×
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')
 
 
  •  

Space banner

 

This documentation supports the 20.02 version of BMC Digital Workplace Advanced.

To view the latest version, select the version from the Product Version menu.
BMC Digital Workplace Advanced 20.02 ... Installing Installing BMC Digital Workplace Catalog Configuring after installation of BMC Digital Workplace Catalog

Configuring BMC Remedy Single Sign-On integration for BMC Digital Workplace Catalog

To enable a single sign-on experience for users to access BMC Digital Workplace and BMC Digital Workplace Catalog, you must have system administrator privileges to install and configure Remedy Single Sign-On.

Important

BMC Digital Workplace Catalog requires Remedy Single Sign-On server version 18.08 or later.

Before you begin

  1. Install and configure Remedy Single Sign-On onto a Windows or Linux server. Ensure you can access Remedy Single Sign-On Administration Console as the administrator.
  2. Integrate Remedy Single Sign-On with BMC Digital Workplace.
  3. (Optional) Set up a Mid Tier to manage the BMC Digital Workplace Catalog server. For instructions, see Setting up a Remedy Mid Tier for system administration of the BMC Digital Workplace Catalog server.

Related topics

Configuring BMC Digital Workplace Catalog for high availability

Integrating Remedy applications with BMC Digital Workplace Catalog

General troubleshooting

Error rendering macro 'link-window'

Failed to transform the HTML macro template for display. Nested message: The XML content could not be parsed. There is a problem at line 4, column 133. Parser message: Duplicate attribute 'rsso'. at [row,col {unknown-source}]: [4,133]

From the Remedy Single Sign-On online documentation: Remedy Single Sign-On 20.02

Integrating Remedy SSO with BMC Digital Workplace

BMC Communities documents:
How to Integrate BMC Digital Workplace Advanced with RSSO?

RSSO Troubleshooting / Changing RSSO Default logging directory

Integration Stopped Working After BMC Digital Workplace Catalog Upgrade to 19.02

Related downloads

Remedy Single Sign-On (EPD site)

Overview of integrating BMC Digital Workplace Catalog with Remedy Single Sign-On

To integrate BMC Digital Workplace Catalog with Remedy Single Sign-On, perform the following tasks:

Task 1: Perform the pre-integration preparation tasks

  1. Create a catalog administrator user with adminmyit admin, and myit super admin permissions on the ITSM server. 

  2. To leverage and use the default BMC Digital Workplace Catalog system users, you must enable AR authentication for bypass while using any of the supported authentication systems.

  3. Ensure you can access BMC Digital Workplace Catalog server from the command line as <BMC_DWP_USER>Example: Demo

  4. Obtain the following installation settings, used for the BMC Digital Workplace Catalog installation:

    Installation parameterDescriptionExample
    installLocation

    The location of the BMC Digital Workplace Catalog installation.

    		/opt/bmc/digitalworkplace
    tenant_domain_name

    The tenant domain name configured for the BMC Digital Workplace Catalog.

    		calbro.com
    bmc_dwp_server_host_name

    The fully qualified domain name or IP address of the server on which BMC Digital Workplace Catalog is installed

    		127.0.0.1

Now you can configure the BMC Digital Workplace Catalog server to authenticate through Remedy Single Sign-On.

Task 2: Configure Remedy Single Sign-On for integration with BMC Digital Workplace Catalog

To configure the authentication scheme to prepare for integration with BMC Digital Workplace Catalog:

  1. Log onto the Remedy Single Sign-On Administration Console.
  2. Go to General > Advanced and set values based on the following example:

    • Cookie NameAny arbitrary value.

    • Backchannel Service URL: The URL to access Remedy Single Sign-On.

  3. Go to Realm > General to confirm that the value of the Tenant field matches the tenant domain name configured for BMC Digital Workplace Catalog.

  4. In the Application Domains field, add the domain of the BMC Digital Workplace Catalog server.

    Note

    You cannot use the same application domain in other realms.

  5. Go to Realm > Authentication to confirm the AR Server Information settings.

  6. Click Test.
    The success message will appear if the configuration is correct.

  7. Save the configuration.

Task 3: Configure the BMC Digital Workplace Catalog server for integration with Remedy Single Sign-On

Tip

If you are configuring the BMC Digital Workplace Catalog server using a non-root user, request a user with root privileges to install XMLStarlet for successfully applying the required configuration.

Navigate to  <installer_directory>/install_files/ and type # rpm -Uvh xmlstarlet-1.3.1-1.el6.x86_64.rpm to install XMLStarlet.

  1. Navigate to /opt/bmc/digitalworkplace/sb/configure_rsso/

  2. Type ./configure_rsso.sh

  3. You will be prompted to provide the following details:

    PromptExample

    Enter agent id

    Note:

    The agent-id value for BMC Digital Workplace Catalog and BMC Digital Workplace must match for the single logout functionality to work.

    		agent-dwpcatalog
    Enter SSO External URLhttp://<RemedySSO_Server>:<Port>/rsso
    Enter SSO Service URLhttp://<RemedySSO_Server>:<Port>/rsso
    Enter Tenant domain set in SSO Realm configurationcoke.com

    Enter the BMC Helix Digital Workplace Catalog system administrator login name

    		DWPCAdmin

    Password for BMC Helix Digital Workplace Catalog system administrator

    		***************
    Enter Tenant administrator login nametenant_admin@coke.com
    Password for Tenant administrator***************

  4. Restart the  BMC Digital Workplace Catalog server.

    The following video (14:20) describes how to configure BMC Digital Workplace Catalog with Remedy Single Sign-On:

    https://www.youtube.com/watch?v=K6T5MzQqGNM


  5. (High availability) To configure additional BMC Digital Workplace Catalog servers to authenticate using Remedy Single Sign-On as an ID provider, ensure that all the servers share the same values for the following settings:

    • sso-external-url
    • sso-service-url
    • agent-id

Task 4: To configure integrated applications to not require the tenant domain

BMC Digital Workplace Catalog by default requires end users to enter the tenant domain when logging in to BMC Digital Workplace Catalog.

  • User login that requires a tenant domain has the following format <user login>@<domain.com>
  • User login that does not require a tenant domain has the following login format - <user>

You can configure integrated applications not to require the tenant domain. Without this setting, applications require login requests in a format used by BMC Digital Workplace Catalog. With this setting, applications accept login requests that do not include a tenant domain.

Configure the following applications not to require the tenant domain:

To configure BMC Remedy Mid Tier to not require the tenant domain

  1. On the server that hosts the mid tier, go to the mid tier location  (for example, /opt/bmc/ARSystem/midtier/) and create a configuration folder named conf.

  2. Create a new file called rsso-authenticator.properties.

  3. Open the rsso-authenticator.properties file in a text editor, and add the following line:

    ignore-tenant=true

  4. Save and close the file.

  5. Go to <Mid Tier installation directory>/WEB-INF/classes (for instance, /opt/bmc/ARSystem/midtier/WEB-INF/classes).

  6. Open the config.properties file in a text editor, and add the following line to reference the rsso-authenticator.properties file:

    Windows 
    arsystem.authenticator.config.file=rsso-authenticator.properties
    Linux 
    arsystem.authenticator.config.file=rsso-authenticator.properties

  7. In the apache tomcat\conf\catalina.properties file, add the following line:

    shared.loader=<Mid Tier installation directory>\conf
OR
shared.loader="C:/MidtierPath/conf"
  8. Save and close the file.
  9. (Windows server only) On a Windows server that hosts the mid tier, perform the following tasks:
    1. Open the Tomcat console, and add <Mid Tier installation directory>\conf to the Java Classpath:
    2. Restart the Tomcat server.

To configure BMC Helix Digital Workplace to not require the tenant domain

  1. On the BMC Helix Digital Workplace server, go to <BMC Digital Workplace tomcat directory>/external-conf

  2. Open the sso-sdk.properties file in a text editor, and add the following line:

    ignore-tenant=true

  3. Save and close the file.

Task 5: To configure logging to help troubleshoot issues with Remedy Single Sign-On 

  1. On the BMC Digital Workplace Catalog server, open /opt/bmc/dw/bin/arserverd.conf.
  2. Copy the last jvm.option.xx parameter, and add it to the file.

  3. Replace the xx value of the jvm.option.xx parameter with the "+1" value. In the following example, the previous line was 22:

    jvm.option.23=-Drsso.log.cfg.file=/opt/bmc/digitalworkplace/conf/rsso-log.cfg

  4. Open /opt/bmc/digitalworkplace/conf/rsso-log.cfg, and make sure it has the following configuration:

    rsso.log.name.format=rs_Try.%g.log
rsso.log.level=FINEST
rsso.log.roll=10
rsso.log.limit=5242880
rsso.log.dir=/opt/bmc/digitalworkplace/db/
  5. Open /opt/bmc/digitalworkplace/pluginsvr/log4j_pluginsvr.xml

  6. Make the following changes to debug:

    <logger name="com.bmc.arsys.pluginsvr">
<level value="debug" />
</logger>
......
<root>
<priority value ="error" />
<appender-ref ref="PluginLog" />
</root>

  7. Open the /opt/bmc/digitalworkplace/conf/logback_server.xml

    <logger name="com.bmc.rsso" level="DEBUG" additivity="false">
<appender-ref ref="BUNDLE" />
</logger>

  8.  Restart the BMC Digital Workplace Catalog server.

  9. Log in to the Mid tier tool as Demo.

  10. Click on the AR System Administration Console, and go to Common Server Configuration > General > Plugin Server Configuration
  11. Click OK through the warning messages that show up. 
  12. Once the Plugin Server Configuration screen appears, click on the Plugin Server Configuration tab. 
  13. Under the Logging Configuration, switch the Enable Plugin Log to True and the Log Level to Debug, and click Apply
  14. Click OK through the warning messages that show up.

Task 6: To validate the integration between BMC Digital Workplace Catalog and Remedy Single Sign-On

Once you have carried out all the necessary steps, log in to BMC Digital Workplace Catalog and BMC Digital Workplace to ensure Remedy Single Sign-On has been installed and configured correctly. If it is correctly installed, you will be able to access both servers by logging in just once.

Where to go from here

Complete the remaining procedures in Configuring after installation of BMC Digital Workplace Catalog that are required for your deployment scenario.

Was this page helpful? Yes No Submitting... Thank you
Last modified by Olha Horbachuk on May 19, 2022
troubleshooting configuration_administrator platform rsso installation videos

Comments

  1. Andreas Mitterdorfer

    Please can you review: shared.loader=\conf and Open the Tomcat console, and add \conf to the Java Classpath:

    \conf seems to be incorrect as this directory does not exist. Do you mean /WEB-INF/classes ?

    Apr 28, 2020 09:57
    1. Lisa Greene

      Hello Andreas, I learned that you need to create the conf folder, so I added a step 7 to the "To configure BMC Remedy Mid Tier to not require the tenant domain" procedure.

      May 11, 2020 02:40
      1. Adam Neuman

        Hi Lisa, step 7 would actually be superfluous, conf directory should be created in Step 1.... just maybe add the reference to /conf in Step 1

        Aug 05, 2020 10:05
        1. Lisa Greene

          Thanks for catching that, Adam. I will update the procedure, and the change will be published later this week. 

          Aug 10, 2020 10:27
  2. Dieter Bertram

    What kind of user is the BMC Helix Digital Workplace Catalog system administrator login name "DWPCAdmin". Isn´t that the dwpc database user?

    Jun 17, 2020 05:49
    1. Olha Horbachuk

      Hello Dieter Bertram! Thank you for the question.

      "DWPCAdmin" is given as an example and is not related to the login of the Digital Workplace Catalog administrator.

      Regards,

      Olha 

      Jun 30, 2020 09:57
      1. Chris Parent

        Hi, since we don't specify an administrator account in the options file anymore, what account is expected here? Are we to use the Demo / password account which is used to start/stop the catalog?

        Jun 20, 2021 08:08
        1. Olha Horbachuk

          Hi Chris Parent. As we are looking into the DWP-C and Remedy SSO integration, you should use the account created in the 3-rd party tool - identity provider. IdPs can be configured by you as a customer (for example, Okta or AD FS) or by BMC Operations team.

          Jun 29, 2021 06:24
  3. Maximilian Bugl

    To configure BMC Remedy Mid Tier to not require the tenant domain Point 6: should be arsystem.authenticator.config.file=rsso-authenticator.properties because we specify the path in shared.loader Don't know why this has changed in the docs, f.e. 18.08 it is correct.

    Jan 27, 2022 07:41
    1. Olha Horbachuk

      The line has been updated for all the versions starting from 18.08 and will be available to end users later this week. Thanks for letting the documentation team know.

      May 18, 2022 08:13
  4. Maximilian Bugl

    Please change the screenshot of the Backchannel URL When trying to access DWPC, if you get the RSSO login, followed by the DWPC login, i have seen that caused by the backchannel URL in the RSSO config having a "/" at the end:

    Jan 27, 2022 09:42
  5. Aaditi Lakade

    Hello, Maximilian Bugl - Thank you for pointing out these gaps. Let me confirm these suggestions with the R&D team and update the docs accordigly. 

    Thanks, 

    Aaditi

    Feb 08, 2022 11:27

Log in or register to comment.

Configuring after installation of BMC Digital Workplace Catalog
Copying users from Remedy ITSM into BMC Digital Workplace Catalog
© Copyright 2013 - 2020 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2023 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.