×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')

Unsupported content

 

This version of the product is in limited support. However, the documentation is available for your convenience. You will not be able to leave comments.
Remedy Single Sign-On 19.05 ... Administering Configuring Remedy SSO for authentication

Allowing Remedy SSO to authenticate applications in iframes

To allow Remedy Single Sign-On to launch applications in iframes and in nested iframes,  you must configure Remedy SSO server to allow launching applications from other domains. 


Related topics

BMC Remedy AR System authentication process

Use cases overview

To enable the Remedy SSO authentication flow of an application in an iframe, you must configure the Allow-From Domains option on the RSSO server:

  • Your application is launched in an iframe:
    Launch apps in an iframe
    In this use case, your application is launched from a parent application in an iframe.


  • Your application is launched in a nested iframe:
    Grandparent-parent-child application authentication flow 19.05

    In this use case, your application is launched in an iframe from the grandparent application.

    Note

    This use case is not limited to launching application in iframes from a second-level hierarchy. The level of nested hierarchy is not restricted, and you can have a child application launched from a grandparent, grandgrandparent, etc.

System requirement prerequisite for applications in nested iframes

If you have applications in nested iframes, then the following requirement must be met before you enable the RSSO configuration:

The child application must pass the following parameter in the GET call to the sub-child application: allow-from-domain=http://parentApplicationDomainName:port,http://ApplicationDomainName:port

The port value is not mandatory. If the port is not stated, then the default port is applied. The default port for HTTP is 80, the default port for HTTPS—443.

The value of this parameter must be URL-encoded.

To display Allow-From Domain(s) in the RSSO server UI

The Allow-From Domain(s) option is by default displayed only for PREAUTH authentication type, and it is not available for all other authentication types.

To display the Allow-From Domain(s) option, start RSSO server with the following JAVA option: com.bmc.rsso.show.advanced.option.ui=true.

To allow the RSSO server to launch applications in iframes

On the Remedy SSO server, in the Administration Console, configure the Allow-From Domains option for your authentication type.

Note

If you have authentication chains, then you must specify Allow-From Domain(s) for every authentication type in the chain.

If your application is nested in more than one iframe (see the grandparent-parent-child use case in the diagram), you must specify all domains in the Allow-From Domains field in the following order and format: <domain of the grandgrandparent>,<domain of the grandparent>, <domain of the parent>.

The possible values for Allow-From Domains settings are the following:

  • * - wildcard. Allowed for all domains
  • hostname - Allowed for specified domain, ignoring port
  • hostname:port - Allowed for exact match host:port

  • proto://hostname:port - Allowed for exact match host:port (proto is ignored, the actual one is taken from the original referrer).

  • proto://hostname - If the port is not stated, then the default port is applied. The default port for HTTP is 80, the default port for HTTPS—443.

Was this page helpful? Yes No Submitting... Thank you
Last modified by Olha Horbachuk on Aug 08, 2022
task

Comments

Log in or register to comment.

Enabling AR authentication for bypassing other authentication methods
Transforming User ID to match Login ID
© Copyright 1991 – 2019 BMC Software, Inc.
© Copyright 1991 – 2019 BladeLogic, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.