Integration with Remedy Single Sign-On
Remedy Single Sign-On (Remedy SSO) is an authentication system that supports various authentication protocols such as LDAP and provides single sign-on for users of BMC products. For more information about Remedy Single Sign-On, including installation and configuration, see Remedy Single Sign-On overview in the Remedy Action Request System 19.05 online documentation.
Integrating BCM with Remedy SSO enables Remedy with Smart IT technicians to remote control BCM managed endpoints through the BCM browser-based console.
The Remedy SSO administrator typically provides the parameters needed to apply Remedy SSO settings in BCM. As a BCM administrator, ensure that the mandatory settings are met to ensure a successful integration.
To integrate with Remedy SSO, a BCM administrator must configure Remedy SSO parameters in the BCM console. After successfully configuring Remedy SSO with BCM, the Remedy with Smart IT administrator gets access to the BCM browser-based console to search for and remote control BCM managed devices.
Before you begin
As a BCM administrator who is integrating BCM with Remedy SSO, ensure that the following settings are met:
- Remedy SSO parameter details
- RSSO URL
- Realm
- Certificate Authority
- Server Certificate
Mandatory settings
- The minimum supported version of Remedy SSO is 9.1.01 and later.
- The BCM master and the Remedy SSO server must be in the same domain. For example, if the BCM master server domain name is bcm.calbro.com, then the Remedy SSO domain name must be rsso.calbro.com.
- BCM and the Remedy SSO server must use the same LDAP server. Otherwise, BCM is unable to check user permissions even if the user has successfully logged in through Remedy SSO.
- The BCM master server must have a reservation in DNS and must be accessed using that DNS name; otherwise, the integration fails and the following message is displayed: Forbidden request! Goto url is wrong.
- The same user must be present on both Remedy SSO and BCM master server; otherwise, the integration fails. For example, if AllenBrooks is authenticated through Remedy SSO, then a user AllenBrooks should be present on the BCM master server as well.
Considerations for configuring certificates
Communication between BCM and Remedy SSO can take place only over secured protocol (HTTPS). To enable communication by using HTTPS, you must obtain the HTTPS certificate from the Remedy SSO server.
You can supply a CA bundle that is trusted by your organization, pin the certificate downloaded from Remedy SSO, or use both.
A pinned certificate is more secure than a CA bundle; however, pinned certificates require more frequent renewal. BMC recommends that you use both a pinned certificate and a trusted CA bundle to verify the identity of the Remedy SSO server.
Remedy SSO parameters
As a BCM administrator, you must get the following settings from a Remedy SSO administrator. The following parameters are required to configure Remedy SSO with BCM.
| Parameter | Description |
|---|---|
| Enabled | Defines whether the Remedy SSO server authentication is activated. |
| RSSO Server URL | Enter the URL for the Remedy SSO server. The Remedy SSO server URL must begin with https and have the same domain as the BCM master server. For example, use bcm.calbro.com and rsso.calbro.com. |
| RSSO Realm ID | A realm is a virtual identity provider used to authenticate a domain. Contact your Remedy SSO administrator for the Realm ID. This field must not be empty. The Realm ID must exist on the Remedy SSO server. |
| Product Identifier | Defines the identifier for BMC Client Management. The identifier must be unique for each application that provides authentication through Remedy SSO server. |
| RSSO Token revalidation period | Enter the revalidation period in seconds. For more information, contact your Remedy SSO administrator. |
| Certificate Authority Bundle | Configures the list of certificate authorities that BMC Client Management must trust when connecting to a Remedy SSO server. |
| Server Certificate | Defines the server certificate to accept when connecting to the Remedy SSO server. This certificate is taken from the Remedy SSO server and it must be pinned to use the certificate. |
Note: You must configure a certificate on the BMC Client Management console using one of the options for security purposes.
To configure BCM to integrate with Remedy SSO
As a BCM administrator, you need the required parameters to configure Remedy SSO in BCM.
To apply the Remedy SSO settings, perform the following steps:
- In the BCM console, go to Global Settings > System Variables.
- In the RSSO tab, enter the parameter values.
- Enable RSSO
- RSSO URL
- RSSO Realm ID
- Product Identifier
- RSSO Token revalidation period
- Certificate Authority
- Server Certificate
- Click OK.
Troubleshooting
| Issue | Cause(s) | Resolution(s) |
|---|---|---|
| BCM integration with Remedy SSO not successful | Incorrect Remedy SSO parameters Remedy SSO server down
| Contact Remedy administrator |
| Cannot authenticate into BCM browser-based console | Remedy SSO server down Incorrect Remedy SSO credentials Incorrect configuration in BCM | Contact Remedy administrator to ensure Remedy server is up and running Contact BCM administrator to check whether Remedy SSO is correctly configured |
Next step
Connect to the BCM browser-based console using Remedy SSO credentials
Comments
Log in or register to comment.