Limited support

 

This version of the product is in limited support. However, the documentation is available for your convenience. You will not be able to leave comments. Click here to view the documentation for the current version.

Configuring BMC Remedy Single Sign-On integration for BMC Digital Workplace Catalog

You must have system administrator privileges to install and configure BMC Remedy Single Sign-On (SSO) to enable  BMC Digital Workplace users to perform end-to-end service request tasks through  BMC Digital Workplace Catalog and BMC Remedy IT Service Management.

Important

BMC Digital Workplace Catalog  requires BMC Remedy Single Sign-On release 9.1.03 or later.

Related topics

Remedy Single Sign-On Open link (Online technical documentation)

Configuring BMC Digital Workplace Catalog for high availability

Integrating Remedy applications with BMC Digital Workplace Catalog

BMC Communities doc:
Integration Stopped Working After BMC Digital Workplace Catalog Upgrade to 19.02 Open link

Before you begin

This topic assumes you have already installed and configured BMC Remedy SSO onto a Windows or Linux server. After verifying the following setup requirements, you can configure the BMC Digital Workplace Catalog  server to authenticate through BMC Remedy SSO.

Values in <ANGLE_BRACKETS> refer to the server parameters that were used when installing BMC Digital Workplace Catalog .

  • To leverage and use the default BMC Digital Workplace Catalog  system users, while using any of the supported authentication systems, you must  enable AR System authentication for bypass Open link . For more information on setting up your groups and accounts, see User accounts, groups, and permissions for BMC Digital Workplace Catalog.
  • Ensure you can access:
    • BMC Remedy SSO administration console as the administrator.
    • BMC Digital Workplace Catalog server from the command line as <BMC_DWP_USER>. Example: Demo
  • Set up a Mid Tier to manage the  BMC Digital Workplace Catalog server.
    For instructions, see Setting up a Remedy Mid Tier for system administration of the BMC Digital Workplace Catalog server.
  • Confirm the following system settings, used in options.txt when the application was installed:
    • The location of the application installation, referred to as <installLocation>.
      Example: /opt/bmc/digitalworkplace
    • The tenant domain name configured for the application.
      Example: calbro.com
    • The fully qualified domain name or IP address of the server on which BMC Digital Workplace Catalog  is installed, referred to as <BMC_DWP_SERVER_HOST_NAME>.
      Example: 127.0.0.1
  • Create a catalog administrator user with adminmyit admin, and myit super admin permissions on the ITSM server. 

To configure BMC Remedy Single Sign-On

To configure the authentication scheme to prepare for integration with BMC Digital Workplace Catalog :

  1. Log onto the BMC Remedy SSO administration console.
  2. Go to General > Advanced and set values based on the following example:
    • Cookie Name: Any arbitrary value.
    • Backchannel Service URL: The URL to access BMC Remedy SSO.

      Note

      Starting with BMC Digital Workplace Catalog version 18.11, the Backchannel Service URL field is mandatory.

  3. In the Application Domains field, add the domain of the  BMC Digital Workplace Catalog server.

    Note

    You cannot use the same application domain in other realms.

  4. Go to Realm > General to confirm that the value of the Tenant field matches the tenant domain name configured for BMC Digital Workplace Catalog .

  5. Go to Realm > Authentication to confirm the AR Server Information settings.

  6. Click Test.
    The success message will appear if the configuration is correct.

  7. Save the configuration.

To configure the BMC Digital Workplace Catalog server

Tip

If you are configuring the BMC Digital Workplace Catalog server using a non-root user, request a user with root privileges to install XMLStarlet for successfully applying the required configuration.

Navigate to  <installer_directory>/install_files/ and type # rpm -Uvh xmlstarlet-1.3.1-1.el6.x86_64.rpm to install XMLStarlet.

  1. Navigate to /opt/bmc/digitalworkplace/sb/configure_rsso/
  2. Type ./configure_rsso.sh

  3. You will be prompted to provide the following details:

    PromptExample

    Enter agent id

    Note: The agent-id value for BMC Digital Workplace Catalog and BMC Digital Workplace must match for the single logout functionality to work.

    agent-dwpcatalog
    Enter SSO External URLhttp://<RemedySSO_Server>:<Port>/rsso
    Enter SSO Service URLhttp://<RemedySSO_Server>:<Port>/rsso
    Enter Tenant domain set in SSO Realm configurationcoke.com
    Enter the BMC Digital Workplace Catalog system administrator login namedwpadmin
    Password for BMC Digital Workplace Catalog system administrator***************
    Enter Tenant administrator login nametenant_admin@coke.com
    Password for Tenant administrator***************
  4. Restart the   BMC Digital Workplace Catalog  server.

    The following video (14:20) describes how to configure  BMC Digital Workplace Catalog  with BMC Remedy SSO.

      https://www.youtube.com/watch?v=K6T5MzQqGNM

BMC Remedy SSO for secondary servers

When configuring additional  BMC Digital Workplace Catalog servers to authenticate using BMC Remedy SSO as an ID provider, ensure that all the servers share the same values for the following settings:

  • sso-external-url
  • sso-service-url
  • agent-id

BMC Remedy SSO for other BMC applications

When configuring authentication for applications such as BMC Digital Workplace , Smart IT, and Remedy IT Service Management, note the following highlights:

General BMC Remedy SSO configuration

When configuring BMC Digital Workplace , BMC Remedy with Smart IT, and BMC Remedy Mid Tier to authenticate using BMC Remedy SSO as an ID provider, ensure that all the servers point to the same RSSO server specified in the following settings:

  • sso-external-url
  • sso-service-url

To configure BMC Remedy Mid Tier to not require the tenant domain

Without this setting, applications require login requests in a format used by BMC Digital Workplace Catalog .
Example: user@domain.com

With this setting, applications accept login requests that do not include a tenant domain.
Example: user

  1. On the server that hosts the mid tier, go to the following location and create a configuration folder.

    For instance, /opt/bmc/ARSystem/midtier/
  2. Create a new file called: rsso-authenticator.properties
  3. Open the rsso-authenticator.properties file in a text editor, and add the following line:

    ignore-tenant=true
  4. Save and close the file.

  5. Go to <Mid Tier installation directory>/WEB-INF/classes (For instance, /opt/bmc/ARSystem/midtier/WEB-INF/classes ) and open the config.properties file in a text editor, and add the following line to reference the rsso-authenticator.properties file:

    arsystem.authenticator.config.file=rsso-authenticator.properties
  6. In the apache tomcat\conf\catalina.properties file, add the following line:

    shared.loader=<Mid Tier installation directory>\conf
    OR
    shared.loader="C:/MidtierPath/conf"
  7. Save and close the file.
  8. (Windows server only) On a Windows server that hosts the mid tier, perform the following tasks:
    1. Open the Tomcat console, and add <Mid Tier installation directory>\conf to the Java Classpath:
    2. Restart the Tomcat server.

To configure  BMC Digital Workplace to not require the tenant domain

Without this setting, applications will expect a login request in the form used by BMC Digital Workplace Catalog .
Example: user@domain.com

With this setting, applications will accept a login request that does not include the tenant domain.
Example: user

  1. On the BMC Digital Workplace server, go to the following location:

    <BMC Digital Workplace tomcat directory>/external-conf
  2. Open the sso-sdk.properties file in a text editor.
  3. Add the following line:

    ignore-tenant=true
  4. Save and close the file.

For more information about configuring Remedy SSO with other BMC applications

For specific information, see the following topics in the BMC Remedy SSO online documentation:

  • Integrating Remedy SSO with BMC Digital Workplace Open link
  • Error rendering macro 'link-window'

    Failed to transform the HTML macro template for display. Nested message: The XML content could not be parsed. There is a problem at line 4, column 157. Parser message: Duplicate attribute &#39;remedy&#39;. at [row,col {unknown-source}]: [4,157]

To configure logging to help troubleshoot issues with RSSO 

  1. On the  BMC Digital Workplace Catalog server, open /opt/bmc/dw/bin/arserverd.conf.
  2. Copy the last jvm.option.xx parameter, and add it to the file.
  3. Replace the xx value of the jvm.option.xx parameter with the "+1" value. In the following example, the previous line was 22:

    jvm.option.23=-Drsso.log.cfg.file=/opt/bmc/digitalworkplace/conf/rsso-log.cfg
  4. Open /opt/bmc/digitalworkplace/conf/rsso-log.cfg, and make sure it has the following configuration:

    rsso.log.name.format=rs_Try.%g.log
    rsso.log.level=FINEST
    rsso.log.roll=10
    rsso.log.limit=5242880
    rsso.log.dir=/opt/bmc/digitalworkplace/db/
  5. Open /opt/bmc/digitalworkplace/pluginsvr/log4j_pluginsvr.xml
  6. Make the following changes to debug:

    <logger name="com.bmc.arsys.pluginsvr">
    <level value="debug" />
    </logger>
    ......
    <root>
    <priority value ="error" />
    <appender-ref ref="PluginLog" />
    </root>
  7. Open the /opt/bmc/digitalworkplace/conf/logback_server.xml

    <logger name="com.bmc.rsso" level="DEBUG" additivity="false">
    <appender-ref ref="BUNDLE" />
    </logger>
  8.  Restart the  BMC Digital Workplace Catalog  server.

  9. Log in to the Mid tier tool as Demo.

  10. Click on the AR System Administration Console, and go to Common Server Configuration > General > Plugin Server Configuration
  11. Click OK through the warning messages that show up. 
  12. Once the Plugin Server Configuration screen appears, click on the Plugin Server Configuration tab. 
  13. Under the Logging Configuration, switch the Enable Plugin Log to True and the Log Level to Debug, and click Apply
  14. Click OK through the warning messages that show up.

Validation

Once you have carried out all the necessary steps, log in to  BMC Digital Workplace Catalog  and BMC Digital Workplace  to ensure Remedy SSO has been installed and configured correctly. If it is correctly installed, you will be able to access both servers by logging in just once.

Troubleshooting

Core bundles report "not yet up"

If you attempt to restart the  BMC Digital Workplace Catalog platform server before completing the configuration steps, you might see the following error repeated:

Example
Checking core bundles are up before running migrations. Not yet up
...

Ensure that you complete the configuration before restarting the server. If you have completed the configuration and still receive this error, check for any exceptions in the following log files:

  • <installLocation>/db/arjavaplugin.log
  • <installLocation>/db/arerror.log

Where to go from here

Complete the remaining procedures in Configuring after installation of BMC Digital Workplace Catalog that are required for your deployment scenario.

This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.

Comments