Creating rsso-agent.properties file

If you plan to integrate the BMC Digital Workplace with Remedy Single Sign-On, you need to create the rsso-agent.properties file on the BMC Digital Workplace server.

Mappings required between the BMC Digital Workplace domain and Remedy Single Sign-On server

Define the mapping between the BMC Digital Workplace domain and Remedy Single Sign-On server (<domain>:<url>) using the following properties in the rsso-agent.properties file.

• sso-external-url
  • Agent redirects the browser (user’s request) to this URL when the agent detects that the request needs to be authenticated.
  • Agent redirects browser to this URL when the agent detects that the application logout is completed (that is, if the request refers to "logout-urls").
• sso-service-url
  • Agent uses this the URL to call the Remedy Single Sign-On web app APIs to:
    
    • Retrieve configuration details, such as cookie name, cookie domain, and realm-domain mappings.
    • Check whether the token cookie from the browser (user's request) is valid and if it is valid, retrieve Remedy Single Sign-On.
    • Register the Remedy SSO server to track other application agents. The tracking helps the agent to know the login status of other application agents prior to logging out.

To support multiple Remedy Single Sign-On servers on an agent, set the different values of the domain-to-server mapping as comma-separated strings. For example, assume that the Remedy Single Sign-On server for the domain “firstcompany” is firstcompany-rsso.bmc.com and the Remedy Single Sign-On server for the domain “secondcompany” is secondcompany-rsso.bmc.com. Then, the properties definition will be as follows:

• sso-external-url=firstcompany:https://firstcompany-rsso.bmc.com:8443/rsso,secondcompany:https://secondcompany-rsso.bmc.com:8443/rsso
• sso-service-url=firstcompany:http://firstcompany-rsso.bmc.com:8080/rsso,secondcompany:http://secondcompany-rsso.bmc.com:8080/rsso

To create the rsso-agent.properties file

1. On the BMC Digital Workplace server, navigate to /opt/apache/tomcat8.5/external-conf.
2. Create the rsso-agent.properties file.

3. Copy the following content to the rsso-agent.properties file, and adjust the configuration values as required.

   # For the Agent Identifier, representing an application integrated with BMC Remedy Single Sign-On, set application URL as its value.
   # The value should be the same on all nodes in same application cluster, but should be different for different applications.
   # e.g. agent-id = http://midtier-hostname/arsys
   
   agent-id=myit-agent
   
   # Application URL to trigger RSSO logout, usually is redirected after application logout is completed
   
   logout-urls=/atssologout.html
   
   # Application URL patterns NOT going through RSSO web agent filter
   excluded-urlpattern=.*\\.xml|.*\\.gif|.*\\.css|.*\\.ico|/shared/config/.*|/WSDL/.*|/shared/error.jsp|/shared/timer/.*|/shared/login_commn.jsp|/shared/view_form.jsp|
   /shared/ar_url_encoder.jsp|/ThirdPartyJars/.*|/shared/logout.jsp|/shared/doc/.*|/shared/images/.*|/shared/login.jsp|/services/.*|/shared/file_not_found.jsp|/plugins/.*|
   /shared/wait.jsp|/servlet/GoatConfigServlet|/servlet/ConfigServlet|/shared/HTTPPost.class|/shared/FileUpload.jar|/BackChannel.*|/servlet/LicenseReleaseServlet.*
   
   # If this property is set to true, the application context name will not be excluded for checking excluded url pattern
   # context-included=false
   # RSSO webapp external url for redirection
   # To support multiple RSSO webapps, set the value to a comma separated string: each represents a 'domain to server url' mapping, with the format of <domain>:<url>, 
   # e.g. domain1:https://server1:8443/rsso,domain2:https://server2:8443/rsso
   
   sso-external-url=http://testserver.bmc.com:8080/rsso
   
   # RSSO webapp internal url for service call. Use HTTP instead of HTTPS protocol to avoid problems with handshake.
   # To support multiple RSSO webapps, set the value to a comma separated string, each represents a 'domain to server url' mapping, with the format of <domain>:<url>, 
   # e.g. domain1:http://server1:8080/rsso,domain2:http://server2:8080/rsso
   
   sso-service-url=http://testserver.bmc.com:8080/rsso
   
   # Time during that cached token status will be used without verified at SSO server side. Default value is 3 min.
   # token-status-cache-timeout=180
   
   # MSP-related flags
   # Flag to show realm-entry-page for the MSP deployments
   # msp-deployment=true
   # msp-always-show-domain-entry-page=true
   
   # To disable Remedy SSO agent just set value to true. In this case all requests will not being processed by Remedy SSO.
   # skip-filter=false
   
   # That property is mandatory for preauthentication. Put one of the following possible values: GET or POST
   # preauth-type=GET
   
   # Action path mask. If agent detects /_rsso in servlet path. Default value is: /_rsso
   # action-path-mask=/_rsso
   
   use-in-memory-cache=true

4. Save the changes.

5. Restart the Tomcat server.

Where to go from here

Configuring BMC Digital Workplace for Remedy Single Sign-On