This documentation supports the 18.11 version of Remedy Single Sign-On.

To view the latest version, select the version from the Product version menu.

Enabling cross launch for applications integrated with different Remedy SSO servers

You can enable single sign-on during cross launch to an application integrated with an Remedy Single Sign-On server from another application integrated with a different Remedy SSO server. Both applications must be deployed on two different Remedy SSO servers in two different domains.

Single Sign-on cross launch overview

The following table describes the cross launch components and their role:

ComponentRole
Originating applicationThe application that performs the target application cross launch.
Originating domainThe domain where the originating application is deployed.

Originating Remedy SSO server

The Remedy SSO server integrated with the originating application.

Target applicationThe application that is cross launched by the originating application.
Target domainThe domain where the target application is deployed.

Target Remedy SSO

The Remedy SSO server integrated with the target application.

A trust relationship is required between the originating and target Remedy SSO servers to support single sign-on between the two applications that are integrated with two different Remedy SSO servers as shown in the following image. 


The target server relies on the JWT public certificate to validate the incoming cross launch request from the originating application. 

Before you begin

Ensure that the following component prerequisites are met:

ComponentsPrerequisites
Originating application
  • Must be located in a different domain than the target application
  • Must be able to construct a URL in the following format to cross launch:
    <protocol>:<target_rsso_host>:<target_rsso_port>/rsso/cross-sso?goto=<target_app_url>#jwt=<jwt>
  • Iframe must be available to allow the originating application to open the target application

Originating Remedy SSO server

The originating Remedy SSO server on which an originating application is deployed must be configured for any of the supported authentication mechanisms:

  • AR
  • SAML 2.0
  • LDAP
  • Kerberos 
  • Certificate-based 
  • Local
  • OpenID Connect
  • Pre-authentication
Target application

Must be located in a domain that is different from the domain of the originating application.

Target Remedy SSO server

  • Must be configured only for the PREAUTH authentication type
  • The public certificate must be applicable to the target Remedy SSO server
    Note: This public certificate must be configured manually.

Process for enabling single sign-on for cross launching

The following table explains the process of enabling single sign-on for cross launch.

TaskReference

Configuring an application on the originating Remedy SSO server.

Configuring Remedy SSO for authentication

Configuring an application on the target Remedy SSO server.

Configuring the pre-authentication mechanism

Test cross launching to the application on the target Remedy SSO server

To access a target application, click on a link in an originating application. You will be redirected to the target application without a request to log in to the target server.  

Was this page helpful? Yes No Submitting... Thank you

Comments