/log4j.rsso-webagent.properties file to <MT>/WEB-INF/classes
  8. Restart Midtier/Tomcat.
5.

Configure SmartIT/MyIT

  1. Stop SmartIT/MyIT Tomcat service.
    For configuring Web Agent:
  2. Copy rsso-agent-all.jar from distribution/target/rsso-agent to <SMART_IT_MYIT>/Smart_IT_MyIT/ux/WEB-INF/lib
  3. Copy and modify following file into <SMART_IT_MYIT>/Smart_IT_MyIT/ux/WEB-INF/classes
    * distribution/target/rsso-agent/rsso-agent.properties
    Note: 
    Almost same as MT integration, except 'logout-urls=/atssologout.html' in rsso-agent.properties. 

    The value of 'agent-id' property in rsso-agent.properties file should be a unique identifier, but should be same on all nodes in a SmartIT/MyIT cluster. It is recommended to set its value to a simple identifier instead of a HTTP URL. For example, agent-id=myit_smartit_agent.

    For configuring Client Library:
  4. Copy following jar files into <SMART_IT_MYIT>/Smart_IT_MyIT/ux/WEB-INF/lib:
    * distribution/target/rsso-sdk/rsso-sdk-atsso.jar
    * distribution/target/rsso-sdk/rsso-client-impl.jar
  5. Copy distribution/target/rsso-sdk/sso-sdk.properties into <SMART_IT_MYIT>/Smart_IT_MyIT/ux/WEB-INF/classes.
  6. Delete the existing Atrium SSO jar files in <SMART_IT_MYIT>/Smart_IT_MyIT/ux/WEB-INF/lib:
    * atsso-common-<version>.jar
    * atsso-sdk-<version>.jar
    * atsso-webagent-<version>.jar
  7. Restart SmartIT/MyIT Tomcat service.
  8. Make sure SSO integration is enabled on SmartIT database table
    * Go to SmartIT database table 'SmartIT_System.TENANT' and make sure the value of column 'SAML_AUTHENTICATION' value is True(1).
6.

Configure Analytics

Before executing the following steps to configure Analytics for RSSO, ensure that the prerequisites are met.

  1. Stop Analytics Tomcat service.    
    For configuring Web Agent :
  2. Copy distribution/target/rsso-agent/rsso-agent-all.jar  to <TOMCAT>/webapp/BI/WEB-INF/lib.
  3. Copy and modify following files into <TOMCAT>/webapp/BI/WEB-INF/classes:
    * distribution/target/rsso-agent/rsso-agent.properties
    (Note: configure 'logout-urls=/atssologout.html' in rsso-agent.properties)
    For configuring Client Library:
  4. Copy the following jar files into <TOMCAT>/webapp/BI/WEB-INF/lib:
    * distribution/target/rsso-sdk/rsso-sdk-atsso.jar
    * distribution/target/rsso-sdk/rsso-client-impl.jar
    * distribution/lib/log4j*.jar
    * distribution/lib/slf4j*.jar
    Note: For 'agent-id' property in rsso-agent.properties file, its value should be a unique identifier, but should be same on all nodes in a Analytics cluster (if applicable). It is recommended to set its value to a simple identifier instead of a HTTP URL. For example, agent-id=analytics_agent .
  5. Copy distribution/target/rsso-sdk/sso-sdk.properties into <TOMCAT>/webapp/BI/WEB-INF/classes.
  6. Delete the following Atrium SSO jar files in <TOMCAT>/webapp/BI/WEB-INF/lib:
    * atsso-common-<version>.jar
    * atsso-sdk-<version>.jar
    * atsso-webagent-<version>.jar
  7. Restart the Analytics Tomcat service.

Was this page helpful? Yes No Submitting... Thank you

Comments

  1. Kristoffer strange Johansen

    In 'Stage 2, Step 1 - Create a database for RSSO'  the link directs to a page where I need to request for access to see the content.

    May 10, 2016 03:46
    1. Punam Saxena

      Hi Kristoffer strange Johansen,

      Apologize for the delay in response. I have updated the link now.

      Regards,

      Punam

      Dec 20, 2016 01:03
  2. Diego Chavez

    Can the Create a database for RSSO link be fixed?  it still directs you to a page saying you dont have permissions.

    Dec 19, 2016 01:07
    1. Punam Saxena

      Hi Diego Chavez,

      I have fixed the link. Please verify if you can access the topic now.

      Regards,

      Punam

      Dec 20, 2016 01:04
      1. Diego Chavez

        Hi Punam, the link still does not work.  Now it just sends me back up to the top of this page.

        Dec 20, 2016 07:58
  3. Michael Hill

    Hi,

    Can someone fix the link on step 2?  The URL for "Create a database for RSSO" isn't correct - it just redirects you to the top of this same webpage.

    May 10, 2017 08:04
    1. Kamalakannan Srinivasan

      Hi Michael,

      Thank you for your comment. I made the necessary changes. The links works now.

      Regards,
      Kamal

      May 11, 2017 02:06