×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')

 

This documentation supports the 20.02 version of Remedy Single Sign-On.

To view an earlier version, select the version from the Product version menu.
Remedy Single Sign-On 20.02 Integrating

Manually integrating Remedy SSO with BMC applications


You manually integrate Remedy Single Sign-On with BMC applications when you want to install Remedy SSO server and Remedy SSO agents on platforms that are not supported by the Remedy SSO installer. 

In addition, compared to the Remedy SSO installer, the manual integration steps are easier to execute in various automation and deployment scripts.

The Remedy SSO agent is usually configured to communicate with only one Remedy SSO server. For information about how to configure the web agent to communicate with multiple servers, see Connecting the same Remedy SSO agent to different Remedy SSO servers.

You can integrate Remedy SSO with the following BMC applications:

  • Remedy AR System Server
  • Remedy Mid Tier
  • BMC Analytics
  • TrueSight Presentation Server
  • BMC Configuration Management Database

Related topics

Performing the installation

Removing Remedy SSO integration from Remedy AR System and Remedy Mid Tier

Before you begin

  1. Manually install Remedy SSO
  2. Create a system backup. If there is a need to remove the Remedy SSO integration from a BMC application, you will need to restore files to their previous state.

To manually integrate Remedy SSO with Remedy AR System server

  1. Make sure the following AREA settings (<AR>/Conf/ar.cfg) are configured on the AR Server (can be set from the Server Information form > EA tab):

    External-Authentication-RPC-Socket: 390695
Authentication-Chaining-Mode: 1
Crossref-Blank-Password: T
  2. Copy rsso.cfg from rsso-area-plugin to <AR>/Conf.

  3. In rsso.cfg, adjust the value of your Remedy SSO server service url:

    SSO-SERVICE-URL: <rsso_service_url>

    You must set the sso-service-url in the configuration file only if you integrate Remedy AR System with a single Remedy SSO server.

    To integrate AR System with multiple Remedy SSO servers, you must configure this setting for each server in the Remedy SSO Admin Console.

  4. Copy rsso-area-plugin-all.jar file from rsso-area-plugin to <AR>/pluginsvr directory.

  5. Copy gson-2.3.1.jar and slf4j-api-1.7.25.jar from lib to <AR>/pluginsvr directory.

  6. Edit <AR>/pluginsvr/pluginsvr_config.xml, and add Remedy SSO AREA plug-in by replacing <AR> with the corresponding path:

    <plugin>
    <name>ARSYS.AREA.RSSO</name>
    <classname>com.bmc.rsso.plugin.area.RSSOPlugin</classname>
    <pathelement type="location"><AR>/pluginsvr/rsso-area-plugin-all.jar</pathelement>
    <pathelement type="location"><AR>/pluginsvr/gson-2.3.1.jar</pathelement>
    <pathelement type="location"><AR>/pluginsvr/slf4j-api-1.7.25.jar</pathelement>
    <userDefined>
        <configFile>{AR}/Conf/rsso.cfg</configFile>
    </userDefined>
</plugin>
  7. Restart the AR System server.

To manually integrate Remedy SSO with Remedy Mid Tier

  1. Stop the Tomcat service installed on Mid Tier.
  2. Configure the Authenticator as follows:

    1. Edit the following line in the config.properties file (<Mid_Tier>/WEB-INF/classes) to use the RSSOAuthenticator:

      arsystem.authenticator=com.bmc.rsso.plugin.authenticator.RSSOAuthenticator
    2. Copy the rsso-authenticator-plugin-all.jar file from rsso-authenticator-plugin to the <Mid_Tier>/WEB-INF/lib folder.
    3. Copy the gson-2.3.1.jar file from Remedy SSO installation package Disk1\files\lib to the <Mid_Tier>/WEB-INF/lib folder.
  3. Configure the Web Agent as follows:
    1. Copy the rsso-agent-all.jar file from /rsso-agent to the <Mid_Tier>/WEB-INF/lib folder.

    2. Copy /rsso-agent/rsso-agent.properties file to the <Mid_Tier>/WEB-INF/classes folder, and modify it as required:

      logout-urls=/atssologout.html

sso-external-url=${sp-services-url}
# sso-external-url is a public user-facing URL exposed for end-users for authentication. 
# In standalone mode, sso-external-url must be an HTTPS URL. For example, https://my-rsso.bmc.com/rsso
# If Remedy SSO is installed in an HA mode, sso-service-url must be a Load Balancer (LB) URL.

sso-service-url=${sp-services-internal-url}
# If Remedy SSO is installed in an HA mode, sso-service-url must be a Load Balancer (LB) URL.
# In standalone mode, sso-service-url is recommended to be an HTTP URL. For example, http://my-rsso.bmc.com/rsso.

agent-id=${agent-id}
# agent-id must be a unique identifier. Agent-id must be the same on all nodes in a Mid Tier HA cluster. 
# BMC recommends to set this value to a simple identifier instead of a HTTP URL. For example, agent-id=analytics_agent.

use-in-memory-cache=true
# Allows to choose between HttpSession and in-memory cache to store token data.
# Option can't be changed at run time

  4. Edit the <Mid_Tier>/WEB-INF/web.xml file and add the following Remedy SSO filter configuration:

    <filter>
    <filter-name>RSSOFilter</filter-name>
    <filter-class>com.bmc.rsso.agent.RSSOFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>RSSOFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
    <listener-class>com.bmc.rsso.agent.RSSOListener</listener-class>
</listener>


    You must disable Atrium SSO filter if it exists in the web.xml file by commenting it. 

  5. Copy the rsso-agent/rsso-log.cfg file to the <Mid_Tier>/WEB-INF/classes folder.
  6. Copy the following files from the lib folder to the <Mid_Tier>/WEB-INF/lib folder:
    • caffeine-<version>.jar
    • jjwt-impl-<version>.jar
    • org.apache.oltu.oauth2.client-<version>.jar
    • jjwt-jackson-<version>.jar
    • jjwt-api-<version>.jar
    • json-<version>.jar
    • slf4j-api-<version>.jar
    • jackson-annotations-<version>.jar
    • jackson-core-<version>.jar
    • jackson-databind-<version>.jar
  7. Copy rsso-agent-all.jar from the Disk1/files/rsso-agent folder to the <Mid_Tier>/WEB-INF/lib folder.
  8. Restart Mid Tier/ Tomcat.

To manually integrate Remedy SSO with BMC Analytics

Before executing the following steps to configure BMC Analytics for Single Sign-On, ensure that the prerequisites are met.

  1. Stop Analytics Tomcat service.
  2. Copy rsso-agent/rsso-agent-all.jar to <TOMCAT>/webapp/BI/WEB-INF/lib.

  3. Copy rsso-agent/rsso-agent.properties file to <TOMCAT>/webapp/BI/WEB-INF/classes, and modify it as required:

    logout-urls=/atssologout.html

sso-external-url=${sp-services-url}
# sso-external-url is a public user-facing URL exposed for end-users for authentication. 
# In standalone mode, sso-external-url must be an HTTPS URL. For example, https://my-rsso.bmc.com/rsso
# If Remedy SSO is installed in an HA mode, sso-service-url must be a Load Balancer (LB) URL.

sso-service-url=${sp-services-internal-url}
# If Remedy SSO is installed in an HA mode, sso-service-url must be a Load Balancer (LB) URL.
# In standalone mode, sso-service-url is recommended to be an HTTP URL. For example, http://my-rsso.bmc.com/rsso.

agent-id=${agent-id}
# agent-id must be a unique identifier. Agent-id must be the same on all nodes in a Mid Tier HA cluster. 
# BMC recommends to set this value to a simple identifier instead of a HTTP URL. For example, agent-id=analytics_agent.

use-in-memory-cache=true
# Allows to choose between HttpSession and in-memory cache to store token data.
# Option can't be changed at run time.
  4. Copy the following jar files into <TOMCAT>/webapp/BI/WEB-INF/lib:
    • caffeine-<version>.jar
    • jjwt-impl-<version>.jar
    • org.apache.oltu.oauth2.client-<version>.jar
    • jjwt-jackson-<version>.jar
    • jjwt-api-<version>.jar
    • json-<version>.jar
    • slf4j-api-<version>.jar
    • jackson-annotations-<version>.jar
    • jackson-<version>.jar
    • jackson-databind-<version>.jar
  5. Copy the following files from the Disk1/files/rsso-agent folder to the <Mid_Tier>/WEB-INF/lib folder:
    • rsso-client-impl.jar
    • rsso-sdk-atsso.jar
    • rsso-agent-all.jar
  6. Copy rsso-sdk/sso-sdk.properties into <TOMCAT>/webapp/BI/WEB-INF/classes.
  7. Delete the following BMC Atrium Single Sign-On JAR files in <TOMCAT>/webapp/BI/WEB-INF/lib:
    • atsso-common-<version>.jar
    • atsso-sdk-<version>.jar
    • atsso-webagent-<version>.jar
  8. Restart the Analytics Tomcat service.

To manually integrate Remedy SSO with TrueSight Presentation Server

  1. Stop the TrueSight Presentation Server.

  2. Place theRemedy SSO filter into ${truesight.home}/modules/tomcat/conf/web.xml as the first filter:

    <filter>
    <filter-name>RSSOFilter</filter-name>
    <filter-class>com.bmc.rsso.agent.RSSOFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>RSSOFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

  3. Create the following folder: 
    <TrueSightPServer>\truesightpserver\modules\tomcat\rsso_agent.

  4. Copy the following files into the created folder:
    • caffeine-<version>.jar
    • jjwt-impl-<version>.jar
    • org.apache.oltu.oauth2.client-<version>.jar
    • jjwt-jackson-<version>.jar
    • jjwt-api-<version>.jar
    • json-<version>.jar
    • slf4j-api-<version>.jar
    • jackson-annotations-<version>.jar
    • jackson-core-<version>.jar
    • jackson-databind-<version>.jar
    • rsso-client-impl.jar
    • rsso-sdk-atsso.jar
    • rsso-agent-all.jar
  5. Delete rsso-agent.properties file from rsso-agent-all.jar.
  6. Open the file <TrueSightPServer>\truesightpserver\conf\services\csr.conf, and make the following changes: 
    1. Add the following paths to the classpath list:
      • ${truesight.home}/modules/tomcat/rsso_agent/caffeine-<version>.jar
      • ${truesight.home}/modules/tomcat/jjwt-impl-<version>.jar
      • ${truesight.home}/modules/tomcat/rsso_agent/org.apache.oltu.oauth2.client-<version>.jar
      • ${truesight.home}/modules/tomcat/rsso_agent/jjwt-jackson-<version>.jar
      • ${truesight.home}/modules/tomcat/rsso_agent/jjwt-api-<version>.jar
      • ${truesight.home}/modules/tomcat/rsso_agent/json-<version>.jar
      • ${truesight.home}/modules/tomcat/rsso_agents/slf4j-api-<version>.jar
      • ${truesight.home}/modules/tomcat/rsso_agents/jackson-annotations-<version>.jar
      • ${truesight.home}/modules/tomcat/rsso_agents/jackson-core-<version>.jar
      • ${truesight.home}/modules/tomcat/rsso_agents/jackson-databind-<version>.jar
      • ${truesight.home}/modules/tomcat/rsso_agents/rsso-client-impl.jar
      • ${truesight.home}/modules/tomcat/rsso_agents/rsso-sdk-atsso.jar
      • ${truesight.home}/modules/tomcat/rsso_agents/rsso-agent-all.jar
    2. Comment the following line with path:
      ${truesight.home}/lib/dependencies/gson-<version>.jar.
  7. Configure the Remedy SSO agent. 

    • Open the file <TrueSightPServer>\truesightpserver\modules\tomcat\rsso_agent\rsso-agent.properties and add the following configuration:

      agent-id=tsps_agent
sso-external-url=https://<RSSO_HOST_PORT>/rsso
sso-service-url=https://<RSSO_HOST_PORT>/rsso
  8. Generate new SSL certificate with CN=<TSPS_HOST> and replace the existing certificate in keystore <TrueSightPServer>\truesightpserver\conf\secure\loginvault.ks.
  9. Start the TrueSight Presentation Server.

To manually integrate Remedy SSO with BMC Configuration Management Database

If you have integrated Remedy SSO with Remedy AR System and Remedy Mid Tier, Remedy SSO is automatically integrated with new BMC Configuration Management Database UI (CMDB UI). If the integration fails, integrate Remedy SSO with new CMDB UI manually. See  Manually integrating Remedy Single Sign-On with Jetty server Open link .

To remove the integration of Remedy SSO from a BMC application

To remove the integration of Remedy SSO from a BMC application, perform the manual integration steps in reverse order. 

For information about how to remove integration between Remedy SSO and Remedy AR System, see Removing Remedy SSO integration from Remedy AR System and Remedy Mid Tier.

Was this page helpful? Yes No Submitting... Thank you
Last modified by Olha Horbachuk on Jul 29, 2020
integration task

Comments

  1. Mariusz Cwiklinski

    Section "To manually integrate Remedy SSO with BMC Configuration Management Database" has incorrect information in point 2 for rsso-agent.properties file.

    The following parameters are incorrect:

    logout-urls=/api/rx/sso-logout

    use-in-memory-cache=true

    Correct values should be:

    logout-urls=/api/rsso-logout

    use-in-memory-cache=false

    Apr 16, 2020 02:44
    1. Olga Kutetska

      Hello! Thank you for the feedback. We will address this improvement as soon as possible, and let you know when the update is published.

      May 08, 2020 07:14
    1. Olha Horbachuk

      Hi Mariusz Cwiklinski,

      Your request has been investigated by the R&D team. Remedy Single Sign-On uses the same code for all BMC applications. All the rest integrated applications work successfully. The use-in-memory-cache=false property is implemented by design. For the logout-urls=/api/rx/sso-logout property, this is application-specific. If any other value is needed, please update the appropriate part of the product documentation (in this case, CMDB).

      Regards,

      Olha

      Jul 23, 2020 02:10
      1. Mariusz Cwiklinski

        I'm speaking about CMDB section on this page (section "To manually integrate Remedy SSO with BMC Configuration Management Database") - IT HAS INCORRECT VALUES for CMDB. Following "To manually integrate Remedy SSO with BMC Configuration Management Database" procedure will break RSSO on CMDB. See BMC Case 00800343. BMC Support and R&D confirmed that correct values for CMDB are: logout-urls=/api/rsso-logout use-in-memory-cache=false

        BMC should not publish incorrect procedures.

        Jul 23, 2020 02:29
        1. Olha Horbachuk

          The Remedy SSO team has confirmed that these values are correct for RSSO. They have experienced the same case with IS, and the problem was found on the application side. Please contact the CMDB R&D team.

          Jul 23, 2020 02:43
          1. Mariusz Cwiklinski

            But on this page you provided procedure for CMDB: "To manually integrate Remedy SSO with BMC Configuration Management Database".

            I contacted CMDB R&D team - see BMC Case 00800343.

            BMC Support and R&D confirmed that correct values for CMDB are:

            logout-urls=/api/rsso-logout

            use-in-memory-cache=false

            You must update this page in CMDB section ("To manually integrate Remedy SSO with BMC Configuration Management Database").

            Jul 23, 2020 02:55
            1. Olha Horbachuk

              I updated the CMDB section. From now on, please use the instructions by following the link.

              Jul 29, 2020 02:55
  2. Stefan Hall

    Remedy MT Integration

    since version 20.02 (maybe already 19.11/1908?) the webRSSO.xml contains a different filter. Please check if the information here is still correct.

    <filter>

    <filter-name>BYPASSRSSO</filter-name>

    <filter-class>com.remedy.arsys.ByPassRssoFilter</filter-class>

</filter>

<filter-mapping>

    <filter-name>BYPASSRSSO</filter-name>

    <url-pattern>/*</url-pattern>

</filter-mapping>
    Apr 23, 2020 06:18
  3. Olga Kutetska

    Hello, Stefan! Thank you for the comment. I have checked with R&D team. They claim the filter you are mentioning is not RSSO's filter. It is AR's filter. The information on this page is technically accurate for 20.02.

    Apr 24, 2020 05:38
  4. Laura Garcia

    Impossible to understand "To manually integrate Remedy SSO with BMC Configuration Management Database" paths do not exist (where is %ISInstalledDirectory% and then conf or bin? seem to be paths for Linux). Please update.

    May 06, 2020 02:54
    1. Olga Kutetska

      Hello! Thank you for the feedback. We will address this improvement as soon as possible, and let you know when the update is published.

      May 08, 2020 07:14
      1. Anagha Deshpande

        Hello Laura,

        Apologies for the delayed response.

        Please refer to the Manually integrating Remedy Single Sign-On with Jetty server topic in the Remedy AR System online documentation.

        Regards,

        Anagha

        Jun 06, 2020 12:16

Log in or register to comment.

Integrating Remedy SSO with BMC Discovery
Removing Remedy SSO integration from Remedy AR System and Remedy Mid Tier
© Copyright 2005-2007, 2009-2020 BMC Software, Inc.
© Copyright 2005-2007, 2009-2020 BladeLogic, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.