Integrating with BMC Atrium Single Sign-On
BMC Atrium Single Sign-On (BMC Atrium SSO) is a mechanism that simplifies the user authentication process and enables you to:
- Integrate various BMC Software products for Single Sign-On user authentication.
- Authenticate with integrated BMC Software products by entering the login credentials only once.
- Log off integrated BMC Software products by logging off from one of those.
BMC Atrium Discovery supports BMC Atrium SSO, version 8.1 and later, for user authentication.
The current version of BMC Atrium Discovery is shipped with the BMC Atrium Single Sign-On (SSO) 8.1 agent. The 8.1 agent is compatible with the recently released SSO 9.0 server. However, this earlier version of the agent does not support some of the latest features and enhancements of BMC Atrium SSO 9.0. Currently, upgrading the agent to 9.0 on BMC Atrium Discovery is not possible.
To configure BMC Atrium SSO user authentication, you must:
- Have access to the BMC Atrium SSO server in your environment.
- Register the BMC Atrium SSO Web Agent with the BMC Atrium SSO Server.
- Activate the registered BMC Atrium SSO Web Agent.
- Verify that the BMC Atrium SSO Web Agent is registered with the BMC Atrium SSO server.
Accessing the BMC Atrium SSO Server
To configure BMC Atrium SSO user authentication, you must access the BMC Atrium SSO Admin Console. If BMC Atrium SSO is not already installed and configured in your environment, you can download the latest version from the BMC Electronic Product Distribution (EPD) site and install and configure it for user authentication.
The BMC Atrium SSO server URL must always be specified as a Fully Qualified Domain Name (FQDN).
To access to the BMC Atrium SSO Admin Console from the BMC Atrium SSO Server:
- Click Start > All Programs > BMC Software > BMC Atrium SSO > Administrator.
- Log in with the BMC Atrium SSO administrator password.
To access to the BMC Atrium SSO Admin Console from a client system:
- Enter the BMC Atrium SSO URL, this must be an FQDN, including the port number, into the browser and press Return.
- When prompted, enter the BMC Atrium SSO administrator credentials and log in.
Configuring the BMC Atrium SSO Web Agent with the BMC Atrium SSO Server
Before you configure the BMC Atrium SSO Web Agent with the BMC Atrium SSO Server, read the notes on Configuring LDAP for use with BMC Atrium SSO, ensure that the LDAP settings are configured and you are able to login to the BMC Atrium Discovery appliance as an LDAP user with administrative privileges (so that once you have activated the BMC Atrium SSO integration, you will be able to login again and change the configurations, if required).
To configure the BMC Atrium SSO Web Agent, you must perform the following from the BMC Atrium Discovery UI:
To register the web agent
The integration between BMC Discovery and BMC Atrium SSO does not support Federal Information Processing Standard (FIPS) Publication 140-2.
- Log in to the BMC Atrium Discovery appliance UI as a user with administration privileges.
- From the Security section of the Administration tab, click Single Sign On.
- From the Registration section of the Atrium SSOtab, complete the following parameters:
- Atrium SSO Web Agent: (Read-only field) Displays whether the web agent is registered or not.
- Agent FQDN: Enter the FQDN for the web agent. You must use an FQDN, or you may be unable to log in to the BMC Atrium Discovery UI. You cannot specify localhost.localdomain or .local FQDNs.
- Atrium SSO Server URL: Enter the URL for the BMC Atrium SSO Server. You must use an FQDN, or you may be unable to log in to the BMC Atrium Discovery UI.
- Atrium SSO Realm: Leave the BMC Atrium SSO Realm name as the default value of /BmcRealm.
- Admin Username: Leave the BMC Atrium SSO administrator user name as the default value of amadmin.
- Admin Password: Enter the BMC Atrium SSO administrator password.
- To complete the registration, click Register.
The registration might take a few seconds and on completion a message, Atrium SSO Web Agent registered with Atrium SSO Server, is displayed on the UI. For registered web agents, it is not possible to edit the registration parameters. To edit the registration parameters you must deregister the agent. When you deregister a web agent, enter the BMC Atrium SSO administrator password in the Admin Password field and click Deregister.
To activate the web agent
- From the Activation section of the Atrium SSO page, click Activate.
Activating the web agent restarts the Apache Web Server in the background and might take a few seconds and on completion a message, Please allow a few seconds for the changes to be applied. You may need to reauthenticate is displayed along with a Refresh link.
- Click Refresh.
- If prompted, you must re-authenticate your BMC Atrium SSO session.
The following fields are displayed:
- Status: Displays the activation status of the web agent. For activated web agents it is Activated. Otherwise, the status is Deactivated.
- LDAP: Displays whether LDAP support is enabled or not.
If LDAP support is not configured, click on the corresponding link to complete the configuration.
- HTTPS: Displays whether HTTPS support is enabled or not.
Configuring HTTPS support is highly recommended, and if not configured, click on the corresponding link to complete the configuration.
- Restart Web Agent: Enables you to restart the web agent which in turn restarts the Apache Web Server in the background. Typically, if you make any configuration changes in the BMC Atrium SSO Server, you must restart the web agent for the changes to take effect.
- Deactivate: Enables you to deactivate the web agent. Deactivating the web agent requires you to re-authenticate your BMC Atrium SSO session and may take a few seconds. Once deactivated, you are presented with the BMC Atrium Discovery appliance’s login UI.
BMC Atrium SSO configurations in a cluster
If you update the BMC Atrium SSO configuration in the coordinator, it are automatically updated in the existing members. However, if you add a new member, the configuration is not automatically updated as the BMC Atrium SSO administrator user ID and password are not stored in the appliance. You must manually apply the configurations on the newly added member.
To manually apply the BMC Atrium SSO configurations on a newly added member, perform the following on the coordinator:
- Click Administration > Single Sign On.
- From the Registration section of the Atrium SSO tab, enter the Admin Password.
- Click Synchronize.
The synchronization of the configurations on the new member might take a few seconds and a message, Atrium SSO configuration being synchronized, is displayed on the UI of the coordinator.
When the synchronization of the configuration is completed, the Atrium SSO Web Agent for the new member is registered. You must manually activate the web agent from the member's UI.
Verifying registration of the BMC Atrium SSO Web Agent with the BMC Atrium SSO Server
To verify the registration of the BMC Atrium SSO Web Agent with the BMC Atrium SSO Server:
- From the BMC Atrium SSO Admin Console, click Agent Details.
The Agent Manager displays the list of the web agents configured for Single Sign-On.
- Verify if the corresponding web agent is available in the list or not. It may show as Down although it is working.
If BMC Atrium SSO user authentication is configured, the list displays the corresponding web agent. However, if BMC Atrium SSO user authentication is not configured or the web agent has been deregistered, the list does not display the web agent.
When BMC Atrium SSO user authentication is successfully configured and you attempt to access the login UI for an integrated product, it redirects you to the BMC Atrium SSO login page. Once you get authenticated for the session, you can access all the integrated products without having the need to get authenticated for each of those for as long as the session is valid.