Configuring after installation
When you install the Remedy Single Sign-On server, the database password is encrypted with a hard coded key.
Best practice
To re-encrypt the database password for Remedy SSO
Perform the following steps to re-encrypt the database password:
From the command line on Remedy SSO, run the following command to re-encrypt the password for the database user:
java -jar rsso-ds-<RSSO_version>.jar <password> <new-key>
The following table describes the parameters of the command:
Parameter Description password
Enter the unencrypted password of the database user. new-key
Enter a new encryption key. It can be any text value. rsso-ds-<RSSO_version>.jar
This file is located in the <tomcat>/webapps/rsso/WEB-INF/lib folder. - For each server a Remedy SSO cluster, perform the following steps:
- Modify the rsso.key file in the <tomcat>/webapps/rsso/WEB-INF/classes folder.
- Change the existing line key=<old-key> to key.old=<old-key>, where <old-key> is the current key in the rsso.key file.
- Add a new line key=<new-key>, where <new-key> is the new encryption key.
- In the context.xml file in the <tomcat>/webapps/rsso/META-INF folder, update the password line as follows:
password="AES:<encrypted-password>", where <encrypted-password> is the encrypted password.
- Modify the rsso.key file in the <tomcat>/webapps/rsso/WEB-INF/classes folder.
- Verify that Remedy SSO works correctly with the newly encrypted password:
- Log in to Remedy SSO Admin Сonsole.
- On the General tab, click Save without making any change.
- Click the Realm tab.
- Edit each realm, and click Save without making any change.
After you have verified that you can successfully save changes in Remedy SSO Admin Сonsole, you can remove the old key.
For each Remedy SSO server, remove the key.old=<old-key> encryption key from the rsso.key file in the <tomcat>/webapps/rsso/WEB-INF/classes folder.
Important
You do not need to restart the Remedy SSO server after you change the encryption key.
Where to go from here
When you have installed and configured the Remedy SSO server, you must integrate Remedy SSO with applications for which you want to enable single sign-on experience. For information about how to integrate Remedy SSO with other applications, see Integrating.
Comments
Log in or register to comment.