Limited support This version of the product is in limited support. However, the documentation is available for your convenience. You will not be able to leave comments. Click here to view the documentation for the current version.

Configuring BMC Remedy Single Sign-On integration for BMC Digital Workplace Catalog


You must have system administrator privileges to install and configure BMC Remedy Single Sign-On (SSO) to enable BMC Digital Workplace users to perform end-to-end service request tasks through BMC Digital Workplace Catalog and BMC Remedy IT Service Management.

Important

BMC Digital Workplace Catalog requires BMC Remedy Single Sign-On release 9.1.03 or later.

Before you begin

This topic assumes you have already installed and configured BMC Remedy SSO onto a Windows or Linux server. After verifying the following setup requirements, you can configure the BMC Digital Workplace Catalog  server to authenticate through BMC Remedy SSO.

Values in <ANGLE_BRACKETS> refer to the server parameters that were used when installing BMC Digital Workplace Catalog .

  • Set up a Mid Tier to manage the  BMC Digital Workplace Catalog server.
    For instructions, see Setting-up-a-Remedy-Mid-Tier-for-system-administration-of-the-BMC-Digital-Workplace-Catalog-server.
  • Confirm the following system settings, used in options.txt when the application was installed:
    • The location of the application installation, referred to as <installLocation>.
      Example: /opt/bmc/digitalworkplace
    • The tenant domain name configured for the application.
      Example: calbro.com
    • The fully qualified domain name or IP address of the server on which BMC Digital Workplace Catalog is installed, referred to as <BMC_DWP_SERVER_HOST_NAME>.
      Example: 127.0.0.1
  • Create a catalog administrator user with adminmyit admin, and myit super admin permissions on the ITSM server. 

To configure BMC Remedy Single Sign-On

To configure the authentication scheme to prepare for integration with BMC Digital Workplace Catalog:

  1. Log onto the BMC Remedy SSO administration console.
  2. Go to General > Advanced and set values based on the following example:

    • Cookie Name: Any arbitrary value.
    • Backchannel Service URL: The URL to access BMC Remedy SSO.

    rsso_general_advanced_backchannel.png

  3. Go to Realm > General to confirm that the value of the Tenant field matches the tenant domain name configured for BMC Digital Workplace Catalog .
    rsso_realm_general.png
  4. Go to Realm > Authentication to confirm the AR Server Information settings.
  5. Click Test.
    The success message will appear if the configuration is correct.

    rsso_realm_authentication.png

  6. Save the configuration.

To configure the BMC Digital Workplace Catalog server

To configure  BMC Digital Workplace Catalog to use BMC Remedy SSO, you must copy the required integration files into specific locations. Then you must edit the configuration files, and configure the external authentication options using BMC Remedy Mid Tier.

To copy the BMC Remedy SSO files into the required locations

When you installed BMC Digital Workplace Catalog , the installer copied the required BMC Remedy SSO agent library and configuration files into a hidden location on the server.

  1. On the  BMC Digital Workplace Catalog server, find the hidden .rsso folder.

    Example
    # cd <installLocation>/sb/
    # ls -al

    The .rsso folder is a hidden file in the list of files and folders.

  2. Copy the following files from <installLocation>/sb/.rsso into the specified target locations.

    File name

    Target location

    rsso-agent-osgi.jar

    <installLocation>/deploy

    rsso-agent.properties

    <installLocation>/conf

    rsso.cfg

    <installLocation>/conf

    gson-2.3.1.jar

    <installLocation>/pluginsvr

    rsso-area-plugin-all.jar

    <installLocation>/pluginsvr

To edit the configuration files

Use a text editor to edit the configuration files to modify the required settings.

  1. On the  BMC Digital Workplace Catalog server, stop the application before editing the configuration files to match your settings.

    Example
    # cd <installLocation>
    # ./dwpcontroller stop
  2. Open <installLocation>/conf/rsso-agent.properties, and confirm or update the following values:

    Property name

    Example value

    Comment

    agent-id

    agent-sbe

    Unique value for each application where BMC Remedy SSO is configured. In a clustered system, all nodes of the same application share the same agent-id. The agent-id values for BMC Digital Workplace and BMC Digital Workplace Catalog must match -- the logout functionality will not work otherwise.

    logout-urls

    /sso_logout

    Default value; do not change.

    sso-external-url

    https://idprovider.calbro.com/rsso

    Public RSSO server URL for end user login/logout .

    sso-service-url

    https://api.calbro.com/rsso

    API endpoint URL of the BMC Remedy SSO server used for internal calls within the application.
    You can also use the same URL as sso-external-url .

  3. Open the <installLocation>/pluginsvr/pluginsvr_config.xml file and comment out or remove the following plugin sections:

    Example
    <!--
    <plugin>
    <name>ARSYS.ARF.ATSSOCONFIRMPWD</name>
    ...
    </plugin>
    -->

    <!--
    <plugin>
    <name>ARSYS.AREA.ATRIUMSSO</name>
    ...
    </plugin>
    -->

    <!--
    <plugin>
    <name>ARSYS.ARDBC.PENTAHO</name>
    ...
    </plugin>
    -->
  4. In the same <installLocation>/pluginsvr/pluginsvr_config.xml file, insert the following section. Replace $installLocation in the example to match where you installed the application:

    Example
    <plugin>
       <name>ARSYS.AREA.RSSO</name>
       <classname>com.bmc.rsso.plugin.area.RSSOPlugin</classname>
       <pathelement type="location">$installLocation/pluginsvr/rsso-area-plugin-all.jar</pathelement>
       <pathelement type="location">$installLocation/pluginsvr/gson-2.3.1.jar</pathelement>
       <userDefined>
           <configFile>$installLocation/conf/rsso.cfg</configFile>
       </userDefined>
    </plugin>
  5. Open the <installLocation>/conf/ar.conf file, and comment out or remove the following entries.

    In the example, 127.0.0.1 represents the server IP address that is specified in the installation configuration as: BMC_DWP_SERVER_HOST_NAME

    Example
    #Server-Plugin-Alias: ARSYS.ARDBC.PENTAHO ARSYS.ARDBC.PENTAHO 127.0.0.1:9999
    #Server-Plugin-Alias: ARSYS.ARF.ARMIGRATE ARSYS.ARF.ARMIGRATE 127.0.0.1:9999
    #Server-Plugin-Alias: ARSYS.ARF.ATSSOCONFIRMPWD 127.0.0.0.1:9999
    #Server-Plugin-Alias: ARSYS.ARDBC.ARREPORTENGINE ARSYS.ARDBC.ARREPORTENGINE 127.0.0.1:9999
  6. In the same <installLocation>/conf/ar.conf file, insert the following line. Replace 127.0.0.1 with the server IP address or fully qualified domain name specified in the installation configuration as: BMC_DWP_SERVER_HOST_NAME.

    Example
    Server-Plugin-Alias: AREA AREA 127.0.0.1:9999
  7. Open the <installLocation>/conf/rsso.cfg file, and verify all lines that begin with SSO-SERVICE-URL are commented out:

    Example
    #SSO-SERVICE-URL: http://rsso-server-example.com:9000/rsso
  8. Open the <installLocation>/sb/env/set_script_variables.sh file, and set export TENANT_NAME to match the Tenant field in the BMC Remedy SSO Realm configuration:

    Example
    export TENANT_NAME=calbro.com

To configure the external authentication options using BMC Remedy Mid Tier

The following configuration must be performed using the credentials of the application administrator user, specified in the installation configuration as: <BMC_DWP_ADMIN>

In the following steps, the example <BMC_DWP_ADMIN> account is the default Demo user.

  1. Log onto the BMC Remedy Mid Tier configured for the  BMC Digital Workplace Catalog server as the application administrator.
  2. Select AR System Administration > AR System Administration Console.
  3. Expand Common Server Configuration > General
  4. Click Server Information.
  5. On the EA tab at the server level:

    • Set External Authentication Server RPC Program Number to 390695:
    • Clear the Cross Reference Blank Password check box.

    rsso_server_information_external_auth.png

    EA is an acronym for External Authentication. For more information about configuring alternate single sign-on methods, and the meaning of the component settings, see Setting-external-authentication-options (BMC Remedy Action Request System 9.1 online documentation).
    Ignore the warning to restart the AR System server. You will restart after you configure the tenant settings.

  6. Click Apply.
  7. Click Close to return to Common Server Configuration > General.
  8. Log out of the AR System Administration Console.

To prepare for Remedy ITSM user sync utility

If you will be copying users from an existing Remedy IT Service Management user database, you must modify a tenant configuration setting as the tenant administrator.

In the following steps, the example tenant administrator is hannah_admin@calbro.com.

  1. Log onto the BMC Remedy Mid Tier configured for the  BMC Digital Workplace Catalog server as the tenant administrator.
  2. Select AR System Administration > AR System Administration Console.
  3. Expand Tenant Server Configuration > General
  4. Click Server Information.
  5. On the EA tab:

    • Select the Cross Reference Blank Password check box.
    • From the Authentication Chaining Mode options, select ARS - AREA.

    rsso_crossref_blank_password_authentication_chaining.png

  6. Click Apply.
  7. Click Close to return to Tenant Server Configuration > General.
  8. Log out of the AR System Administration Console.

To restart the server

Start the server, and enter the credentials of the system administrator when prompted.

Example
# cd /opt/bmc/ARsystem
# ./dwpcontroller start

BMC Remedy SSO for secondary servers

When configuring additional BMC Digital Workplace Catalog servers to authenticate using BMC Remedy SSO as an ID provider, ensure that all the servers share the same values for the following settings:

  • sso-external-url
  • sso-service-url
  • agent-id

BMC Remedy SSO for other BMC applications

When configuring authentication for applications such as BMC Digital Workplace, Smart IT, and Remedy IT Service Management, note the following highlights:

General BMC Remedy SSO configuration

When configuring BMC Digital Workplace, BMC Remedy with Smart IT, and BMC Remedy Mid Tier to authenticate using BMC Remedy SSO as an ID provider, ensure that all the servers point to the same RSSO server specified in the following settings:

  • sso-external-url
  • sso-service-url

To configure BMC Remedy Mid Tier to not require the tenant domain

Without this setting, applications require login requests in a format used by BMC Digital Workplace Catalog.
Example: user@domain.com

With this setting, applications accept login requests that do not include a tenant domain.
Example: user

  1. On the server that hosts the mid tier, go to the following location:

    <Mid Tier installation directory>/conf
    For instance, /opt/bmc/ARSystem/midtier/conf
  2. Create a new file called: rsso-authenticator.properties
  3. Open the rsso-authenticator.properties file in a text editor, and add the following line:

    ignore-tenant=true
  4. Save and close the file.
  5. Go to <Mid Tier installation directory>/WEB-INF/classes (For instance, /opt/bmc/ARSystem/midtier/WEB-INF/classes) and open the config.properties file in a text editor, and add the following line to reference the rsso-authenticator.properties file:

    arsystem.authenticator.config.file=rsso-authenticator.properties
  6. In the apache tomcat\conf\catalina.properties file, add the following line:

    shared.loader=<Mid Tier installation directory>\conf
    OR
    shared.loader="C:/MidtierPath/conf"
  7. Save and close the file.
  8. (Windows server only) On a Windows server that hosts the mid tier, perform the following tasks:
    1. Open the Tomcat console, and add <Mid Tier installation directory>\conf to the Java Classpath:
      image2018-3-19_15-47-51.png
    2. Restart the Tomcat server.

For more information about configuring Remedy SSO with other BMC applications

For specific information, see the following topics in the BMC Remedy SSO 9.1 online documentation:

To configure logging to help troubleshoot issues with RSSO

  1. On the BMC Digital Workplace Catalogserver, open /opt/bmc/dw/bin/arserverd.conf.
  2. Copy the last jvm.option.xx parameter, and add it to the file.
  3. Replace the xx value of the jvm.option.xx parameter with the "+1" value. In the following example, the previous line was 22:

    jvm.option.23=-Drsso.log.cfg.file=/opt/bmc/digitalworkplace/conf/rsso-log.cfg
  4. Open /opt/bmc/digitalworkplace/conf/rsso-log.cfg, and make sure it has the following configuration:

    rsso.log.name.format=rs_Try.%g.log
    rsso.log.level=FINEST
    rsso.log.roll=10
    rsso.log.limit=5242880
    rsso.log.dir=/opt/bmc/digitalworkplace/db/
  5. Open /opt/bmc/digitalworkplace/pluginsvr/log4j_pluginsvr.xml
  6. Make the following changes to debug:

    <logger name="com.bmc.arsys.pluginsvr">
    <level value="debug" />
    </logger>
    ......
    <root>
    <priority value ="error" />
    <appender-ref ref="PluginLog" />
    </root>
  7. Open the /opt/bmc/digitalworkplace/conf/logback_server.xml

    <logger name="com.bmc.rsso" level="DEBUG" additivity="false">
    <appender-ref ref="BUNDLE" />
    </logger>
  8.  Restart the BMC Digital Workplace Catalog server.
  9. Log in to the Mid tier tool as Demo.
  10. Click on the AR System Administration Console, and go to Common Server Configuration > General > Plugin Server Configuration
  11. Click OK through the warning messages that show up. 
  12. Once the Plugin Server Configuration screen appears, click on the Plugin Server Configuration tab. 
  13. Under the Logging Configuration, switch the Enable Plugin Log to True and the Log Level to Debug, and click Apply
  14. Click OK through the warning messages that show up.

Validation

Once you have carried out all the necessary steps, log in to BMC Digital Workplace Catalog and BMC Digital Workplace to ensure Remedy SSO has been installed and configured correctly. If it is correctly installed, you will be able to access both servers by logging in just once.

Troubleshooting

Core bundles report "not yet up"

If you attempt to restart the  BMC Digital Workplace Catalog platform server before completing the configuration steps, you might see the following error repeated:

Example
Checking core bundles are up before running migrations. Not yet up
...

Ensure that you complete the configuration before restarting the server. If you have completed the configuration and still receive this error, check for any exceptions in the following log files:

  • <installLocation>/db/arjavaplugin.log
  • <installLocation>/db/arerror.log

Where to go from here

Complete the remaining procedures in Configuring-after-installation-of-BMC-Digital-Workplace-Catalog that are required for your deployment scenario.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*