×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')

Unsupported content

 

This version of the product is in limited support. However, the documentation is available for your convenience. You will not be able to leave comments.
Remedy Single Sign-On 18.08 Administering

Remedy SSO server general configuration

After the installation of Remedy Single Sign-On (Remedy SSO), review and update the general configuration settings. If you want, you can export the configuration settings to back them up. Use import to restore the configuration settings if needed.

In the general configurations, you also set some SAML authentication settings such as including a certificate for signing a SAML request. You can configure Remedy SSO to decrypt the encrypted assertions in SAML responses. For more information about creating the signing certificate and encryption key for SAML assertions, refer Setting SP signing certificate for SAML authentication.

Before you begin

You must have installed Remedy SSO.

To update the general configuration settings

  1. Log in to the Remedy SSO Admin console as an administrator.
  2. Click General.

  3. On the Basic tab, enter the basic server details.

    FieldDescription
    Cookie

    Cookie Domain

    The value that controls the cookie visibility between servers within the domain. The default cookie domain value is the network domain of the computer on which you are installing the Remedy SSO server. The default cookie domain specifies the most restrictive access.

    The cookie domain value must be the same for all integrated applications and Remedy SSO server.

    Note: The cookie domain value must contain a dot (".").

    Ensure that the value is correct as a wrong value can cause a redirection loop.

    For example, in case your ITSM and MyIT applications are available on itsm.yourcompany.com and myit.yourcompany.com and Remedy SSO is on sso.yourcompany.com, then the cookie domain must be set to yourcompany.com.

    Installing Remedy SSO on another domain like your company.internal and setting the cookie domain to yourcompany.com or your company.internal causes a redirection loop as the cookie cannot be set across different domains.

    Session Settings

    Max Session Time

    The time after which the user session expires. When this value is selected, time constraints are automatically enforced.

    The default value is 24 hours.

    Ensure that the maximum session time is more than the time that you configure for session token validation on an agent.

    Max Admin Session Time

    The time after which the admin session expires. When this value is selected, time constraints are automatically enforced. The default is 1 hour.

    The minimum value is 1 minute and the maximum value is 1 year.

    Admin Lockout Threshold

    The number of incorrect password attempts by an RSSO administrator account before the account gets locked out. 

    (From version 18.08) If the administrator enters an incorrect password, you can set the value in this field to make sure that after those many attempts, the administrator account gets locked out.

    The default value is 0, which indicates that the account lockout functionality is disabled.

    Log

    Server Log Level

    The level or severity of logging messages.

    Using the DEBUG level affects the server performance.

  4. On the left navigation panel, click the Advanced tab and enter the advanced details.

    FieldDescription
    Cookie

    Cookie Name

    The cookie name is automatically created at installation and is based on the timestamp. The timestamp is the time of creation of the database during Remedy SSO installation.

    Enable Secured Cookie

    The option to enable secured cookie. If this option is selected then all applications must also run on HTTPS and the application servers must be accessed through https only. Otherwise, it causes a redirection loop.

    Back Channel
    Service URLRemedy SSO generates a token and inserts this URL into the token to provide information about the location of the Remedy SSO server. This is an optional configuration as Remedy SSO server location can also be specified in the configuration files of Remedy SSO Agent and AREA plugin.
    SAML Service Provider (Optional) Enter these details only if you are configuring Remedy SSO for SAML authentication.
    SP Entity IDThe entity ID of the service provider (SP). You can specify any value for SP Entity ID, for example rsso_sp_hostname. Remedy SSO server name is used as SP identifier in Relying Party Trust configured on IdP side.
    External URLThe external URL of the service provider, that is, the URL for Remedy SSO server. Note: The URL must be HTTPS only
    Keystore File

    The keystore file path on the Remedy SSO server file system that includes the keystore file name. The keystore file contains all the required certificates. If you are using PKCS12 keystores file, the file extension must be .p12.

    If the keystore file is available in the tomcat/rsso/webapp/WEB-INF/classes folder, the value of this field can be the name of the keystore file, where tomcat is the Tomcat path. Otherwise, use the absolute file path.

    Keystore PasswordThe keystore file password. The keypair and keystore passwords must be the same.

    Signing Key Alias

    		The alias name of the signing key in the keystore file.

    Encryption Key Alias

    The alias name of the encryption key used to decrypt the SAML assertions from the identity provider. The metadata of this encryption key is imported into the IdP.

    For information related to decrypting SAML assertions, see Security planning.

  5. Click Save.

To export Remedy SSO configuration

You can export the server configuration details and the templates.

  1. Log in to the Remedy SSO Admin console.
  2. On the Admin menu, click Export.

In most browsers, a file is downloaded to your local machine automatically. But in Safari, a new browser with the exported configuration is opened. You can copy and save the content.

To import Remedy SSO configuration

Important!

Import and export flow is designed to work across same versions of Remedy SSO. Before starting the import procedure, make sure that versions of source and target  RSSO servers are the same. 

You can import configuration settings of the same Remedy SSO version only. Importing configuration overrides all previous configuration settings.

  1. Log in to the Remedy SSO Admin console.
  2. On the Admin menu, click Import.
  3. Select the required file.
  4. Click Import.

Warning

Importing local users and groups overrides them. For example, first you create realm A and export the server configuration details. Next, you create realm B and create local users and groups for realm B. Then you import realm A configuration settings. Now, all users and groups associated with realm B are overridden, although they still exist in the database. To resolve the issue, you must create realm B again manually.

While exporting or importing configurations, ensure consistency between the realm and the local users and groups.

To view session details

  1. Log in to the Remedy SSO Admin console.

  2. Click the Session tab.

  3. In the Search field, enter the user or realm ID for which you want to view the session details.
    The system displays the following information.

    FieldDescription
    User IDUser ID associated with the session.
    RealmRealm ID associated with the session.
    Time RemainingTime remaining for the session.
    Maximum Session TimeTime that was associated for the session.
  4. (Optional) To invalidate/kill a user session, click Delete in the Action column, for the required session.

Related videos

Click the image to view the video.

Related topic

Configuring realms

Invalidating end user sessions

Was this page helpful? Yes No Submitting... Thank you
Last modified by Olga Kutetska on Apr 25, 2019
administering configuration 18_05_00 videos

Comments

Log in or register to comment.

Navigating the Remedy SSO Admin console
Configuring Remedy SSO agent
© Copyright 1991 – 2018 BMC Software, Inc.
© Copyright 1991 – 2018 BladeLogic, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.