×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')

Unsupported content

 

This version of the product is in limited support. However, the documentation is available for your convenience. You will not be able to leave comments.
Remedy Single Sign-On 18.11 Integrating

Manually integrating Remedy SSO with BMC applications

This topic provides the steps for manually integrating Remedy Single Sign-On (Remedy SSO) with BMC applications. You may need manual integration when you want to install Remedy SSO server and Remedy SSO agents on platforms that are not supported by the Remedy SSO installer. In addition, compared to the Remedy SSO installer, the manual integration steps are easier to execute in various automation/deployment scripts.

You can integrate Remedy SSO with the following BMC applications:

  • BMC Remedy AR System
  • BMC Remedy Mid Tier
  • BMC Innovation Suite
  • BMC SmartIT
  • BMC Digital Workplace
  • BMC Analytics
  • BMC TrueSight Presentation Server

The following sections provide the detailed information:

Prerequisites

Before setting up Remedy SSO, verify that the following prerequisites are met:

  • Installation of JRE version 1.8 and later is installed, and JRE_HOME variable is appropriately set.
  • Installation of Tomcat 7 or Tomcat 8.
  • Turn on the Tomcat auto-deployment feature or you should know how to deploy the war-files manually.

Setting up Remedy SSO

Installation of Remedy SSO comprises the following stages:

  1. Configure Remedy SSO web server
  2. Configure Remedy SSO web server with database

Integrate Remedy SSO with BMC applications

Perform the following processes to integrate Remedy SSO with BMC applications :

  • Integrate with BMC Remedy AR System Server
  • Integrate with BMC Remedy MidTier
  • Integrate with Innovation Suite
  • Integrate with BMC Analytics
  • Integrate with BMC TrueSight Presentation Server

The table below provides the steps to execute for each stage.

StageActionSteps
Remedy SSO manual installation
1.

Configure BMC Remedy SSO web server

  1. Install Tomcat 7.

  2. You must secure Tomcat before using it for Remedy SSO.
    To secure Tomcat, remove all directories from CATALINA_HOME/webapps except ROOT.

  3. Delete all content except the index page in the ROOT directory.

  4. Deploy rsso.war to <Tomcat>/webapps/rsso folder.
2.

Configure Remedy SSO web server with database

  1. Set up the database.
    For more information about setting up the database, see Manually installing Remedy SSO . 

  2. Go to the Remedy SSO Tomcat folder and stop Tomcat.

  3. Edit <Tomcat>/webapps/rsso/META-INF/context.xml and set the following parameters based on the values that you used for setting up the database:

    PropertyValue
    url

    Value of the jdbc URL to access the Remedy SSO database as follows:

    For MsSQL, use the following format:

    jdbc:sqlserver://
    <DBServerHostName>:<Port> ;
    instanceName= <instanceName> ;
    databaseName=<databaseName>
    Example, jdbc:sqlserver:
    //AMS3-SQ-DEV01:1433;
    instanceName=DEV01;
    databaseName=whthat_dev_ar

    For Oracle, use the following format:

    jdbc:oracle:thin:@[host]
    [:port]:SID

    Example, jdbc:oracle:thin:
    @localhost:1521:XE

    For PostgreSQL, use the following format:
    jdbc:postgresql://[host]:
    [port]/[database]

    Example, jdbc:postgresql:
    //localhost:5432/rsso

    usernameValue of the database user name.
    password

    Value of database user password with the following format.

    AES:{encrypted-password} where {encrypted-password} is the encrypted password.

    To generate an encrypted password:

    1. Open the command line window.

    2. Change the path to <TOMCAT_HOME>/rsso/WEB-INF/lib.

    3. Run the following command.

    java -jar rsso-ds-9.1.04.jar
    -cp <TOMCAT>
    /rsso/WEB-INF/classes
    <message-to-encrypt>

        Note: The name of this jar depends on the version number.

    driverClassName

    Value of the driver class name as follows:

    For MS SQL version 9.1.04, use:
    MsSql:     com.microsoft.sqlserver.
    jdbc.SQLServerDriver

    For MS SQL version 9.1 and earlier, use:
    MsSql: net.sourceforge.jtds.jdbc.Driver

    For Oracle, use:
    Oracle: oracle.jdbc.driver.OracleDriver

    For PostgreSQL, use:
    org.postgresql.Driver

  4. Copy the following jdbc driver libraries to the <tomcat>/lib folder:

    * sqljdbc4-4.0.jar

    * ojdbc6-11.2.0.2.0.jar

    * postgresql-9.4.1207.jre7.jar

  5. Restart Tomcat.
Remedy SSO manual integration with BMC applications

Integrate with BMC Remedy AR System Server

  1. Make sure the required AREA settings (<AR>/Conf/ar.cfg) are set up on the arserver (can be set from the Server Information form > EA tab).
    External-Authentication-RPC-Socket: 390695
    Authentication-Chaining-Mode: 1
    Crossref-Blank-Password: T
  2. Copy rsso.cfg from rsso-area-plugin into <AR>/Conf.
  3. In rsso.cfg, change the value of the following line to your Remedy SSO server service url:
    SSO-SERVICE-URL: <rsso_service_url>
  4. Copy rsso-area-plugin-all.jar file from rsso-area-plugin into <AR>/pluginsvr directory.
  5. Copy gson-2.3.1.jar and slf4j-api-1.7.25.jar from lib into <AR>/pluginsvr directory.
  6. Edit <AR>/pluginsvr/pluginsvr_config.xml and add RSSO AREA plug-in with the following snippet.
    Note: Must be within the <plugins> section of the file. Replace {AR} with corresponding path.  
    <plugin>
    <name>ARSYS.AREA.RSSO</name>
    <classname>com.bmc.rsso.
    plugin.area.RSSOPlugin</classname>
    <pathelement type="location">{AR}/pluginsvr/
    rsso-area-plugin-all.jar</pathelement>         <pathelement type="location">{AR}/pluginsvr/
    gson-2.3.1.jar</pathelement>
    <pathelement type="location">{AR}/pluginsvr/
    slf4j-api-1.7.25.jar</pathelement>
    <userDefined>
    <configFile>{AR}/Conf/rsso.cfg</configFile>
    </userDefined>
    </plugin>
  7. Restart BMC AR System Server.

Integrate with BMC Remedy MidTier

  1. Stop midtier/tomcat service.
  2. To configure the Authenticator:
    1. Edit the following lines in the config.properties file
      (<MT>/WEB-INF/classes)
      to use the RSSOAuthenticator:
      arsystem.authenticator=com.bmc.rsso.
      plugin.authenticator.RSSOAuthenticator
    2. Copy the rsso-authenticator-plugin-all.jar file from
      rsso-authenticator-plugin to the
      <MT>/WEB-INF/lib folder.
  3. To configure the Web Agent:
    1. Copy the rsso-agent-all.jar file from /rsso-agent to the
      <MT>/WEB-INF/lib folder.
    2. Copy and modify the following file to the
      <MT>/WEB-INF/classes folder: 
      /rsso-agent/rsso-agent.properties

      If Remedy SSO is in a cluster, both sso-external-url and sso-service-url should be a Load Balancer (LB) URL.
      For example, https://solqa-rsso.bmc.com/rsso and internal IP of LB should be mapped to the hostname in hosts file on midtier machine.
      If it is a standalone Remedy SSO, sso-external-url must be an https URL, for example, https://my-rsso.bmc.com/rsso and sso-service-url is recommended to be an http URL, for example, http://my-rsso.bmc.com/rsso. Note that sso-external-url is a public user-faced URL exposed for end-users for authentication. It is recommended to use https connection.


      Note:       The 'agent-id' property value in the rsso-agent.properties file should be a unique identifier, but should be same on all nodes in a Mid Tier cluster. It is recommended to set its value to a simple identifier instead of a HTTP URL. For example, agent-id=midtier_agent.
  4. Edit the <MT>/WEB-INF/web.xml file and add RSSO filter configuration.
    Note: Disable Atrium SSO filter if it exists in the web.xml file by commenting it.
    <filter>
    <filter-name>RSSOFilter</filter-name> <filter-class>com.bmc.rsso.agent.
    RSSOFilter</filter-class>     </filter> <filter-mapping> <filter-name>RSSOFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <listener>
    <listener-class>com.bmc.rsso.agent.
    RSSOListener</listener-class>         </listener>
  5. Copy the rsso-agent/rsso-log.cfg file to the
    <MT>/WEB-INF/classes folder.
  6. Copy the following files from the lib folder to the
    <MT>/WEB-INF/lib folder:
    • gson-2.3.1.jar
    • caffeine-2.6.2.jar
    • slf4j-api-1.7.25.jar
  7. Restart Midtier/Tomcat.

Integrate with Innovation Suite

  1. Stop the AR System server.
    %ISInstalledDirectory%/bin/arsystem stop

  2. Update %ISInstalledDirectory%/conf/ar.cfg.
      • Comment out the following plugins:

        # Server-Plugin-Alias:
        ARSYS.ARDBC.PENTAHO
        ARSYS.ARDBC.PENTAHO
        127.0.0.1:9999

        # Server-Plugin-Alias:
        ARSYS.ARF.ARMIGRATE
        ARSYS.ARF.ARMIGRATE
        127.0.0.1:9999

        # Server-Plugin-Alias:
        ARSYS.ARDBC.ARREPORTENGINE
        ARSYS.ARDBC.ARREPORTENGINE
        127.0.0.1:9999


      • Append the following lines:

        Server-Plugin-Alias: AREA
        AREA 127.0.0.1:9999
        Note - Provide the IP address
        where AR server is running

        External-Authentication-
        RPC-Socket: 390695

        Authentication-
        Chaining-Mode: 2

        Use-Password-File: T

        Crossref-Blank-Password: F

        Allow-Guest-Users: F

  3. Add the rsso.cfg file.
      • Locate file inside RSSO distributive. Distributive is the installer package downloaded from EPD.
        %RSSODistr%/BMCRemedySSO/Disk1/
        files/rsso-area-plugin/rsso.cfg
      • Define RSSO server url
        SSO-SERVICE-URL: http://%RSSOServerName%
        :%RSSOServerPort%/rsso
      • Copy modified file to the next location
        %ISInstalledDirectory%/conf
  4. Add rsso-agent.properties file.
            1. Locate the following file inside the Remedy SSO distributive.
              %RSSODistr%/BMCRemedySSO/Disk1/files
              /rsso-agent/rsso-agent.properties
            2. Define RSSO properties.

              agent-id=Gibraltar

              sso-external-url=
              http://%RSSOServerName%:
              %RSSOServerPort%/rsso

              sso-service-url=
              http://%RSSOServerName%:
              %RSSOServerPort%/rsso

              logout-urls=/api/rx/sso-logout

            3. Copy the modified file to the
              %ISInstalledDirectory%/conf folder

  5. Add the rsso-log.cfg file.
    1. Locate file inside RSSO distributive.
      %RSSODistr%/BMCRemedySSO/Disk1
      /files/rsso-agent/rsso-log.cfg
      Modify the contents of the rsso-log.cfg file.
      For example:
      rsso.log.name.format=rsso.%g.log
      rsso.log.level=INFO
      rsso.log.roll=10
      rsso.log.limit=10485760
      rsso.log.dir=/opt/bmc/ars/arsystem/db

    2. Copy the modified file to the next location
      %ISInstalledDirectory%/conf.

  6. Update the %ISInstalledDirectory%/pluginsvr
    /pluginsvr_config.xml     file.

    • Comment the following plugins:
      ARSYS.ARF.ATSSOCONFIRMPWD
      ARSYS.AREA.ATRIUMSSO

    • Add new plugin configuration

      <plugin>

      <name>ARSYS.AREA.RSSO</name>

      <classname>com.bmc.rsso.plugin.
      area.RSSOPlugin</classname>

      <pathelement type="location">
      %ISInstalledDirectory%/
      pluginsvr/rsso-area-plugin-all.jar
      </pathelement>

      <pathelement type="location">
      %ISInstalledDirectory%/
      pluginsvr/gson-2.3.1.jar
      </pathelement>

      <userDefined>

      <configFile>%ISInstalledDirectory%
      /conf/rsso.cfg
      </configFile>

      </userDefined>

      </plugin>

  7. Update the %ISInstalledDirectory%/bin/arserverd.conf file by adding the following line after JVM 1.7 parameters (line, starting with jvm.option.17).

    jvm.option.18=-Drsso.log.cfg.file=
    %ISInstalledDirectory%
    /conf/rsso-log.cfg

    Note: arserverd.conf may contain arbitrary number of jvm.option.xx lines initially. So, the general approach is to append the new one jvm.option.xx+1 with specified value after the last jvm.option.xx line.

  8. Copy the following JAR files:
    • rsso-area-plugin-all.jar from
      %RSSODistr%/BMCRemedySSO/Disk1/files/
      rsso-area-plugin/rsso-area-plugin-all.jar       to
      %ISInstalledDirectory%/pluginsvr
    • gson-2.3.1.jar from
      %RSSODistr%/BMCRemedySSO/Disk1/files
      /lib/gson-2.3.1.jar       to
      %ISInstalledDirectory%/pluginsvr
    • rsso-agent-osgi.jar from
      %RSSODistr%/BMCRemedySSO/Disk1/files
      /rsso-agent/rsso-agent-osgi.jar
      to %ISInstalledDirectory%/deploy
  9. Start the AR server.
    %ISInstalledDirectory%/bin/arsystem start
  10. Log in as tenant admin and verify/update authentication chaining mode (for every tenant).

Integrate with BMC Analytics

Before executing the following steps to configure Analytics for BMC Analytics for Single Sign-On, ensure that the prerequisites are met.

  1. Stop Analytics Tomcat service.
  2. Copy rsso-agent/rsso-agent-all.jar to
    <TOMCAT>/webapp/BI/WEB-INF/lib.
  3. Copy and modify following file into
    <TOMCAT>/webapp/BI/WEB-INF/classes:
    rsso-agent/rsso-agent.properties
    (Note: Configure 'logout-urls=/atssologout.html' in
    rsso-agent.properties)

    If Remedy SSO is in a cluster, both sso-external-url and sso-service-url should be a Load Balancer (LB) URL. For example, https://solqa-rsso.bmc.com/rsso and internal IP of LB should be mapped to the hostname in hosts file on midtier machine.
    If it is a standalone Remedy SSO, sso-external-url must be an https URL, for example, https://my-rsso.bmc.com/rsso and BMC recommends sso-service-url to be an http URL, for example, http://my-rsso.bmc.com/rsso .
    Note that sso-external-url is a public user-faced URL exposed for end-users for authentication. BMC recommends that you use an https connection.


    Note:     The 'agent-id' property value in rsso-agent.properties file should be a unique identifier, but should be same on all nodes in a MidTier cluster. It is recommended to set its value to a simple identifier instead of a HTTP URL. For example, agent-id=analytics_agent
  4. Copy the following jar files into
    <TOMCAT>/webapp/BI/WEB-INF/lib:

    * rsso-sdk/rsso-sdk-atsso.jar
    * rsso-sdk/rsso-client-impl.jar
    * lib/log4j*.jar
    * lib/slf4j*.jar
    * lib/gson-2.3.1.jar
    * lib/caffeine-2.6.2.jar

  5. Copy rsso-sdk/sso-sdk.properties into
    <TOMCAT>/webapp/BI/WEB-INF/classes.
  6. Delete the following BMC Atrium Single Sign-On JAR files in
    <TOMCAT>/webapp/BI/WEB-INF/lib:
    * atsso-common-<version>.jar
    * atsso-sdk-<version>.jar
    * atsso-webagent-<version>.jar
  7. Restart the Analytics Tomcat service.

Integrate with TrueSight Presentation Server




  1. Stop the TrueSight Presentation server.

  2. Place the Remedy RSSO filter into
    ${truesight.home}/modules/tomcat
    /conf/web.xml     as the first filter:

    <filter> <filter-name>RSSOFilter
    </filter-name> <filter-class>com.bmc.rsso.agent.
    RSSOFilter</filter-class> </filter> <filter-mapping> <filter-name>RSSOFilter
    </filter-name> <url-pattern>/*</url-pattern> </filter-mapping>

  3. Create the folder
    <TrueSightPServer>\truesightpserver\
    modules\tomcat\rsso_agent    .

  4. Copy the following files into the created folder:
    • rsso-agent-all.jar
    • gson-2.3.1.jar
    • rsso-agent.properties
    • caffeine-2.6.2.jar
  5. Delete rsso-agent.properties file from rsso-agent-all.jar.
  6. Open the file
    <TrueSightPServer>\truesightpserver
    \conf\services\csr.conf    .
  7. Add the following paths to classpath list:
    • ${truesight.home}/modules/tomcat/
      rsso_agent/rsso-agent-all.jar
    • ${truesight.home}/modules/tomcat/
      rsso_agent/gson-2.3.1.jar
    • ${truesight.home}/modules/tomcat/
      rsso_agent/
    • ${truesight.home}/modules/tomcat/
      rsso_agent/caffeine-2.6.2.jar
  8. Comment line with path
    ${truesight.home}/lib/dependencies/gson-1.4.jar.
  9. Configure the Remedy SSO agent.
    • Open the file
      <TrueSightPServer>\truesightpserver\
      modules\tomcat\rsso_agent\
      rsso-agent.properties       and modify\add following:
      • agent-id=tsps_agent
      • sso-external-url=
        https://<RSSO_HOST_PORT>/rsso
      • sso-service-url=
        https://<RSSO_HOST_PORT>/rsso
  10. Generate new SSL certificate with
    CN=<TSPS_HOST> and replace the existing certificate in
    keystore <TrueSightPServer>
    \truesightpserver\
    conf\secure\loginvault.ks    .
  11. Start the TrueSight Presentation Server.

Note

  • The Remedy SSO web agent is usually configured to communicate with only one Remedy SSO server. If you want to configure the web agent to communicate with multiple servers, refer to the Agent supporting multiple servers section in Remedy Single Sign-On Agent.
  • To remove the integration of Remedy SSO from a BMC application, perform the manual integration steps in reverse order.

Related topic

Manually installing Remedy SSO

PUBLI

Was this page helpful? Yes No Submitting... Thank you
Last modified by Priya Shetye on Jan 05, 2024
integration

Comments

Log in or register to comment.

Integrating Remedy SSO with BMC Discovery
Removing Remedy SSO integration from Remedy AR System and Remedy Mid Tier
© Copyright 1991 – 2018 BMC Software, Inc.
© Copyright 1991 – 2018 BladeLogic, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.