This documentation supports the 22.1 version of BMC Helix Single Sign-On, which is available only to BMC Helix customers (SaaS). 

To view an earlier version, select the version from the Product version menu.

Troubleshooting common errors and issues

The following table describes errors and issues that you may encounter with BMC Helix Single Sign-On. 

IssueDescriptionWorkaround

Problem with handshake while using an HTTPS connection

The certificate on the BMC Helix SSO is a self-signed certificate or is signed by a trustworthy CA.


  1. Check that the BMC Helix SSO server certificate is valid.

  2. If you have a self-signed certificate, make sure that you have imported it to the Java truststore.

BMC Helix SSO server does not start

Configuration issue during start up

Check the catalina.log (located in CATALINA_HOME/logs) for any issues related to the BMC Helix SSO web application.

Check the rsso.log file (located in CATALINA_HOME/logs) for exceptions related to the database connectivity (for example, the JDBC URL or the database user login and password).

Check the rsso.log file for the exceptions related to the marshalling of the configuration data.
Note: Marshalling refers to automatic creation of the Java objects from the XML source using the JAXB approach.

Server exception (stack trace) includes a reference to the com.bmc.arsys.api.session

Configuration issue with Remedy Mid Tier authenticator

Verify the BMC Remedy Mid Tier authenticator configuration file to define the BMC Helix SSO authentication plugin. 

For more information, see Manually integrating Helix SSO with BMC applications.

623 AR Error

BMC Helix SSO AREA plugin configuration issue

Check the following:

General AREA configuration

Configuration of the plugin server (RSSO-related info is commented)

Corresponding property points to the BMC Helix SSO base URL in the rsso.cfg file.

For more information, see Manually integrating Helix SSO with BMC applications.

In HA mode, the server throws an exception. The stack trace includes a reference to com.bmc.rsso.sdk.token.CookieTokenManager.

BMC Helix SSO agent cannot connect to the BMC Helix SSO server to obtain a piece of configuration.

Verify the load balancer settings about the HTTP redirection (3xx status after agent request is unwanted).

Correct the BMC Helix SSO server URL in the agent connection.For more information, see Manually integrating Helix SSO with BMC applications.

When using SAML-based IdP, a server exception with the text, "Failed to validate … condition," is displayed in the stacktrace.

Note: Stracktrace refers to the diagnostic information in the log file that indicates which Java stack was used when the exception was raised.

The times on the BMC Helix SSO server and IdP server are out of sync.

Synchronize the time across the servers.

When using LDAP-based IdP, the following error is recorded in the BMC Helix SSO logs:

SEVERE [LDAP: error code 4 - Sizelimit Exceeded] 

The maximum number of entries that the LDAP server can process in one call is less than the number of user entries the BMC Helix SSO server requests in a single call.

To extend the default limit of 2000 of entries, increase the Page Size value for LDAP authentication. For more information about how to do this, see Configuring LDAP authentication.

BMC Helix SSO logs do not include diagnostic information.

Log records with the levels of TRACE and DEBUG are filtered by the Logging level setting.

Check the logging level in the BMC Helix SSO Admin Console.For more information, see Configuring server settings for BMC Remedy SSOCheck the log configuration file (RSSOInstallFolder/WEB-INF/classes/ log4j.properties).

Was this page helpful? Yes No Submitting... Thank you

Comments