Installing BMC Atrium Single Sign-On as a standalone

This topic provides instructions for performing a BMC Atrium Single Sign-On stand-alone installation. In this installation, an Apache Tomcat server and Java Virtual Machine (JVM) are installed and properly configured for use by the BMC Atrium Single Sign-On server. This installation method is the simplest and easiest to perform, because all of the administrative and configuration details are performed by the installation program.

This section contains the following topics:

Before you begin

• Obtain the zipped BMC Atrium Single Sign-On files from the BMC product package via Electronic Product Download (EPD) or the BMC Atrium Single Sign-On DVD.

• If an installation of BMC Atrium Single Sign-On already exists on the target computer, the installer will not allow another installation. Uninstall the existing version.

  Note

  The Apache Tomcat server used by BMC Atrium Single Sign-On cannot be shared with any product that integrates with BMC Atrium Single Sign-On. BMC recommends that BMC Atrium Single Sign-On be the only application in the Tomcat server.

• If you are using an external Tomcat, complete the prerequisites given in  Prerequisites to install BMC Atrium Single Sign-On on an external Tomcat server.
• Prepare to run the installation program for your operating system. For example,
  • If you are using Microsoft Windows, you must update Terminal Services configuration options and configure the DEP feature. For more information, see Prerequisites to install BMC Atrium Single Sign-On on the Windows platform.
  • If you are using Linux, the user must have the following permissions:
    • read/write/execute for the destination directory,
    • to execute Java, and
    • read/write to Tomcat directory (in case of using external Tomcat server instead of out-of-the-box Tomcat).

To install BMC Atrium Single Sign-On as a stand-alone

1. Unzip the BMC Atrium Single Sign-On files.

   Note

   Icon

   For UNIX and Solaris, unzip the files using the following command: $gtar xzvf BMCAtriumSSO.solaris.tar.gz

2. Run the installation program.
   The setup executable is located in the Disk1 directory of the extracted files:
   • (Microsoft Windows) Run setup.exe.
   • (UNIX and Solaris) Run setup.sh (which automatically detects the appropriate subscript to execute).
3. In the lower-right corner of the Welcome panel, click Next.
4. Review the license agreement, click I agree to the terms of license agreement, and then click Next.
   BMC Atrium Single Sign-On installer
   
5. Select the Install BMC Atrium Single Sign-On 9.0.00 check box, and then click Next.
6. Accept the default destination directory or browse to select a different directory, and then click Next.

7. In the Host Name Information panel, verify that the host name displayed is the Fully Qualified Domain Name (FQDN) for the host, and then click Next.
   Correct the value as needed.

   Important

    Ensure that the host name does not contain the underscore ( _ ) symbol.

8. Choose to install non-clustered or clustered Atrium Single Sign-On Server, and then click Next.
   • Non-clustered Atrium Single Sign-On Server – Stand-alone Single Sign-On Server.
   • Clustered Atrium Single Sign-On Server – Implemented as a redundant system with session failover. Clustered installation requires at least two nodes. For more information, see Installing BMC Atrium Single Sign-On as a High Availability cluster.
9. Select one of the following Tomcat installation options, and then click Next:

   • Install New Tomcat (default)

      Click here to read the tasks related to installing on a new tomcat server.

     Accept the default HTTPS port number (8443) and Shutdown port number (8005), or enter different port numbers, and then click Next.
     If any of the port numbers are incorrect, a panel identifies the incorrect port numbers and requires you to return to the previous page to correct the values before proceeding with the installation.

     Note: When installing on Linux servers, port selections below 1000 require the server to run as root or use a port-forwarding mechanism.

   • Use External Tomcat.

      Click here to read the tasks related to installing on an external tomcat server.

     1. Enter the Tomcat server directory at the prompt and click Next.
     2. At the Tomcat Application Server Selection panel, enter the path to the Tomcat server.
        After the path is entered, the installer verifies that:
        • The directory has a webapps directory that can be written to.
        • The main program, tomcat6.exe, is present (even on UNIX).
        • The server.xml file contains a Connector with port and secure defined and scheme set to https. The installer parses important information from this Connector entry and stores it.
          The installer deploys the BMC Atrium Single Sign-On web application to the Tomcat server, asking that you start or stop it when necessary.
     3. Enter additional information at the prompts. Be prepared with information about:
        • JDK directory location
        • Tomcat server port
        • BMC Atrium Single Sign-On Truststore certificate location and password
        • BMC Atrium Single Sign-On Keystore password, alias, and certificate

10. Enter a cookie domain, and then click Next.
    The domain value of the cookie must be the network domain of BMC Atrium Single Sign-On or one of its parent domains. See Default cookie domain for more information.

    Note

    • The higher the level of the selected parent domain, the higher the risk of user impersonation. Top-level domains (for example, com or com.ca) are not supported.
    • You cannot use sibling domains or cross-domains with BMC Atrium Single Sign-On. For example, installing the BMC Atrium Single Sign-On server in the remedy.com domain and the AR System server in the bmc.com domain is not supported. You must move all your computers into the same domain.

11. Enter a strong administrator password (at least eight characters long), confirm the password, and then click Next.
    The default SSO administrator name is amadmin.

    Note

    The password must contain digits, upper- and lower-case alphabetic characters, and special characters such as . ] [ \ ^ _ ` $ # " -. See Administrator password for more information.

12. Review the installation summary and click Install.

Verifying the installation

1. Verify that your BMC Atrium Single Sign-On installation was successful by accessing the BMC Atrium Single Sign-On URL:
   1. Navigate to Start > All Programs > BMC Software > BMC Atrium SSO > Administrator to launch the BMC Atrium SSO Admin Console.
      The URL to open the BMC Atrium SSO Admin Console is:
      https://<ssoserver>.<domain>:<port>/atriumsso
      For example:
      https://ssoserver.bmc.com:8443/atriumsso
   2. When you are prompted that you are connecting to an insecure or untrusted connection, add the exception and then continue.

       

      Note

      Browsers display this warning because you have not yet configured the SSO authentication as a trusted provider.

   3. Confirm that you can view the BMC Atrium SSO logon panel.
   4. Log on with the SSO administrator name (for example, amadmin) and password.
      The BMC Atrium SSO Admin Console appears.
      

       

      Note

      The amadmin user is the default administrator user for BMC Atrium Single Sign-on. You can use the amadmin user only for accessing the BMC Atrium SSO Admin Console. You cannot log on to your authenticating BMC applications by using the amadmin user.

2. (Optional) Create an administrative user account for BMC Products to perform search functions on the user store (for example, to list user names and emails):
   • If you are using the BMC Atrium Single Sign-On server internal LDAP, assign the BMCSearchAdmins group to the new user account.
   • If you are using an external system for authentication (such as AR System, LDAP, or Active Directory), assign the BmcSearchAdmins group to either an already existing user account or a new user account.