This documentation supports the 18.05 version of Remedy Single Sign-On.

To view the latest version, select the version from the Product version menu.

18.05 enhancements

This section contains information about enhancements in Remedy Single Sign-On (Remedy SSO) version 18.05.



Upgrade to Java 8 and decommissioning of Java 7

Remedy SSO has been migrated to Java 8. As newer frameworks support only Java 8, Java 7 is decommissioned from this release. The Remedy SSO installer will work only with Java 8.

For more information, see System requirements.

Action Support feature

Remedy SSO supports execution of some specific actions on behalf of the integrated applications. For example, you can change your passwords to access integrated application from Remedy SSO by using the action support feature. Note that changing the password is the only action currently supported by this feature. As client applications interact with Remedy SSO through the Remedy SSO agent, the agent can use the action support feature.

For more information, see Support for server side actions.

SAML encrypted assertion

Remedy SSO supports encryption of SAML assertions received from an identity provider. This feature enables the Remedy SSO implementation to follow the security policies of customer organizations. The SAML assertions can be encrypted by entering the details for the encryption key alias while configuring the Remedy SSO server.

For more information, see Remedy SSO server general configuration. For information specific to decrypting SAML assertions, see Security planning.

Automatic update of identity provider's global signing key rollovers

Remedy SSO can automatically update the new signing keys of the identity provider. There is a rollover of signing keys at the identity provider end. When Azure Active Directory is used as an identity provider, such rollovers are more frequent.

To enable Remedy SSO to automatically track the rollovers, ensure that you enter the URL for the new signing key for the Federation metadata URL parameter.

For more information, see Configuring Remedy SSO to authenticate users with SAMLv2.

Upgrade of service provider metadata template

When you configure Remedy SSO for SAML authentication, you can edit the provided service provider metadata template. You are now required to upgrade the template with the details provided for the SP Metadata Template parameter in Configuring Remedy SSO to authenticate users with SAMLv2.

Duplicating realm ID

You cannot create two IDs with the same name even if they are in different cases. For example, Company and company.

Updates to security planning

Though content transmitted over an SSL/TLS channel guarantees confidentiality, administrators must ensure that caching of sensitive content is disabled.

To ensure that sensitive content is protected, BMC recommends that you configure the headers in Tomcat. For more information, see Configuring Tomcat security headers in Security planning.

Digital Service Management

Digital Service Management serves as a centralized location for users to access the BMC applications. As a Remedy SSO administrator, you can add applications to be displayed on the Digital Service Management page. You can also add applications that are not integrated with Remedy SSO.

For more information, see Digital Service Management and Adding applications to the Digital Service Management page.

Invalidate user session

Remedy SSO provides an option to the administrator to invalidate the session of a user. An administrator must invalidate the session when the maximum time set for that session elapses. For example, if a maximum session time has been set for a user for a longer period (for example, several months) and the user has left the organization before that. In the case of OAuth, the session token may have been alive for a longer time and hence session invalidation may be needed.

For more information, see Invalidating end user sessions.

REST API endpoints

Remedy SSO provides REST API endpoints that users can use to interact with Remedy SSO. Users can use the REST API endpoints to perform certain Remedy SSO operations that can be controlled from the outside for managing end-user sessions such as creating, updating and deleting local users, and updating realms.

For more information, see Developing - REST API endpoints.

Changes to integration with SmartIT and Digital Workplace

Starting with version 18.05, the Remedy SSO installer does not support automatic integration of Remedy SSO with Smart IT and Digital Workplace, since the installers for Smart IT and Digital Workplace are separate. Remedy SSO Agent is bundled with Smart IT and Digital Workplace and should be manually enabled.

For more information, see Integrating Remedy SSO with Smart IT and Integrating Remedy SSO with BMC Digital Workplace.

Bypass for SAML reauth requests

Remedy SSO now provides a setting to indicate that SAML must not be used for reauthentication requests in an authentication chain.

For more information, see Configuring Remedy SSO to authenticate users with SAMLv2.

Structural changes to documentation

Certain topics in the following sections reflect structural changes in terms of presenting content:

What's changed in this release

EnhancementProduct behavior in versions earlier than 18.05Product behavior in version 18.05

Changes to integration with SmartIT and Digital Workplace

The Remedy SSO installer supported automatic integration of Remedy SSO with Smart IT and Digital Workplace and you could select the Integrate Smart IT and Digital Workplace option.

The installers for Smart IT and Digital Workplace are now separate. You must manually integrate Remedy SSO with Smart IT and Digital Workplace.

For more information, see Integrating Remedy SSO with Smart IT and Integrating Remedy SSO with BMC Digital Workplace.

Was this page helpful? Yes No Submitting... Thank you

Comments