Error: Invalid spaceKey on retrieving a related space config.

Integration with BMC Remedy Single Sign-On

BMC Remedy Single Sign-On (BMC Remedy SSO) is an authentication system that supports various authentication protocols such as LDAP and provides single sign-on for users of BMC products. For more information about BMC Remedy Single Sign-On, including installation and configuration, see BMC Remedy Single Sign-On overview in the BMC Remedy Action Request System 9.1 online documentation.

Integrating BCM with BMC Remedy SSO enables Remedy with Smart IT technicians to remote control BCM managed endpoints through the BCM browser-based console.

The BMC Remedy SSO administrator typically provides the parameters needed to apply Remedy SSO settings in BCM. As a BCM administrator, ensure that the mandatory settings are met to ensure a successful integration.

To integrate with BMC Remedy SSO, a BCM administrator must configure Remedy SSO parameters in the BCM console. After successfully configuring Remedy SSO with BCM, the Remedy with Smart IT administrator gets access to the BCM browser-based console to search for and remote control BCM managed devices.

Before you begin

As a BCM administrator who is integrating BCM with Remedy SSO, ensure that the following settings are met:

  • Remedy SSO parameter details
    • RSSO URL
    • Realm
    • Certificate Authority
    • Server Certificate

Mandatory settings

  • The minimum supported version of BMC Remedy SSO is 9.1.01 and later.
  • The BCM master and the BMC Remedy SSO server must be in the same domain. For example, if the BCM master server domain name is bcm.calbro.com, then the BMC Remedy SSO domain name must be rsso.calbro.com.
  • BCM and the BMC Remedy SSO server must use the same LDAP server. Otherwise, BCM is unable to check user permissions even if the user has successfully logged in through BMC Remedy SSO.
  • The BCM master server must have a reservation in DNS and must be accessed using that DNS name; otherwise, the integration fails and the following message is displayed: Forbidden request! Goto url is wrong.
  • The same user must be present on both BMC Remedy SSO and BCM master server; otherwise, the integration fails. For example, if AllenBrooks is authenticated through Remedy SSO, then a user AllenBrooks should be present on the BCM master server as well.

Considerations for configuring certificates

Communication between BCM and BMC Remedy SSO can take place only over secured protocol (HTTPS). To enable communication by using HTTPS, you must obtain the HTTPS certificate from the Remedy SSO server.

You can supply a CA bundle that is trusted by your organization, pin the certificate downloaded from BMC Remedy SSO, or use both.

A pinned certificate is more secure than a CA bundle; however, pinned certificates require more frequent renewal. BMC recommends that you use both a pinned certificate and a trusted CA bundle to verify the identity of the Remedy SSO server.

BMC Remedy SSO parameters

As a BCM administrator, you must get the following settings from a Remedy SSO administrator. The following parameters are required to configure Remedy SSO with BCM.

ParameterDescription
EnabledDefines whether the Remedy SSO server authentication is activated.
RSSO Server URLEnter the URL for the BMC Remedy SSO server. The Remedy SSO server URL must begin with https and have the same domain as the BCM master server. For example, use bcm.calbro.com and rsso.calbro.com.
RSSO Realm ID

A realm is a virtual identity provider used to authenticate a domain. Contact your Remedy SSO administrator for the Realm ID.

This field must not be empty. The Realm ID must exist on the Remedy SSO server.

Product IdentifierDefines the identifier for BMC Client Management. The identifier must be unique for each application that provides authentication through Remedy SSO server.
RSSO Token revalidation periodEnter the revalidation period in seconds. For more information, contact your Remedy SSO administrator. 
Certificate Authority BundleConfigures the list of certificate authorities that BMC Client Management must trust when connecting to a Remedy SSO server.
Server CertificateDefines the server certificate to accept when connecting to the Remedy SSO server. This certificate is taken from the Remedy SSO server and it must be pinned to use the certificate.

Note: You must configure a certificate on the BMC Client Management console using one of the options for security purposes.

 

Configuring BCM to integrate with BMC Remedy SSO

As a BCM administrator, you need the required parameters to configure Remedy SSO in BCM.

To apply the BMC Remedy SSO settings, perform the following steps: 

  1. In the BCM console, go to Global Settings > System Variables.
  2. In the RSSO tab, enter the parameter values.
    1. Enable RSSO
    2. RSSO URL
    3. RSSO Realm ID
    4. Product Identifier
    5. RSSO Token revalidation period
    6. Certificate Authority
    7. Server Certificate
  3. Click OK.

Troubleshooting

IssueCause(s)Resolution(s)
BCM integration with Remedy SSO not successful

Incorrect Remedy SSO parameters

Remedy SSO server down

 

Contact Remedy administrator
Cannot authenticate into BCM browser-based console

Remedy SSO server down

Incorrect Remedy SSO credentials

Incorrect configuration in BCM

Contact Remedy administrator to ensure Remedy server is up and running

Contact BCM administrator to check whether Remedy SSO is correctly configured


Next steps

Connect to the BCM browser-based console using Remedy SSO credentials

Was this page helpful? Yes No Submitting... Thank you

Comments