• Spaces
  • Collections
  • Help
    • ×
     
     
    •  
    BMC Helix Single Sign-On 22.3

    Page tree

     

    This documentation supports the 22.3 version of BMC Helix Single Sign-On, which is available only to BMC Helix customers (SaaS). 

    To view an earlier version, select the version from the Product version menu.

    During the login procedure, BMC Helix Single Sign-On checks that the login ID provided by an end user matches the userID available in the user store of an identity provider (IdP). In many use cases, the login ID and the userID do not match, therefore end users cannot log in by using their login credentials. In such cases, BMC Helix Single Sign-Ontransform the userID for an authentication method by specifying a userID transformation type.

    For example, the user name from the identity provider response is CustomeUserName@gmail.com coming from the identity provider response and the user name specified in the Remedy AR System is CustomUserName. To configure the authentication method for end users' login, you must remove the domain from the userID.

    You might also need to transform a userID when you integrate BMC Helix SSO with BMC applications, set up an authentication method, and then change the original authentication method. The new authentication method might not provide the same userID format that was available with the original method, and you must specify a userID transformation type for this authentication type.   

    Related topics

    Adding and configuring realms

    Important

    The userID transformation options are supported for all authentication types except "Local".

    To transform the userID to match the login ID

    1. In the left navigation panel of the Add Realm or Edit Realm page, click Authentication.

    2. In the UserID Transformation field, specify a required transformation type.

    3. Click Save.

    The following table lists the userID transformation options available in the UserID Transformations list:

    TransformationDescription

    None

    Displays the entered userID without any transformation.

    RemoveBMCDomainDisplays the userID without the suffix, for example, abc@ is a suffix for the abc@<anyemaildomain>.
    RemoveDomain

    Displays the userID without the prefix <domain>.

    Example: companyname\userid is transformed to userID.

    RemoveEMailDomainDisplays userID without the suffix@<anyemaildomain>.
    ToLowerCase

    Displays userID after converting it to lower case.

    Example: UserID is transformed to userid.

    ToUpperCase

    Displays userID after converting it to upper case.

    Example: userid is transformed to USERID.


    In addition to the options provided by BMC Helix SSO, you can create and deploy custom transformation types. For more information, see Creating User ID custom transformation types.


    To specify a custom userID to match the login ID

    1. In the left navigation panel of the Add Realm or Edit Realm page, click Authentication.
    2. In the Custom Expression field, specify your value in the following format "userId + {value}".
      For example, by using the #userId + "@bmc.com" expression, you construct Mary@bmc.com.
    3. Click Save.

    You can specify a custom userID by using predefined string functions. The list of Java string functions and their description is displayed in the following table:

    FunctionDescription
    strip()Returns a string whose value is this string, with all leading and trailing white spaces removed.
    substring(int beginIndex)Returns a string that is a substring of this string. The substring begins with the character at the specified index and extends to the end of this string.
    substring(int beginIndex, int endIndex)Returns a string that is a substring of this string. The substring begins at the specified beginIndex and extends to the character at index endIndex - 1.
    toLowerCase()Converts all of the characters in this string to lower case.
    toUpperCase()Converts all of the characters in this string to upper case.
    split(String regex)Splits a string at matches of the given regular expression.
    replace(String target, String replacement)Returns a string resulting from replacing all occurrences of target in this string with replacement.


    The following table represents examples of using string functions:

    ExpressionCurrent valueTransformed value
    #userId.split('@')[0]user1@example.comuser1
    #userId.split('@')[0].toUpperCase()user1@example.comUSER1
    #userId.replace("@example.com", "@abc.com")user1@example.comuser1@abc.com
    #userid.substring(2)p_user12345user12345
    #userid.substring(4, 9) + #userid.substring(0, 4)user1234512345user


    To transform AR System login ID

    When your AR System login ID doesn't match the BMC Helix SSO login ID format, you can transform the login ID with the help of AR REST API. For information about the AR REST API, see AR Server REST API architecture Open link .

    To activate the login ID transformation option:

    1. In BMC Helix SSO, navigate to the appropriate realm.

    2. In the left navigation panel of the Add Realm or Edit Realm page, click Authentication.

    3. In the Custom Expression field, specify your value in the following format: 

      #arAliasToLoginName.convert('AR REST API URL', 'ARUser', 'encrypted ARUser Password', Field ID, #userId)

          4. Click Save.

    As an example, you get the following result:
    #arAliasToLoginName.convert('https://example.com:8443', 'Demo', 'AES-GCM:5de2a10c228a89e8aaaf069c5fb7e448afb997565c0d3c46ba3ddac39fccbddc', 117, #userId)

    Where '117' is a field id for "Full Name" on schema User.


    A password for BMC Helix SSO should be encrypted. For information about how to encrypt passwords, see Configuring after installation

    Write a comment...
    © Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.