Configuring Remedy SSO for applications hosted on different domains
You configure multiple domain support so Remedy Single Sign-On can provide authentication for applications hosted on different domains. For example, your application is hosted in your company data center and the Remedy SSO server is hosted in another data center, such as a BMC data center. In this scenario, the Remedy SSO agent and server must act as an OpenID Client and OpenID provider respectively.
The following Remedy SSO features are not supported for the applications for which Remedy SSO agent and server act as an OpenID client and OpenID provider respectively:
- Bypass SAML authentication for reauthentication requests.
Multi-Service Provider (MSP).
- AR Bypass functionality.
To allow applications hosted on different domains to use the same Remedy SSO server for authentication
In Remedy SSO Admin Console, register an application as an OAuth2 client. For information about how to configure the OAuth2 client, see Configuring OAuth 2.0.
Select the openid (Scope used for OpenID connect) check box to enable the OpenID scope for this client.
- Configure the token timeout for the OAuth client as follows:
- Set the OpenID Issuer URL. The value must correspond to the sso-external-url configured in the rsso-agent.properties file.
- Configure the Access Token Timeout value for managing the user session time.
- Generate the JWK Id for OAuth flow.
Copy the Client ID and Client Secret generated after registering the client as OAuth2 and save them.
On a server with Remedy SSO agent, configure the rsso-agent.properties file as follows:
multi-domain-support=true oauth-client-id=<Client ID> oauth-client-secret=<Client Secret>
Save the rsso-agent.properties file.
Remedy SSO is now configured for using OpenID connect.
If you are using the Chrome browser version 80 and later, you must enable the cross-site cookie in the Advanced settings of the Remedy SSO server. For more information about this setting, see Configuring settings for the Remedy SSO server.
You also need to enable this setting if you are using Chrome browser version 79 and earlier if you have the SameSite by default cookies option enabled for the browser.