×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')
BMC TrueSight Presentation Server 11.3 ... Administering Managing users and access control Managing users and user groups Configuring user authentication for the Presentation Server in Remedy SSO

Setting up SAMLv2 authentication in Remedy SSO


You can configure the Remedy Single Sign-On server to authenticate TrueSight Operations Management users through a SAML authentication.

Upgrade warning

If you have the App Visibility Manager version 11.0.00.003 (Fix Pack 3) configured to work with the SAML authentication type, and want to upgrade your TrueSight Operations Management to version 11.3.01, you must also apply the Fix Pack version 11.3.02 for the SAML authentication type to work.


Related topics

Setting up the Remedy SSO server Open link

Configuring tenants in Remedy SSO

To enable multi-tenancy in Presentation Server

Managing authorization profiles

Role-based access Open link

Before you begin

  • You must have installed and configured the Remedy SSO to work with the Presentation Server and its component products. For details, see Planning to deploy Remedy SSO Open link  and  Installing Remedy Single Sign-On. Open link
  • You must have created an equivalent local user(and its associated local usergroup) for every SAML user that needs to log into the Presentation Server. This is required because the Remedy SSO server cannot obtain usergroup information from the SAML IdP for the successfully logged in SAML user. Therefore, you need to create an equivalent local user with the exact name as the SAML user and associate that local user with the desired local usergroup. For details on creating local users and usergroups in Remedy SSO using the import utility, perform the  Migrating internal user data from Atrium SSO to Remedy SSO Open link  procedure.
  • You must have added a non-default tenant (realm) in addition to the default * tenant (realm). Configuring tenants for the Presentation Server in Remedy SSO.

  • You must have configured a multi-tenant environment by enabling the msp parameter. For enabling multi-tenancy, see To enable multi-tenancy in Presentation Server.

    Note

    SAML cannot be configured using the * (default realm) tenant.

Configuring SAMLv2 authentication in Remedy SSO

Note

  • The TrueSight REST API calls are not supported for SAML users.
  • Service Provider (SP) and Identity Provider (IdP) initiated SAML logins are supported.

To configure the SAMLv2 authentication in Remedy SSO for the TrueSight Presentation Server

  1. Log in to the Remedy SSO Admin console.

  2. In the left navigation panel of the Add Realm or Edit Realm page, click Authentication.

  3. In the Authentication Type field, click SAML.

  4. Enter the SAML details. For more information on parameters, see SAMLv2 authentication parameters.

    Important

    When you configure the SAML authentication parameters for the Presentation Server, you must set the User ID Transformation field to RemoveEmailDomain and enable the Force Authentication check box.

  5. Click Save.

  6. In the left navigation panel of the Add Realm or Edit Realm page, click Authentication.

  7. In the Authentication Type field, click SAML and click Enable Chaining Mode.

  8. Click Add Authentication.
  9. In the Authentication Type field, click LOCAL.
  10. Enter the LOCAL details. For more information on parameters, see LOCAL authentication parameters.
  11. Create users and user groups for the LOCAL authentication. 
    The users in LOCAL should be exactly same as the users in SAML.
    Alternatively, the users can also be created using import script under the migration utility.
  12. Associate users to the user groups.
  13. Click Save.

Important

 Add the LOCAL authentication entry below the SAML authentication entry, and do not promote or move the LOCAL entry above the SAML entry.

Notes

To add SAMLv2 referrer host to the Presentation Server

Run the following commands from the Presentation Sever command prompt to configure the SAMLv2 referrer host name:

  1. tssh properties set tspsProxyHosts <SAMLv2_referrer_FQDN_host_name>,<remedy_sso_FQDN_host_name>
  2. tssh properties reload

To add SAMLv2 referrer host to the Infrastructure Management Server

Log in to the Infrastructure Management server as an Administrator and perform the following steps:

  1. Open the pronet.conf file located at the installationDirectory\pw\custom\conf directory.
  2. Add the SAML referrer host name (FQDN format) to the pronet.conf pronet.tsim.proxy.hosts= <SAMLv2 referrer FQDN host name>,<Remedy_SSO_FQDN_host_name>  property.
  3. Save the file changes.
  4. Run the following command to reload the properties:
    pw jproperties reload

To create or edit an authorization profile with SAML users in the Presentation Server

  1. Log in to the TrueSight console as a Super Admin.
  2. Navigate to Administration>Authorization Profiles.
  3. Create a new authorization profile or edit an existing authorization profile to associate the user groups.

  4. Select a tenant other than the * (asterisk) tenant that you configured in Remedy Single Sign-On for SAML users and select Edit under User Groups

    Note

    Do not select the * (asterisk) tenant for the SAML users.

  5. Click Add and select the SAML user group from the list of user groups.
  6. Select the required roles from the list roles.
  7. (Optional) Select the required objects from the list of object.
  8. Select OK and then Save.
  9. Select Yes to confirm changes to the authorization profile.
  10. Log out of the TrueSight console.

  11. Log in to the TrueSight console as a SAML user.
    A two-step authentication screen is displayed.

  12. Type the SAML realm Application Domain name and click Submit.
    The SAML login screen is displayed.

  13. Type the SAML login credentials and click Login.
    The TrueSight console is displayed.

Was this page helpful? Yes No Submitting... Thank you
Last modified by Rashmi Gokhale on Mar 26, 2020
remedy_sso saml_authentication samlv2 administration authentication access_control task security app_visibility_manager

Comments

Log in or register to comment.

Setting up LDAP or Active Directory users in Remedy SSO
Setting up Kerberos authentication in Remedy SSO
© Copyright 2014 - 2019 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.