Manually integrating Remedy SSO with BMC applications
You manually integrate Remedy Single Sign-On with BMC applications when you want to install Remedy SSO server and Remedy SSO agents on platforms that are not supported by the Remedy SSO installer.
In addition, compared to the Remedy SSO installer, the manual integration steps are easier to execute in various automation and deployment scripts.
The Remedy SSO agent is usually configured to communicate with only one Remedy SSO server. For information about how to configure the web agent to communicate with multiple servers, see Connecting the same Remedy SSO agent to different Remedy SSO servers.
You can integrate Remedy SSO with the following BMC applications:
- Remedy AR System Server
- Remedy Mid Tier
- BMC Analytics
- TrueSight Presentation Server
- BMC Configuration Management Database
Before you begin
- Manually install Remedy SSO
- Create a system backup. If there is a need to remove the Remedy SSO integration from a BMC application, you will need to restore files to their previous state.
To manually integrate Remedy SSO with Remedy AR System server
Make sure the following AREA settings (<AR>/Conf/ar.cfg) are configured on the AR Server (can be set from the Server Information form > EA tab):
External-Authentication-RPC-Socket: 390695 Authentication-Chaining-Mode: 1 Crossref-Blank-Password: T
- Copy rsso.cfg from rsso-area-plugin to <AR>/Conf.
In rsso.cfg, adjust the value of your Remedy SSO server service url:
SSO-SERVICE-URL: <rsso_service_url>
You must set the
sso-service-ur
l in the configuration file only if you integrate Remedy AR System with a single Remedy SSO server.To integrate AR System with multiple Remedy SSO servers, you must configure this setting for each server in the Remedy SSO Admin Console.
Copy rsso-area-plugin-all.jar file from rsso-area-plugin to <AR>/pluginsvr directory.
- Copy gson-2.3.1.jar and slf4j-api-1.7.25.jar from lib to <AR>/pluginsvr directory.
Edit <AR>/pluginsvr/pluginsvr_config.xml, and add Remedy SSO AREA plug-in by replacing <AR> with the corresponding path:
<plugin> <name>ARSYS.AREA.RSSO</name> <classname>com.bmc.rsso.plugin.area.RSSOPlugin</classname> <pathelement type="location"><AR>/pluginsvr/rsso-area-plugin-all.jar</pathelement> <pathelement type="location"><AR>/pluginsvr/gson-2.3.1.jar</pathelement> <pathelement type="location"><AR>/pluginsvr/slf4j-api-1.7.25.jar</pathelement> <userDefined> <configFile>{AR}/Conf/rsso.cfg</configFile> </userDefined> </plugin>
- Restart the AR System server.
To manually integrate Remedy SSO with Remedy Mid Tier
- Stop the Tomcat service installed on Mid Tier.
- Configure the Authenticator as follows:
Edit the following line in the config.properties file (<Mid_Tier>/WEB-INF/classes) to use the
RSSOAuthenticator
:arsystem.authenticator=com.bmc.rsso.plugin.authenticator.RSSOAuthenticator
- Copy the rsso-authenticator-plugin-all.jar file from rsso-authenticator-plugin to the <Mid_Tier>/WEB-INF/lib folder.
- Copy the gson-2.3.1.jar file from Remedy SSO installation package Disk1\files\lib to the <Mid_Tier>/WEB-INF/lib folder.
- Configure the Web Agent as follows:
- Copy the rsso-agent-all.jar file from /rsso-agent to the <Mid_Tier>/WEB-INF/lib folder.
Copy /rsso-agent/rsso-agent.properties file to the <Mid_Tier>/WEB-INF/classes folder, and modify it as required:
logout-urls=/atssologout.html sso-external-url=${sp-services-url} # sso-external-url is a public user-facing URL exposed for end-users for authentication. # In standalone mode, sso-external-url must be an HTTPS URL. For example, https://my-rsso.bmc.com/rsso # If Remedy SSO is installed in an HA mode, sso-service-url must be a Load Balancer (LB) URL. sso-service-url=${sp-services-internal-url} # If Remedy SSO is installed in an HA mode, sso-service-url must be a Load Balancer (LB) URL. # In standalone mode, sso-service-url is recommended to be an HTTP URL. For example, http://my-rsso.bmc.com/rsso. agent-id=${agent-id} # agent-id must be a unique identifier. Agent-id must be the same on all nodes in a Mid Tier HA cluster. # BMC recommends to set this value to a simple identifier instead of a HTTP URL. For example, agent-id=analytics_agent. use-in-memory-cache=true # Allows to choose between HttpSession and in-memory cache to store token data. # Option can't be changed at run time
Edit the <Mid_Tier>/WEB-INF/web.xml file and add the following Remedy SSO filter configuration:
<filter> <filter-name>RSSOFilter</filter-name> <filter-class>com.bmc.rsso.agent.RSSOFilter</filter-class> </filter> <filter-mapping> <filter-name>RSSOFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <listener> <listener-class>com.bmc.rsso.agent.RSSOListener</listener-class> </listener>
You must disable Atrium SSO filter if it exists in the web.xml file by commenting it.
- Copy the rsso-agent/rsso-log.cfg file to the <Mid_Tier>/WEB-INF/classes folder.
- Copy the following files from the lib folder to the <Mid_Tier>/WEB-INF/lib folder:
- caffeine-<version>.jar
- jjwt-impl-<version>.jar
- org.apache.oltu.oauth2.client-<version>.jar
- jjwt-jackson-<version>.jar
- jjwt-api-<version>.jar
- json-<version>.jar
- slf4j-api-<version>.jar
- jackson-annotations-<version>.jar
- jackson-core-<version>.jar
- jackson-databind-<version>.jar
- Copy rsso-agent-all.jar from the Disk1/files/rsso-agent folder to the <Mid_Tier>/WEB-INF/lib folder.
- Restart Mid Tier/ Tomcat.
To manually integrate Remedy SSO with BMC Analytics
Before executing the following steps to configure BMC Analytics for Single Sign-On, ensure that the prerequisites are met.
- Stop Analytics Tomcat service.
- Copy rsso-agent/rsso-agent-all.jar to <TOMCAT>/webapp/BI/WEB-INF/lib.
Copy rsso-agent/rsso-agent.properties file to <TOMCAT>/webapp/BI/WEB-INF/classes, and modify it as required:
logout-urls=/atssologout.html sso-external-url=${sp-services-url} # sso-external-url is a public user-facing URL exposed for end-users for authentication. # In standalone mode, sso-external-url must be an HTTPS URL. For example, https://my-rsso.bmc.com/rsso # If Remedy SSO is installed in an HA mode, sso-service-url must be a Load Balancer (LB) URL. sso-service-url=${sp-services-internal-url} # If Remedy SSO is installed in an HA mode, sso-service-url must be a Load Balancer (LB) URL. # In standalone mode, sso-service-url is recommended to be an HTTP URL. For example, http://my-rsso.bmc.com/rsso. agent-id=${agent-id} # agent-id must be a unique identifier. Agent-id must be the same on all nodes in a Mid Tier HA cluster. # BMC recommends to set this value to a simple identifier instead of a HTTP URL. For example, agent-id=analytics_agent. use-in-memory-cache=true # Allows to choose between HttpSession and in-memory cache to store token data. # Option can't be changed at run time.
- Copy the following jar files into <TOMCAT>/webapp/BI/WEB-INF/lib:
- caffeine-<version>.jar
- jjwt-impl-<version>.jar
- org.apache.oltu.oauth2.client-<version>.jar
- jjwt-jackson-<version>.jar
- jjwt-api-<version>.jar
- json-<version>.jar
- slf4j-api-<version>.jar
- jackson-annotations-<version>.jar
- jackson-<version>.jar
- jackson-databind-<version>.jar
- Copy the following files from the Disk1/files/rsso-agent folder to the <Mid_Tier>/WEB-INF/lib folder:
- rsso-client-impl.jar
- rsso-sdk-atsso.jar
- rsso-agent-all.jar
- Copy rsso-sdk/sso-sdk.properties into <TOMCAT>/webapp/BI/WEB-INF/classes.
- Delete the following BMC Atrium Single Sign-On JAR files in <TOMCAT>/webapp/BI/WEB-INF/lib:
- atsso-common-<version>.jar
- atsso-sdk-<version>.jar
- atsso-webagent-<version>.jar
- Restart the Analytics Tomcat service.
To manually integrate Remedy SSO with TrueSight Presentation Server
- Stop the TrueSight Presentation Server.
Place theRemedy SSO filter into ${truesight.home}/modules/tomcat/conf/web.xml as the first filter:
<filter> <filter-name>RSSOFilter</filter-name> <filter-class>com.bmc.rsso.agent.RSSOFilter</filter-class> </filter> <filter-mapping> <filter-name>RSSOFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
Create the following folder:
<TrueSightPServer>\truesightpserver\modules\tomcat\rsso_agent.- Copy the following files into the created folder:
- caffeine-<version>.jar
- jjwt-impl-<version>.jar
- org.apache.oltu.oauth2.client-<version>.jar
- jjwt-jackson-<version>.jar
- jjwt-api-<version>.jar
- json-<version>.jar
- slf4j-api-<version>.jar
- jackson-annotations-<version>.jar
- jackson-core-<version>.jar
- jackson-databind-<version>.jar
- rsso-client-impl.jar
- rsso-sdk-atsso.jar
- rsso-agent-all.jar
- Delete rsso-agent.properties file from rsso-agent-all.jar.
- Open the file <TrueSightPServer>\truesightpserver\conf\services\csr.conf, and make the following changes:
- Add the following paths to the classpath list:
- ${truesight.home}/modules/tomcat/rsso_agent/caffeine-<version>.jar
- ${truesight.home}/modules/tomcat/jjwt-impl-<version>.jar
- ${truesight.home}/modules/tomcat/rsso_agent/org.apache.oltu.oauth2.client-<version>.jar
- ${truesight.home}/modules/tomcat/rsso_agent/jjwt-jackson-<version>.jar
- ${truesight.home}/modules/tomcat/rsso_agent/jjwt-api-<version>.jar
- ${truesight.home}/modules/tomcat/rsso_agent/json-<version>.jar
- ${truesight.home}/modules/tomcat/rsso_agents/slf4j-api-<version>.jar
- ${truesight.home}/modules/tomcat/rsso_agents/jackson-annotations-<version>.jar
- ${truesight.home}/modules/tomcat/rsso_agents/jackson-core-<version>.jar
- ${truesight.home}/modules/tomcat/rsso_agents/jackson-databind-<version>.jar
- ${truesight.home}/modules/tomcat/rsso_agents/rsso-client-impl.jar
- ${truesight.home}/modules/tomcat/rsso_agents/rsso-sdk-atsso.jar
- ${truesight.home}/modules/tomcat/rsso_agents/rsso-agent-all.jar
- Comment the following line with path:
${truesight.home}/lib/dependencies/gson-<version>.jar.
- Add the following paths to the classpath list:
- Configure the Remedy SSO agent.
Open the file <TrueSightPServer>\truesightpserver\modules\tomcat\rsso_agent\rsso-agent.properties and add the following configuration:
agent-id=tsps_agent sso-external-url=https://<RSSO_HOST_PORT>/rsso sso-service-url=https://<RSSO_HOST_PORT>/rsso
- Generate new SSL certificate with CN=<TSPS_HOST> and replace the existing certificate in keystore <TrueSightPServer>\truesightpserver\conf\secure\loginvault.ks.
- Start the TrueSight Presentation Server.
To manually integrate Remedy SSO with BMC Configuration Management Database
If you have integrated Remedy SSO with Remedy AR System and Remedy Mid Tier, Remedy SSO is automatically integrated with new BMC Configuration Management Database UI (CMDB UI). If the integration fails, integrate Remedy SSO with new CMDB UI manually. See Manually integrating Remedy Single Sign-On with Jetty server .
To remove the integration of Remedy SSO from a BMC application
To remove the integration of Remedy SSO from a BMC application, perform the manual integration steps in reverse order.
For information about how to remove integration between Remedy SSO and Remedy AR System, see Removing Remedy SSO integration from Remedy AR System and Remedy Mid Tier.
Comments
Section "To manually integrate Remedy SSO with BMC Configuration Management Database" has incorrect information in point 2 for rsso-agent.properties file.
The following parameters are incorrect:
logout-urls=/api/rx/sso-logout
use-in-memory-cache=true
Correct values should be:
logout-urls=/api/rsso-logout
use-in-memory-cache=false
Hello! Thank you for the feedback. We will address this improvement as soon as possible, and let you know when the update is published.
Hi Mariusz Cwiklinski,
Your request has been investigated by the R&D team. Remedy Single Sign-On uses the same code for all BMC applications. All the rest integrated applications work successfully. The
use-in-memory-cache=false
property is implemented by design. For thelogout-urls=/api/rx/sso-logout
property, this is application-specific. If any other value is needed, please update the appropriate part of the product documentation (in this case, CMDB).Regards,
Olha
I'm speaking about CMDB section on this page (section "To manually integrate Remedy SSO with BMC Configuration Management Database") - IT HAS INCORRECT VALUES for CMDB. Following "To manually integrate Remedy SSO with BMC Configuration Management Database" procedure will break RSSO on CMDB. See BMC Case 00800343. BMC Support and R&D confirmed that correct values for CMDB are: logout-urls=/api/rsso-logout use-in-memory-cache=false
BMC should not publish incorrect procedures.
The Remedy SSO team has confirmed that these values are correct for RSSO. They have experienced the same case with IS, and the problem was found on the application side. Please contact the CMDB R&D team.
But on this page you provided procedure for CMDB: "To manually integrate Remedy SSO with BMC Configuration Management Database".
I contacted CMDB R&D team - see BMC Case 00800343.
BMC Support and R&D confirmed that correct values for CMDB are:
logout-urls=/api/rsso-logout
use-in-memory-cache=false
You must update this page in CMDB section ("To manually integrate Remedy SSO with BMC Configuration Management Database").
I updated the CMDB section. From now on, please use the instructions by following the link.
Remedy MT Integration
since version 20.02 (maybe already 19.11/1908?) the webRSSO.xml contains a different filter. Please check if the information here is still correct.
Hello, Stefan! Thank you for the comment. I have checked with R&D team. They claim the filter you are mentioning is not RSSO's filter. It is AR's filter. The information on this page is technically accurate for 20.02.
Impossible to understand "To manually integrate Remedy SSO with BMC Configuration Management Database" paths do not exist (where is %ISInstalledDirectory% and then conf or bin? seem to be paths for Linux). Please update.
Hello! Thank you for the feedback. We will address this improvement as soon as possible, and let you know when the update is published.
Hello Laura,
Apologies for the delayed response.
Please refer to the Manually integrating Remedy Single Sign-On with Jetty server topic in the Remedy AR System online documentation.
Regards,
Anagha
Log in or register to comment.