This documentation supports the 18.05 version of Remedy Single Sign-On.

To view the latest version, select the version from the Product version menu.

Integrating Remedy SSO with Smart IT

Remedy Single Sign-On (Remedy SSO) is an authentication system for a multi software environment that enables users to present credentials for authentication only once. After Remedy SSO authenticates the users, they can gain access to any other application with automatic authentication without providing the credentials again.

Remedy SSO supports the following authentication methods:

  • BMC Remedy AR System Server
  • SAMLv2
  • LDAP
  • Kerberos (Starting from version 9.1.01)
  • Certificate-based (Starting from version 9.1.01)
  • Remedy SSO authentication or Local authentication (Starting from version 9.1.02)
  • OAuth 2.0 (Starting from version 9.1.04)
  • OpenID Connect (Starting from version 9.1.04)

Based on the organization’s requirement, you can configure any of the authentication methods to authenticate the users for various BMC applications.

As an administrator, you can integrate Remedy SSO with Smart IT. After the integration, you can configure the required protocol for authentication. BMC does not support the Kerberos authentication for mobile apps, but you can configure the Kerberos authentication for web apps.

Remedy Single Sign-On authentication applies to both the universal client and to mobile applications. When a user logs in to on a mobile device, the user is prompted to enter the host name and port. If the server has SSO enabled, the mobile client opens a browser to the SSO login page. The SSO server sets the SSO cookies after authentication on to the device browser. When the user relaunches the application, if the cookies are not expired, the mobile client displays the application. If the cookies are expired, the user is shown the login page again for authentication.

Note

If you are integrating BMC Remedy SSO with Smart IT, then Remedy AR System integration with Remedy SSO is mandatory. For more information, see

Error rendering macro 'link-window'

[com.ctc.wstx.exc.WstxLazyException] Duplicate attribute 'remedy'. at [row,col {unknown-source}]: [4,129]

.

Before you begin

  • Install Remedy Single Sign-On and configure realms.
  • Install Remedy with Smart IT.
  • The Remedy SSO servers and the Smart IT server require the same domain. Otherwise, deploying the Remedy Single Sign-On agent does not work.

To integrate Remedy SSO with Smart IT

  1. Connect to database:

    In Oracle DB,

    • Enter Username: system and enter password.
    • Connect to:

      Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production
      With the Partitioning, OLAP, Data Mining and Real Application Testing options

      SQL> update SMARTIT_SYSTEM.TENANT set SAML_AUTHENTICATION=1;
      1 row updated.
      Note: Please commit after update
      SQL> commit;

      In SQL DB,

      update SmartIT.SmartIT_System.TENANT set SAML_AUTHENTICATION=1;
  2. Install new Remedy SSO server.
  3. Integrate the new Remedy SSO server with the AR server.
    If Remedy SSO server is already upgraded and integrated with Remedy AR Server, skip steps 2 and 3.
  4. In Smart IT, stop the Tomcat service.
  5. Copy the following properties files from installer/Disk1/files/rsso-agent/ into tomcat/external-conf folder:
    1. rsso-agent.properties - modify this file manually to point to correct and new Remedy SSO server that is compatible with the sso sdk.

    2. sso-sdk.properties.

      If you have integration with BMC Digital Workplace Catalog, you need to set ignore-tenant=true.

      Note

      The configuration in rsso-agent.properties is similar to Mid Tier integration, except logout-urls=/atssologout.html in rsso-agent.properties.

      The value of the agent-id property in rsso-agent.properties file should be a unique identifier, but should be same on all nodes in a Smart IT cluster. It is recommended that you set its value to a simple identifier instead of a HTTP URL. For example, agent-id=smartit_agent.

      For more information, see Configuring Remedy SSO agent in the Remedy SSO online documentation.

  6. Restart the Tomcat service.
  7. Login to the Remedy SSO admin console and setup the AR authentication pointing to the AR server, which is already integrated with Remedy SSO:

    Setup-1:


    Setup-2:

To enable single sign-on integration on the SmartIT database table

Make sure single sign-on integration is enabled on SmartIT database table. To enable the integration, go to the SmartIT database table SmartIT.SmartIT_System_SmartIT.TENANT and make sure that the value of the SAML_AUTHENTICATION column is True(1).

Troubleshooting information

You need to check smartit.log, rsso.0.log, and rsso-agent.0.log for any error. You can find the Tomcat log in the following folder: Tomcat<version>\logs>.

If the integration is successful, then if you hit the URL, it should redirect you to the Remedy SSO login screen.

Related topics

Orientation

Troubleshooting integration issues


Was this page helpful? Yes No Submitting... Thank you

Comments