Unsupported content

 

This version of the product is in limited support. However, the documentation is available for your convenience. You will not be able to leave comments.

Configuring after installation

When you install the Remedy Single Sign-On server, the database password is encrypted with a hard coded key.

Best practice

For security reasons, we recommend that you re-encrypt the database password with a new key after you perform a fresh installation of Remedy SSO. If you have Remedy SSO in high availability mode, you must re-encrypt the password with a new encryption key on each Remedy SSO server node.

Related topic

To re-encrypt the database password for Remedy SSO 

Perform the following steps to re-encrypt the database password:

  1. From the command line on Remedy SSO, run the following command to re-encrypt the password for the database user:

    java -jar rsso-ds-<RSSO_version>.jar <password> <new-key>

    The following table describes the parameters of the command:

    ParameterDescription
    passwordEnter the unencrypted password of the database user.
    new-keyEnter a new encryption key. It can be any text value.
    rsso-ds-<RSSO_version>.jarThis file is located in the <tomcat>/webapps/rsso/WEB-INF/lib folder.
  2. For each server a Remedy SSO cluster, perform the following steps:
    1. Modify the rsso.key file in the <tomcat>/webapps/rsso/WEB-INF/classes folder.
      1. Change the existing line key=<old-key> to key.old=<old-key>, where <old-key> is the current key in the rsso.key file.
      2. Add a new line key=<new-key>, where <new-key> is the new encryption key.
    2. In the context.xml file in the <tomcat>/webapps/rsso/META-INF folder, update the password line as follows:
      password="AES:<encrypted-password>", where <encrypted-password> is the encrypted password.
  3. Verify that Remedy SSO works correctly with the newly encrypted password:   
    1. Log in to Remedy SSO Admin Сonsole.
    2. On the General tab, click Save without making any change. 
    3. Click the Realm tab.
    4. Edit each realm, and click Save without making any change.
  4. After you have verified that you can successfully save changes in Remedy SSO Admin Сonsole, you can remove the old key.  

    For each Remedy SSO server, remove the key.old=<old-key> encryption key from the rsso.key file in the <tomcat>/webapps/rsso/WEB-INF/classes folder.

    Important

    You do not need to restart the Remedy SSO server after you change the encryption key.

Where to go from here

When you have installed and configured the Remedy SSO server, you must integrate Remedy SSO with applications for which you want to enable single sign-on experience. For information about how to integrate Remedy SSO with other applications, see Integrating.

Was this page helpful? Yes No Submitting... Thank you

Comments