The following table lists general properties that you modify for the BMC Helix SSO agent. For example, if you have BMC Helix SSO and an integrated BMC application deployed on different domains, you must set the
multi-domain-support property to true.
Identifies a BMC application integrated with BMC Helix SSO. You can specify any text value or an application URL for this property. If you have BMC Helix SSO deployed in high-availability mode, you must specify the same value as
Disables the BMC Helix SSO agent if the parameter is set to true. In this case, requests are not processed by BMC Helix SSO.
If RSSOAuthenticator in Mid Tier is used, perform the following steps to disable the BMC Helix SSO agent:
If you have BMC Helix SSO and an integrated BMC application deployed on different domains, you must configure the BMC Helix SSO agent to support this deployment use case. For more information about this use case, see Deployment scenarios.
Important: This property is applicable only when multi-domain support is enabled.
If this property is set to true, the time difference between the BMC Helix SSO agent and the BMC Helix SSO server is ignored. This property, set in seconds, specifies the time offset between the BMC Helix SSO server and the BMC Helix SSO agent. For example, if the BMC Helix SSO agent receives a token from the BMC Helix SSO server, and the token issue time according to the time set on the BMC Helix SSO agent is future, the BMC Helix SSO agent accepts the token without any errors.
Enables the BMC Helix SSO agent to expect JSON Web Token (JWT) in the authentication flow. Depending on how the integrated BMC application sends a JWT to BMC Helix SSO, configure the BMC Helix SSO agent to expect JWT by HTTP
For more information about the preauthentication authentication type, see Preauthentication.
Enables end users to change their passwords by accessing the Action Request System server from BMC Helix SSO. The following setting is enabled by default in the rsso-agent.properties configuration file:If due to some reasons, you need to use HTTPS for
For more information about how to use this option, see Configuring the BMC Helix SSO agent to enable end users to change their passwords.
If this property is set to true, the realm entry page for Multi-Service Provider (MSP) deployments is displayed to end users in cases where the BMC Helix SSO server cannot identify to which realm an end user belongs. To always display the realm entry page for MSP deployments, set the
The following table lists properties that enable you to modify URLs. For example, you can define an external URL to which a user who attempts to log in to an integrated BMC application is redirected. This is done by setting up the
Defines a server user-facing (external) URL of the BMC Helix SSO server. The external URL can be the same or different from the internal URL, but both of these URLs must point to the same server where BMC Helix SSO is deployed. The external URL is the user-facing RSSO Server URL which may actually be the LB or ingress controller behind which the actual RSSO Server is deployed. This URL must be accessible by the end users
The BMC Helix SSO agent redirects the browser (user’s request) to
To support multiple BMC Helix SSO web applications, set the value to a comma separated string: each represents an 'application FQDN' mapping, with the format of <application FQDN>:<url>.
Defines a service (internal) URL of the BMC Helix SSO server. Internal service calls are server-to-server.
The BMC Helix SSO agent uses the
For more information about troubleshooting the internal URL, see Troubleshooting.
Important: When you configure support of multiple BMC Helix SSO web applications, set the value to a comma separated string, each representing a domain to the server URL mapping, with the <application FQDN>:<server url> format.
Identifies a BMC application URL that triggers BMC Helix SSO logout. If the logout link generated by the format BMC application matches the
Defines which URLs must not go through the BMC Helix SSO web agent filter.
By default, the following configuration is applied:
Provides a means to enable or disable the option to check the application context by the BMC Helix SSO agent filter. To include the application context in
Identifies a URL to which a user must be redirected after BMC Helix SSO completes a logout flow. BMC Helix SSO redirects an end user only to the same domain as the application domain after the completion of the logout process. For example, if the application domain is bmc.com, any combination of <URL>.bmc.com is allowed.
Alternatively, you can add the
If you combine
If you do not specify both
If you specify After logout URL for a realm in the BMC Helix SSO Admin Console, end users are redirected to the specified URL page.
For more information about After logout URL, see Configuring general settings for a realm.
The BMC Helix SSO agent answers 401 Unauthorized with hidden
By default, the value of this property is false and the BMC Helix SSO agent answers 401 Unauthorized. If this value is true, the BMC Helix SSO agent switches back to the old-style 302 Redirect behavior.
Important: If the multi-domain support is enabled, the BMC Helix SSO agent answers 302 Redirect irrespective of the
The following table lists properties that enable you to modify session configuration for the integration of BMC Helix SSO and a BMC application. For example, you can select a mode in which token data is stored. To perform this action, set the
Defines the time during which the cached session token remains valid without verification by the BMC Helix SSO server. Time is indicated in seconds.
Enables you to choose between an HTTP session and in-memory cache to store the token data.
Important: After you enable the in-memory cache, restart the BMC application integrated with BMC Helix SSO.
When you configure the value for the
sso-service-url parameter, consider the use cases in the following table:
Issues with handshake
When constructing the URL, use the HTTP protocol instead of HTTPS:
If due to some reasons, you need to use HTTPS for
|Permission issues for in-container configuration file modifications|
You can insert any environment parameter for the rsso-agent.properties file by using the following format:
Support of multiple BMC Helix SSO web applications
Set the value to a comma separated string, each representing an application FQDN mapping to the server URL mapping, with the <application FQDN>:<url> format.
For more details about this use case, see Connecting the same BMC Helix SSO agent to different BMC Helix SSO servers.