Troubleshooting configuration for Remedy Single Sign-On integration
Carefully read this topic before making any major changes in your current configuration. Also, make a backup of your configuration files, operating systems, and databases before making any major changes to your database.
Make sure you have configured BMC Digital Workplace/Remedy Single Sign-On integration by following the steps documented below:
- Configuring BMC Digital Workplace for Remedy Single Sign-On
Configuring BMC Remedy Single Sign-On integration for BMC Digital Workplace Catalog
Additional checks:
BMC Digital Workplace and BMC Digital Workplace Catalog agent-id values should always match in both rsso-agent.properties , i.e. agent-id=dwp-agent.
Here's a good example of a standard rsso-agent.properties file.
#RSSO Agent configuration example
logout-urls=/atssologout.html
agent-id=myit-agent
excluded-url-pattern=.*\\.xml|.*\\.gif|.*\\.css|.*\\.ico|/shared/config/.*|/WSDL/.*|/shared/error.jsp|/shared/timer/.*|/shared/login_commn.jsp|/shared/view_form.jsp|/shared/ar_url_encoder.jsp|/ThirdPartyJars/.*|/shared/logout.jsp|/shared/doc/.*|/shared/images/.*|/shared/login.jsp|/services/.*|/shared/file_not_found.jsp|/plugins/.*|/shared/wait.jsp|/servlet/GoatConfigServlet|/servlet/ConfigServlet|/shared/HTTPPost.class|/shared/FileUpload.jar|/BackChannel.*|/servlet/LicenseReleaseServlet.*
sso-external-url=http://rsso.domain.com:8080/rsso/
sso-service-url=http://rsso.domain.com:8080/rsso/
com.bmc.rsso.tls.disable.checks=true
use-in-memory-cache=true
callback-url=http://dwp.domain.com:9000/dwp/app
Note
More details on: Configuring Remedy SSO agent .
If you have BMC Digital Workplace Catalog, make sure you have the ignore-tenant domain setting defined in all your applications: BMC Digital Workplace, SmartIT, Midtier.
Narrowing down Remedy Single Sign-On issues
- Always make sure the Remedy Single Sign-On Server is able to communicate with the Remedy Single Sign-On agent's hosts servers.
- Check your DNS/Network/Certificates/Firewalls settings and confirm that communication is bidirectional.
- NOTE: curl, ping, telnet wget are good commands to check this.
- Log on to the BMC Digital Workplace Server and run: curl -vk https://rsso.domain.com
Example of a working connection -if SSL is in place, output will be longer, but the output should display something like* Connected to rssoserver (xxxxxxx) port 443 (#0)
This is being executed from BMC Digital Workplace Catalog to Remedy Single Sign-On. Check from Remedy Single Sign-On to BMC Digital Workplace Catalog.
* About to connect() to http://rssoserver.domain:port/rsso port 8080 (#0)
* Trying xxxxx...* Connected to rssoserver (xxxxxxx) port 8080 (#0)
> GET /rsso HTTP/1.1
> User-Agent: curl/7.29.0
> Host:/rssoserver.domain:port
> Accept: */*
>
< HTTP/1.1 302
< Location: /rsso/
< Transfer-Encoding: chunked
< Date: Mon, 09 Mar 2020 16:25:48 GMT
<
* Connection #0 to host rssoserver.domain left intact
- Log on to the BMC Digital Workplace Server and run: curl -vk https://rsso.domain.com
- A good practice is testing Remedy Single Sign-On on a non-ssl protocol first, and then on SSL.
- You should be able to resolve/reach Remedy Single Sign-On URL from BMC Digital Workplace Server and vice versa, this includes the load balancer URL, Server alias, and FQDN.
- Remember that localhost URL is not supported, and you need to use Fully Qualified URLs at all times when Remedy Single Sign-On is in place.
- It is a good practice to have Remedy Single Sign-On and the other applications running on the latest and greatest available version.
- Running GA versions could lead to some issues.
- If you have enabled Managed Service Provider in place, make sure that rsso-agents are configured.
Domain entry page for MSP users
- Same case for Oauth Authentication and HA deployments
Setting up end user authentication
Use this troubleshooting and resolution guide whenever you're having any of the following issues:
- The spinning wheel is displayed when users try to log on to BMC Digital Workplace via Remedy Single Sign-On.
Two Login pages are displayed when users try to log on to BMC Digital Workplace Catalog via Remedy Single Sign-On: Remedy Single Sign-On Login Page and BMC Digital Workplace Catalog Login Page.
- End users see "User 'x' has no access to * realm" error message.
- End users see "An invalid domain [.xxxx.com] was specified for this cookie" error message after enabling Remedy Single Sign-On in BMC Digital Workplace/Midtier/SmartIT.
End users are not able to see BMC Digital Workplace Catalog Offerings in BMC Digital Workplace.
Issue scope
- What's the actual problem? (Elaborate on the issue, explain the behavior and mention the error messages you're getting, what are you expecting to see, etc)
- How many users are being affected by this and where (Prod, Test, QA, Go-live)?
- What's the impact of the issue?
- How can this be reproduced? (Frequency)
- Was this ever working? If yes, what changed/happened when things stopped working?
Diagnosing and reporting an issue
Instructions: After you identify the symptoms and scope of the issue, use this troubleshooting guide to help the customer diagnose and resolve the issue or to create a BMC Support case.
Action | Steps | Reference | ||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Troubleshooting BMC Digital Workplace-Remedy Single Sign-On integration | General Remedy Single Sign-On Troubleshooting scenarios Troubleshooting common errors and issues | |||||||||||||||||||||||||||
Self-resolve
Note : For more information, see Resolutions for common issues below. | Prerequisite
./configure_rsso.sh
./dwpcontroller stop ./dwpcontroller start -u Demo -p password Starting and stopping the BMC Digital Workplace Catalog server
ps -auxwe | grep 390695 Confirm that the Remedy Single Sign-On configuration files exist in its corresponding directory and are configured for each application. BMC Digital Workplace
<pathelement type="location">/opt/bmc/digitalworkplace/pluginsvr/slf4j-api-1.7.25.jar</pathelement>
| |||||||||||||||||||||||||||
Report
|
| |||||||||||||||||||||||||||
Send diagnostics
|
|
| ||||||||||||||||||||||||||
Apply fix from BMC Support |
| Confirm with Support if a HF, Cumulative HF or an Upgraded is required. |
Resolutions for common issues
Use BMC Communities to find the following Knowledge Articles (KAs). You can find KAs on BMC Communities using the KA number or access them using the direct links below.
You can also use bookmark the KAs.
Symptom | Link | Reference |
---|---|---|
Smart IT & BMC Digital Workplace with Remedy Single Sign-On showing spinning wheel after login | https://communities.bmc.com/docs/DOC-113992 | 000158281 |
BMC Digital Workplace Advanced-How to Integrate BMC Digital Workplace Advanced with Remedy Single Sign-On? | https://communities.bmc.com/docs/DOC-120256 | 000163989 |
BMC Digital Workplace Advanced/Basic - Remedy Single Sign-On Integration broke on BMC Digital Workplace after BMC Digital Workplace upgrade | https://communities.bmc.com/docs/DOC-117139 | 000167871 |
BMC Digital Workplace - Remedy Single Sign-On Configuration Files Checklist. Working with Remedy Single Sign-On logging | https://communities.bmc.com/docs/DOC-125922 | 000170977 |
If Smart IT and BMC Digital Workplace are on the SAME server Smart IT 18.08, Smart IT stops working after upgrading BMC Digital Workplace to 19.02 | https://communities.bmc.com/docs/DOC-115575 | 000165330 |
BMC Digital Workplace Catalog - Troubleshooting | https://communities.bmc.com/docs/DOC-123517 | 000167608 |
After successful authentication with Remedy Single Sign-On user is getting redirected to the BMC Digital Workplace login page | https://communities.bmc.com/docs/DOC-107979 | 000153733 |
Remedy Single Sign-On - BMC Digital Workplace user not redirected to BMC Digital Workplace after session timeout | https://communities.bmc.com/docs/DOC-123481 | 000174773 |
BMC Digital Workplace Catalog - Remedy Single Sign-On Troubleshooting / Changing Remedy Single Sign-On Default logging directory | https://communities.bmc.com/docs/DOC-125881 | 000183979 |
BMC Digital Workplace Remedy Single Sign-On: ERROR (612): No such user is registered with this Server (1013) | https://communities.bmc.com/docs/DOC-107754 | 000155574 |
BMC Digital Workplace/SmartIT integrated with Remedy Single Sign-On and ADFS the login screen for Android/iOS shows blank/white screen on the mobile applications | https://communities.bmc.com/docs/DOC-65051 | 000125913 |
BMC Digital Workplace Catalog - Remedy Single Sign-On Integration stopped working after BMC Digital Workplace Catalog upgrade to 19.02 | https://communities.bmc.com/docs/DOC-116921 | 000167042 |
Remedy SSO - How to disable it temporarily and re-enable it | https://communities.bmc.com/docs/DOC-123890 | 000163062 |
BMC Digital Workplace Catalog Services are not visible in BMC Digital Workplace | https://communities.bmc.com/docs/DOC-123244 | 000170939 |
BMC Digital Workplace - How does Session Persistence work on Mobile Apps | https://communities.bmc.com/docs/DOC-126657 | 000175711 |
BMC Digital Workplace Catalog: Unable to add the Catalog Sections in BMC Digital Workplace Client Admin Console | https://communities.bmc.com/docs/DOC-103354 | 000148233 |
BMC Digital Workplace Catalog: Remedy Single Sign-On Automation script | https://communities.bmc.com/docs/DOC-106524 | 000152211 |
BMC Digital Workplace Catalog: Remedy Single Sign-On logging | https://communities.bmc.com/docs/DOC-117741 | 000152382 |
BMC Digital Workplace Catalog getting error 623 with Remedy Single Sign-On version 19.05 or later | https://communities.bmc.com/docs/DOC-126068 | 000176435 |
BMC Digital Workplace-Catalog with Remedy Single Sign-On: Images are not loaded in BMC Digital Workplace and result in error: user 'xxx' has no access to the realm | https://communities.bmc.com/docs/DOC-126070 | 000166426 |
BMC Digital Workplace Catalog - BMC Digital Workplace Catalog Server is not coming up after Remedy Single Sign-On Server alias changed | https://communities.bmc.com/docs/DOC-126071 | 000176067 |
Two Cookie Domains for Remedy Single Sign-On | https://communities.bmc.com/docs/DOC-123175 | 000168372 |
BMC Digital Workplace Impersonation Issue With Remedy Single Sign-On With Impersonated User | https://communities.bmc.com/docs/DOC-120842 | 000164818 |
BMC Digital Workplace Catalog: Session is not released when user logs out of BMC Digital Workplace | https://communities.bmc.com/docs/DOC-126072 | 000166564 |
BMC Digital Workplace Advanced-How to Integrate BMC Digital Workplace Advanced with Remedy Single Sign-On? | https://communities.bmc.com/docs/DOC-120256 | 000147399 |
Error, "An invalid domain [.xxxx.com] was specified for this cookie" is presented on login | https://communities.bmc.com/docs/DOC-103090 | 000142047 |
Remedy Single Sign On - "Error: Could not register consumer 'ar_plugin' at server 'https://<rsso_server>:<port>/rsso/" - Cannot logon into MidTier after Remedy Single Sign-On Upgrade (18.08) | https://communities.bmc.com/docs/DOC-121437 | 000172660 |
Comments
Log in or register to comment.