This documentation supports the 18.02 version of Remedy Single Sign-On.

To view the latest version, select the version from the Product version menu.

Troubleshooting log on and log off issues

Log on and log off issues can occur (or appear to occur) associated with URL re-direct and normal Identity Provider (IdP) behavior.

Automatic IdP logon behavior

With SAMLv2 authentication configurations, an automatic logon can occur after you have terminated your single sign-on session. This behavior gives the impression that the user was not logged out.

In SAMLv2 configurations, the IdP caches authentication information within the browser. This information allows the IdP to automatically reauthenticate a user without the user re-entering their credentials.

The effect is that when a user logs off of a SAMLv2 system, a browser refresh can automatically log the user back on to the system.

For example, a user has two browser windows (or tabs) open; one with BMC Remedy Mid Tier and the other with BMC Digital Workplace. If the user logs off from both BMC Remedy Mid Tier and BMC Digital Workplace, the single sign-on session is terminated. If the user just closes the window of BMC Remedy Mid Tier, accesses the BMC Digital Workplace window, and refreshes the browser, then the browser performs the action as though the user is still logged on to the system. What transpired was that a new single sign-on session was created automatically for the user (due to the auto-logon of the IdP).

Workaround: For this type of system, to ensure that the user is permanently logged off, close all browser windows and tabs.

Tomcat 7 and Java 8 incompatibility issue

During log on, if you see the error 'The type java.util.Map$Entry cannot be resolved', it is a Tomcat 7 and Java 8 incompatibility issue. Some old Tomcat 7 versions (7.0.33 or previous) use the old ecj.jar, which causes issues while compiling codes on Java 8.

Workaround: Use Java Runtime Environment (JRE) 7 for Tomcat 7 or use the latest version of Tomcat 7 (or a version that is at least later than 7.0.50).

Internet Explorer 8 or earlier does not support Remedy SSO Admin User Interface

When you access the Remedy SSO Admin UI using Internet Explorer 8 or earlier, the browser displays a blank page with some Javascript errors. This is because Remedy SSO uses AngularJS, which does not support IE8 or previous IE versions.

Workaround: Open Remedy SSO by using Internet Explorer 9 or later or use other browsers such as Chrome or Firefox.

Redirection loop on Remedy SSO log on

When Remedy SSO is configured for SAML authentication and while accessing a BMC application for the first time, the user may encounter a redirection loop error.

Workaround: The following table provides the steps for resolving the error.

S.No.StepWorkaround
1.

Check the following three instances of the application URL host part.

Confirm if the user accesses the application URL using the full qualified hostname, and make sure that the application hostname is in the domain name which is specified in Remedy SSO Admin UI (General >Basic >Cookie Domain).

If the step does not resolve the error, go to the next step.

2.

Check the contents of WEB-INF/classes/rsso-agent.properties file.

Ensure that the value of 'sso-service-url' property is the URL of Remedy SSO server and whether it is accessible from the application server node (i.e. where agent is deployed).

  • If agent only communicates with a single Remedy SSO Server, ensure that the value is simply a URL. In this case, the value can NOT be in the format <domain>:<URL>.
  • You can use curl to test network connectivity from application server node to Remedy SSO server URL.

If the step does not resolve the error, go to the next step.

3.

Look into the RSSO agent log file, reproduce the issue, and check if you see some new logs. For example:

"java.lang.IllegalArgumentException: 
Argument is a null: 'cookieName'"

If you see such a log but have no problem in connecting from application server node to Remedy SSO server URL using curl, it is probably a proxy issue of Tomcat on application server node.

Go to the next step.

4.Check if any proxy is enabled on tomcat for outgoing network connection.
  1. Check tomcat/bin/setenv.sh, or other tomcat scripts used during startup. For example, catalina.sh, or tomcat service configuration for proxy options.

  2. If proxy is enabled, ensure that the Remedy SSO server hostname is added to http.nonProxyHosts configuration.

5.

Check if the Remedy SSO server is under https and the integrated application is under http.

Clear the "Enable secure cookie" option or secure the integrated application by https.

Related topics

Orientation 

Was this page helpful? Yes No Submitting... Thank you

Comments