Troubleshooting configuration for Remedy Single Sign-On integration

Carefully read this topic before making any major changes in your current configuration. Also, make a backup of your configuration files, operating systems, and databases before making any major changes to your database.

Make sure you have configured BMC Digital Workplace/Remedy Single Sign-On integration by following the steps documented below:

• Configuring BMC Digital Workplace for Remedy Single Sign-On

• Configuring BMC Remedy Single Sign-On integration for BMC Digital Workplace Catalog

Additional checks:

• BMC Digital Workplace and BMC Digital Workplace Catalog agent-id values should always match in both rsso-agent.properties , i.e. agent-id=dwp-agent.

Here's a good example of a standard rsso-agent.properties file.

#RSSO Agent configuration example

logout-urls=/atssologout.html

agent-id=myit-agent

excluded-url-pattern=.*\\.xml|.*\\.gif|.*\\.css|.*\\.ico|/shared/config/.*|/WSDL/.*|/shared/error.jsp|/shared/timer/.*|/shared/login_commn.jsp|/shared/view_form.jsp|/shared/ar_url_encoder.jsp|/ThirdPartyJars/.*|/shared/logout.jsp|/shared/doc/.*|/shared/images/.*|/shared/login.jsp|/services/.*|/shared/file_not_found.jsp|/plugins/.*|/shared/wait.jsp|/servlet/GoatConfigServlet|/servlet/ConfigServlet|/shared/HTTPPost.class|/shared/FileUpload.jar|/BackChannel.*|/servlet/LicenseReleaseServlet.*

sso-external-url=http://rsso.domain.com:8080/rsso/
sso-service-url=http://rsso.domain.com:8080/rsso/

com.bmc.rsso.tls.disable.checks=true

use-in-memory-cache=true

callback-url=http://dwp.domain.com:9000/dwp/app

Narrowing down Remedy Single Sign-On issues

• Always make sure the Remedy Single Sign-On Server is able to communicate with the Remedy Single Sign-On agent's hosts servers.
  
  • Check your DNS/Network/Certificates/Firewalls  settings and confirm that communication is bidirectional.
  • NOTE:  curl, ping, telnet wget are good commands to check this.
    • Log on to the BMC Digital Workplace Server and run: curl -vk https://rsso.domain.com 
      
      Example of a working connection -if SSL is in place, output will be longer, but the output should display something like  * Connected to rssoserver  (xxxxxxx) port 443 (#0)
This is being executed from BMC Digital Workplace Catalog to Remedy Single Sign-On. Check from Remedy Single Sign-On to BMC Digital Workplace Catalog.

      * About to connect() to http://rssoserver.domain:port/rsso port 8080 (#0)
      *   Trying xxxxx...
      * Connected to rssoserver  (xxxxxxx) port 8080 (#0)
      > GET /rsso HTTP/1.1
      > User-Agent: curl/7.29.0
      > Host:/rssoserver.domain:port
      > Accept: */*
      >
      < HTTP/1.1 302
      < Location: /rsso/
      < Transfer-Encoding: chunked
      < Date: Mon, 09 Mar 2020 16:25:48 GMT
      <
      * Connection #0 to host rssoserver.domain left intact

• A good practice is testing Remedy Single Sign-On on a non-ssl protocol first, and then on SSL.
  
  • You should be able to resolve/reach Remedy Single Sign-On URL from BMC Digital Workplace Server and vice versa, this includes the load balancer URL, Server alias, and FQDN.
• Remember that localhost URL is not supported, and you need to use Fully Qualified URLs at all times when Remedy Single Sign-On is in place.
• It is a good practice to have Remedy Single Sign-On and the other applications running on the latest and greatest available version.
• Running GA versions could lead to some issues.
• If you have enabled Managed Service Provider in place, make sure that rsso-agents are configured.
  Domain entry page for MSP users

• Same case for Oauth Authentication and HA deployments
  Setting up end user authentication

Use this troubleshooting and resolution guide whenever you're having any of the following issues:

• The spinning wheel is displayed when users try to log on to BMC Digital Workplace via Remedy Single Sign-On.

• Two Login pages are displayed when users try to log on to BMC Digital Workplace Catalog via Remedy Single Sign-On: Remedy Single Sign-On Login Page and BMC Digital Workplace Catalog Login Page.

• End users see "User 'x' has no access to * realm" error message.
• End users see "An invalid domain [.xxxx.com] was specified for this cookie" error message after enabling Remedy Single Sign-On in BMC Digital Workplace/Midtier/SmartIT.

• End users are not able to see BMC Digital Workplace Catalog Offerings in BMC Digital Workplace.

Issue scope

• What's the actual problem? (Elaborate on the issue, explain the behavior and mention the error messages you're getting, what are you expecting to see, etc)
• How many users are being affected by this and where (Prod, Test, QA, Go-live)?
• What's the impact of the issue?
• How can this be reproduced? (Frequency)
• Was this ever working? If yes, what changed/happened when things stopped working?

Diagnosing and reporting an issue

Instructions: After you identify the symptoms and scope of the issue, use this troubleshooting guide to help the customer diagnose and resolve the issue or to create a BMC Support case. 

Resolutions for common issues

Use BMC Communities to find the following Knowledge Articles (KAs). You can find KAs on BMC Communities using the KA number or access them using the direct links below.

You can also use bookmark the KAs.