Remedy SSO server general configuration
After the installation of Remedy Single Sign-On (Remedy SSO), you must set the general configurations. You can also export and import the configurations, when you want to backup and restore the configuration settings.
This topic details the configurations for general settings, export, import, and viewing of the session details for Remedy SSO.
In addition, you can use the topic to set certain configurations related to SAML authentication such as including a signing certificate for signing a SAML request. You can also configure Remedy SSO to decrypt the encrypted assertions in SAML responses. For more information about creating the signing certificate and encryption key for SAML assertions, refer Setting SP signing certificate for SAML authentication.
Before you begin
You must have installed Remedy SSO.
To set the general configurations
- Log in to the Remedy SSO console as an Admin user.
- Click General.
- On the Basic tab, enter the basic server details. For more information about the basic server details, see Basic parameters.
- On the left navigation panel, click the Advanced tab and enter the advanced details. (Optional) Enter the SAML service provider details only if you are configuring Remedy SSO for SAML authentication. For more information about the advanced server details, see Advanced parameters.
- Click Save.
The value that controls the cookie visibility between servers within the domain. The default cookie domain value is the network domain of the computer on which you are installing the Remedy SSO server. The default cookie domain specifies the most restrictive access.
The cookie domain value must be the same for all integrated applications and Remedy SSO server.
The cookie domain value must contain a dot (".").
Ensure that the value is correct as a wrong value can cause a redirection loop.
For example, in case your ITSM and MyIT applications are available on itsm.yourcompany.com and myit.yourcompany.com and Remedy SSO is on sso., then the cookie domain must be set to .
Installing Remedy SSO on another domain like your company.internal and setting the cookie domain to yourcompany.com or your company.internal causes a redirection loop as the cookie cannot be set across different domains.
Max Session Time
The time after which the user session expires. When this value is selected, time constraints are automatically enforced. The default is 24 hours.
The value for maximum session time is usually 4, 8, or 12 hours.
Ensure that the maximum session time is more than the time that you configure for session token validation on an agent.
Server Log Level
The level or severity of logging messages.
Using the DEBUG level affects the server performance.
The cookie name is automatically created at installation and is based on the timestamp. The timestamp is the time of creation of the database during Remedy SSO installation.
|9.0.01 and later|
|Enable Secured Cookie|
The option to enable secured cookie. If this option is selected then all applications must also run on HTTPS and the application servers must be accessed through https only. Otherwise, it causes a redirection loop.
|9.0.01 and later|
|Service URL||Remedy SSO generates a token and inserts this URL into the token to provide information about the location of the Remedy SSO server. This is an optional configuration as Remedy SSO server location can also be specified in the configuration files of Remedy SSO Agent and AREA plugin.||9.1.01 and later|
|SAML Service Provider|
|SP Entity ID||The entity ID of the service provider (SP). You can specify any value for SP Entity ID, for example rsso_sp_hostname. Remedy SSO server name is used as SP identifier in Relying Party Trust configured on IdP side.||9.1.01 and later|
The external URL of the service provider, that is, the URL for Remedy SSO server.
Note: The URL must be HTTPS only.
|9.1.01 and later|
The keystore file path on the Remedy SSO server file system that includes the keystore file name. The keystore file contains all the required certificates. If you are using PKCS12 keystores file, the file extension must be .p12.
If the keystore file is available in the tomcat/rsso/webapp/WEB-INF/classes folder, the value of this field can be the name of the keystore file, where tomcat is the Tomcat path. Otherwise, use the absolute file path.
|9.1.01 and later|
|Keystore Password||The keystore file password. The keypair and keystore passwords must be the same.||9.1.01 and later|
Signing Key Alias
|The alias name of the signing key in the keystore file.||9.1.01 and later|
Encryption Key Alias
The alias name of the encryption key used to decrypt the SAML assertions from the identity provider. The metadata of this encryption key is imported into the IdP.
For information related to decrypting SAML assertions, see Security planning.
|18.05 and later|
Importing and exporting Remedy SSO configurations
You can import or export the configuration settings of Remedy SSO.
Before you begin
Import and export flow is designed to work across same versions of Remedy SSO. Before starting the import and export procedure, make sure that versions of source and target RSSO servers are the same.
To export Remedy SSO configuration
You can export the server configuration details and the templates. In most browsers, a file is downloaded to your local machine automatically. But in Safari, a new browser with the exported configuration is opened. You can copy and save the content.
- On the Admin menu, click Export.
To import Remedy SSO configuration
You can import configuration of the same Remedy SSO version only. Importing configuration overrides all the previous configurations.
- On the Admin menu, click Import.
- Select the required file.
- Click Import.
With respect to Local Users and Groups Management, exporting configurations does not affect local users and groups, though importing overrides them. For example, first you create realm A and export the server configuration details. Secondly, you create realm B and local users and groups for realm B. Then you import the previously exported configuration which has only realm A. Now all the users and groups associated with realm B are overridden, though they still exist in the database. To resolve the issue, create realm B again manually.
Hence while exporting or importing configurations, you must ensure consistency between the realm, local users, and groups.
To view session details
In the Search field, enter the user or realm ID for which you want to view the session details.
The system displays the following information.
Field Description User ID User ID associated with the session. Realm Realm ID associated with the session. Time Remaining Time remaining for the session. Maximum Session Time Time that was associated for the session.
- (Optional) To invalidate/kill a user session, click Delete in the Action column, for the required session.