Configuring BMC Remedy Single Sign-On integration for BMC Digital Workplace Catalog
To enable a single sign-on experience for users to access BMC Digital Workplace and BMC Digital Workplace Catalog, you must have system administrator privileges to install and configure BMC Remedy Single Sign-On (SSO).
Important
BMC Digital Workplace Catalog requires BMC Remedy Single Sign-On server version 18.08 or later.
Before you begin
- Install and configure BMC Remedy SSO onto a Windows or Linux server. Ensure you can access BMC Remedy SSO Administration Console as the administrator.
- Integrate Remedy SSO with BMC Digital Workplace.
- (Optional) Set up a Mid Tier to manage the BMC Digital Workplace Catalog server. For instructions, see Setting up a Remedy Mid Tier for system administration of the BMC Digital Workplace Catalog server.
Configuring BMC Digital Workplace Catalog for high availability
Integrating Remedy applications with BMC Digital Workplace Catalog
Error rendering macro 'link-window'
Failed to transform the HTML macro template for display. Nested message: The XML content could not be parsed. There is a problem at line 4, column 129. Parser message: Duplicate attribute 'rsso'. at [row,col {unknown-source}]: [4,129]
From the Remedy Single Sign-On online documentation:
Remedy Single Sign-On 19.11
Integrating Remedy SSO with BMC Digital Workplace
BMC Communities documents:
How to Integrate BMC Digital Workplace Advanced with RSSO?
RSSO Troubleshooting / Changing RSSO Default logging directory
Integration Stopped Working After BMC Digital Workplace Catalog Upgrade to 19.02
Overview of integrating BMC Digital Workplace Catalog with Remedy Single Sign-On
To integrate BMC Digital Workplace Catalog with Remedy Single Sign-On, perform the following tasks:
- Task 1: Perform the pre-integration preparation tasks
- Task 2: Configure BMC Remedy Single Sign-On for integration with BMC Digital Workplace Catalog
- Task 3: Ensure that BMC Remedy SSO can find the BMC Digital Workplace Catalog installation
- Task 4: Configure the BMC Digital Workplace Catalog server for integration with Remedy SSO
- Task 5: To configure integrated applications to not require the tenant domain
- Task 6: To configure logging to help troubleshoot issues with RSSO
- Task 7: To validate the integration between BMC Digital Workplace Catalog and Remedy Single Sign-On
Task 1: Perform the pre-integration preparation tasks
Create a catalog administrator user with admin, myit admin, and myit super admin permissions on the ITSM server.
To leverage and use the default BMC Digital Workplace Catalog system users, you must enable AR authentication for bypass
while using any of the supported authentication systems.- Ensure you can access BMC Digital Workplace Catalog server from the command line as
<BMC_DWP_USER>. Example: Demo Obtain the following installation settings, used for the BMC Digital Workplace Catalog installation:
Installation parameter Description Example installLocationThe location of the BMC Digital Workplace Catalog installation.
/opt/bmc/digitalworkplacetenant_domain_nameThe tenant domain name configured for the BMC Digital Workplace Catalog.
calbro.combmc_dwp_server_host_nameThe fully qualified domain name or IP address of the server on which BMC Digital Workplace Catalog is installed
127.0.0.1
Now you can configure the BMC Digital Workplace Catalog server to authenticate through BMC Remedy SSO.
Task 2: Configure BMC Remedy Single Sign-On for integration with BMC Digital Workplace Catalog
To configure the authentication scheme to prepare for integration with BMC Digital Workplace Catalog:
- Log onto the BMC Remedy SSO Administration Console.
- Go to General > Advanced and set values based on the following example:
Cookie Name: Any arbitrary value.
Backchannel Service URL: The URL to access BMC Remedy SSO.
Go to Realm > General to confirm that the value of the Tenant field matches the tenant domain name configured for BMC Digital Workplace Catalog.
In the Application Domains field, add the domain of the BMC Digital Workplace Catalog server.
Note
You cannot use the same application domain in other realms.
Go to Realm > Authentication to confirm the AR Server Information settings.
Click Test.
The success message will appear if the configuration is correct.
- Save the configuration.
Task 3: Ensure that BMC Remedy SSO can find the BMC Digital Workplace Catalog installation
The rsso-agent-osgi.jar library expects the environment variable BMC_AR_SERVER_HOME to contain the BMC Digital Workplace Catalog installation location. The location variable is registered during installation or upgrade.
- On the BMC Digital Workplace Catalog server, find the hidden ~/.bmc_profile file.
The home directory represented by ~ should be owned by the user who starts the application. Open the ~/.bmc_profile file in a text editor. The setting for the environment variable should be present.
BMC_AR_SERVER_HOME="/opt/bmc/digitalworkplace"If this location is incorrect, edit the location. The environment variable shall be set after you reboot the server.
Task 4: Configure the BMC Digital Workplace Catalog server for integration with Remedy SSO
Tip
If you are configuring the BMC Digital Workplace Catalog server using a non-root user, request a user with root privileges to install XMLStarlet for successfully applying the required configuration.
Navigate to <installer_directory>/install_files/ and type # rpm -Uvh xmlstarlet-1.3.1-1.el6.x86_64.rpm to install XMLStarlet.
- Navigate to
/opt/bmc/digitalworkplace/sb/configure_rsso/ Type ./configure_rsso.shYou will be prompted to provide the following details:
Prompt Example Enter agent id
Note:
The agent-id value for BMC Digital Workplace Catalog and BMC Digital Workplace must match for the single logout functionality to work.
agent-dwpcatalogEnter SSO External URL http://<RemedySSO_Server>:<Port>/rssoEnter SSO Service URL http://<RemedySSO_Server>:<Port>/rssoEnter Tenant domain set in SSO Realm configuration coke.comEnter the BMC Helix Digital Workplace Catalog system administrator login name
DWPCSaaSAdminPassword for BMC Helix Digital Workplace Catalog system administrator
***************Enter Tenant administrator login name tenant_admin@coke.comPassword for Tenant administrator ***************Restart the BMC Digital Workplace Catalog server.
The following video (14:20) describes how to configure BMC Digital Workplace Catalog with BMC Remedy SSO.
(High availability) To configure additional BMC Digital Workplace Catalog servers to authenticate using BMC Remedy SSO as an ID provider, ensure that all the servers share the same values for the following settings:
sso-external-urlsso-service-urlagent-id
Task 5: To configure integrated applications to not require the tenant domain
BMC Digital Workplace Catalog by default requires end users to enter the tenant domain when logging in to BMC Digital Workplace Catalog.
- User login that requires a tenant domain has the following format <user login>@<domain.com>
- User login that does not require a tenant domain has the following login format - <user>
You can configure integrated applications not to require the tenant domain. Without this setting, applications require login requests in a format used by BMC Digital Workplace Catalog. With this setting, applications accept login requests that do not include a tenant domain.
Configure the following applications not to require the tenant domain:
To configure BMC Remedy Mid Tier to not require the tenant domain
On the server that hosts the mid tier, go to the mid tier location (for example, /opt/bmc/ARSystem/midtier/) and create a configuration folder named conf.
- Create a new file called rsso-authenticator.properties.
Open the rsso-authenticator.properties file in a text editor, and add the following line:
ignore-tenant=trueSave and close the file.
Go to <Mid Tier installation directory>/WEB-INF/classes (for instance, /opt/bmc/ARSystem/midtier/WEB-INF/classes).
Open the config.properties file in a text editor, and add the following line to reference the rsso-authenticator.properties file:
Windowsarsystem.authenticator.config.file=rsso-authenticator.propertiesLinuxarsystem.authenticator.config.file=rsso-authenticator.propertiesIn the apache tomcat\conf\catalina.properties file, add the following line:
shared.loader=<Mid Tier installation directory>\conf OR shared.loader="C:/MidtierPath/conf"- Save and close the file.
- (Windows server only) On a Windows server that hosts the mid tier, perform the following tasks:
- Open the Tomcat console, and add <Mid Tier installation directory>\conf to the Java Classpath:
- Restart the Tomcat server.
- Open the Tomcat console, and add <Mid Tier installation directory>\conf to the Java Classpath:
To configure BMC Helix Digital Workplace to not require the tenant domain
On the BMC Helix Digital Workplace server, go to <BMC Digital Workplace tomcat directory>/external-conf
Open the sso-sdk.properties file in a text editor, and add the following line:
ignore-tenant=trueSave and close the file.
Task 6: To configure logging to help troubleshoot issues with RSSO
- On the BMC Digital Workplace Catalog server, open /opt/bmc/dw/bin/arserverd.conf.
- Copy the last jvm.option.xx parameter, and add it to the file.
Replace the xx value of the jvm.option.xx parameter with the "+1" value. In the following example, the previous line was 22:
jvm.option.23=-Drsso.log.cfg.file=/opt/bmc/digitalworkplace/conf/rsso-log.cfgOpen /opt/bmc/digitalworkplace/conf/rsso-log.cfg, and make sure it has the following configuration:
rsso.log.name.format=rs_Try.%g.log rsso.log.level=FINEST rsso.log.roll=10 rsso.log.limit=5242880 rsso.log.dir=/opt/bmc/digitalworkplace/db/- Open /opt/bmc/digitalworkplace/pluginsvr/log4j_pluginsvr.xml
Make the following changes to debug:
<logger name="com.bmc.arsys.pluginsvr"> <level value="debug" /> </logger> ...... <root> <priority value ="error" /> <appender-ref ref="PluginLog" /> </root>Open the /opt/bmc/digitalworkplace/conf/logback_server.xml
<logger name="com.bmc.rsso" level="DEBUG" additivity="false"> <appender-ref ref="BUNDLE" /> </logger>Restart the BMC Digital Workplace Catalog server.
Log in to the Mid tier tool as Demo.
- Click on the AR System Administration Console, and go to Common Server Configuration > General > Plugin Server Configuration.
- Click OK through the warning messages that show up.
- Once the Plugin Server Configuration screen appears, click on the Plugin Server Configuration tab.
- Under the Logging Configuration, switch the Enable Plugin Log to True and the Log Level to Debug, and click Apply.
- Click OK through the warning messages that show up.
Task 7: To validate the integration between BMC Digital Workplace Catalog and Remedy Single Sign-On
Once you have carried out all the necessary steps, log in to BMC Digital Workplace Catalog and BMC Digital Workplace to ensure Remedy SSO has been installed and configured correctly. If it is correctly installed, you will be able to access both servers by logging in just once.
Where to go from here
Complete the remaining procedures in Configuring after installation of BMC Digital Workplace Catalog that are required for your deployment scenario.
Comments
Please also add in the documentation, that ignore-tenant=true is also needed for Smart-IT the same way it is for DWP, if seperate Tomcats are used.
Hi Maximilian Bugl, thanks for commenting on the page. You can find this information on the following page → https://docs.bmc.com/docs/rsso1911/integrating-remedy-sso-with-smart-it-897552829.html.
Regards,
Olha
Log in or register to comment.