This documentation supports the 20.02 version of Remedy Single Sign-On.

To view an earlier version, select the version from the Product version menu.

Integrating Remedy SSO with BMC Digital Workplace

This topic describes how to configure the integration of Remedy Single Sign-On with BMC Digital Workplace.

Based on your organization’s requirement, you can configure any of the authentication methods to authenticate the users for various BMC applications.

As an administrator, you can integrate Remedy SSO with BMC Digital Workplace. After the integration, you can configure the required protocol for authentication. BMC does not support the Kerberos authentication for mobile apps, but you can configure the Kerberos authentication for web apps.

Remedy Single Sign-On authentication applies to browsers and mobile applications. When a user logs in on a mobile device, the user is prompted to enter the host name and port. If the server has SSO enabled, the mobile client opens a browser to the SSO login page. The SSO server sets the SSO cookies after authentication on the device browser. When the user relaunches the application, if the cookies are not expired, the mobile client displays the application. If the cookies are expired, the user is shown the login page again for authentication.

Before you begin

  • Install Remedy Single Sign-On and configure realms. For more information, see the Remedy Single Sign-On 19.11 documentation.
  • Install BMC Digital Workplace.
  • Verify that access to the Remedy SSO servers and the BMC Digital Workplace server requires the same domain. Otherwise, deploying the Remedy Single Sign-On agent will not work.

Creating the file


If you are upgrading from a previous version of BMC Digital Workplace and you added custom configuration properties to the file. you must copy the custom configuration properties to the new file.

To integrate the BMC Digital Workplace with Remedy Single Sign-On, you need create the file on the BMC Digital Workplace server.


If the file is missing, see KA 000372013 .

Mappings required between the BMC Digital Workplace domain and Remedy Single Sign-On server

Before you create the file, you should understand the mapping between the BMC Digital Workplace domain and Remedy Single Sign-On server (<domain>:<url>). Using this information, you will update the following properties in the file.



Remedy SSO agent redirects the browser (user’s request) to this URL when the Remedy SSO agent detects that one of the following happens:

  • The request needs to be authenticated.
  • The application logout is completed (that is, if the request refers to "logout-urls").
sso-service-urlRemedy SSO agent uses this the URL to call the Remedy Single Sign-On web app APIs to perform the following tasks:
  • Retrieve configuration details, such as cookie name, cookie domain, and realm-domain mappings.
  • Check whether the token cookie from the browser (user's request) is valid and if it is valid, retrieve Remedy Single Sign-On.
  • Register the Remedy SSO server to track other application agents. The tracking helps the agent to know the login status of other application agents prior to logging out.

To support multiple Remedy Single Sign-On servers on an agent, set the different values of the domain-to-server mapping as comma-separated strings. For example, assume that the Remedy Single Sign-On server for the domain “firstcompany” is and the Remedy Single Sign-On server for the domain “secondcompany” is Then, the properties definition will be the following:


To create the file

  1. On the BMC Digital Workplace server, navigate to /opt/apache/tomcat8.5/external-conf.
  2. Create the file.
  3. Copy the following content to the file, and adjust the configuration values as required.

    # For the Agent Identifier, representing an application integrated with BMC Remedy Single Sign-On, set application URL as its value.
    # The value should be the same on all nodes in same application cluster, but should be different for different applications.
    # e.g. agent-id = http://midtier-hostname/arsys
    # Application URL to trigger RSSO logout, usually is redirected after application logout is completed
    # Application URL patterns NOT going through RSSO web agent filter
    # If this property is set to true, the application context name will not be excluded for checking excluded url pattern
    # context-included=false
    # RSSO webapp external url for redirection
    # To support multiple RSSO webapps, set the value to a comma separated string: each represents a 'domain to server url' mapping, with the format of <domain>:<url>, 
    # e.g. domain1:https://server1:8443/rsso,domain2:https://server2:8443/rsso
    # RSSO webapp internal url for service call. Use HTTP instead of HTTPS protocol to avoid problems with handshake.
    # To support multiple RSSO webapps, set the value to a comma separated string, each represents a 'domain to server url' mapping, with the format of <domain>:<url>, 
    # e.g. domain1:http://server1:8080/rsso,domain2:http://server2:8080/rsso
    # Time during that cached token status will be used without verified at SSO server side. Default value is 3 min.
    # token-status-cache-timeout=180
    # MSP-related flags
    # Flag to show realm-entry-page for the MSP deployments
    # msp-deployment=true
    # msp-always-show-domain-entry-page=true
    # To disable Remedy SSO agent just set value to true. In this case all requests will not being processed by Remedy SSO.
    # skip-filter=false
    # That property is mandatory for preauthentication. Put one of the following possible values: GET or POST
    # preauth-type=GET
    # Action path mask. If agent detects /_rsso in servlet path. Default value is: /_rsso
    # action-path-mask=/_rsso
  4. Save the changes.

  5. Restart the Tomcat server.

To integrate Remedy SSO with BMC Digital Workplace

For clusters, complete the following procedure for each BMC Digital Workplace server.

  1. Start the DWPTomcat service.
  2. Make sure single sign-on integration is enabled on BMC Digital Workplace database table.
  3. To enable the integration:

a. Edit the set_env.bat (Windows) or (Linux) and set SAML_authentication to True.

b. Run the following SQL query to update the value:


4. Stop the DWPTomcat service.

5. Restart the Tomcat service.

Was this page helpful? Yes No Submitting... Thank you


  1. Priya Balakrishnan


    In the "To integrate Remedy SSO with BMC Digital Workplace" section, the wording used in point 3 is incorrect. "To enable the integration, complete one of the following steps"

    From experience, Completing only the first step, does not enable the integration. Both steps from Server and DB side need to be performed.

    Jul 17, 2020 12:44
    1. Olha Horbachuk

      Hello Priya Balakrishnan , thanks for letting us know. The section has been updated.



      Sep 09, 2020 04:24
      1. Emrah Ozbekar

        For the same section, please also mention the full path of set_env.bat file. If you search filesystem, there are more than one file with the same name. I believe it should be as follows: set_env.bat : \DWP\tenant-config\scripts\win : /DWP/tenant-config/scripts/linux

        Oct 15, 2020 10:19
  2. Stefan Hall

    the sample file should be revised urgently. Especially the part "excluded-urlpattern" contains practically the complete midtier logic and obviously has nothing to do with DWP.

    Oct 19, 2020 06:53
    1. Olha Horbachuk

      Hi Stefan Hall, good catch!

      The path to the file has been added, and the pattern name has been updated. For the content of the properties file, we are working on it. 



      Oct 23, 2020 06:39
      1. Olha Horbachuk

        Please contact BMC Support for the content of the properties file

        Nov 16, 2020 02:08
  3. Stefan Hall

    BTW "excluded-urlpattern" is also wrong, it must be "excluded-url-pattern".

    Oct 19, 2020 07:25
  4. Ariel Manka

    Do RSSO files get upgraded automatically when DWP is upgraded from 19.08 to 20.02? If not, what are the steps to upgrade DWP-RSSO integration?

    Jan 19, 2021 11:35