Stage | Action | Steps |
---|
Remedy SSO manual installation |
1. | Configure BMC Remedy SSO web server | - Install Tomcat 7.
You must secure Tomcat before using it for Remedy SSO. To secure Tomcat, remove all directories from CATALINA_HOME/webapps except ROOT.
Delete all content except the index page in the ROOT directory. - Deploy rsso.war to <Tomcat>/webapps/rsso folder.
|
2. | Configure Remedy SSO web server with database | - Set up the database.
For more information about setting up the database, see Manually installing Remedy SSO . Go to the Remedy SSO Tomcat folder and stop Tomcat.
Edit <Tomcat>/webapps/rsso/META-INF/context.xml and set the following parameters based on the values that you used for setting up the database: Property | Value |
---|
url | Value of the jdbc URL to access the Remedy SSO database as follows: For MsSQL, use the following format: jdbc:sqlserver:// <DBServerHostName>:<Port> ;
instanceName= <instanceName> ;
databaseName=<databaseName>
Example, jdbc:sqlserver: //AMS3-SQ-DEV01:1433;
instanceName=DEV01; databaseName=whthat_dev_ar
For Oracle, use the following format: jdbc:oracle:thin:@[host] [:port]:SID
Example, jdbc:oracle:thin: @localhost:1521:XE For PostgreSQL, use the following format:
jdbc:postgresql://[host]: [port]/[database]
Example, jdbc:postgresql: //localhost:5432/rsso
| username | Value of the database user name. | password | Value of database user password with the following format. AES:{encrypted-password} where {encrypted-password} is the encrypted password. To generate an encrypted password: 1. Open the command line window. 2. Change the path to <TOMCAT_HOME>/rsso/WEB-INF/lib. 3. Run the following command. java -jar rsso-ds-9.1.04.jar -cp <TOMCAT>
/rsso/WEB-INF/classes <message-to-encrypt>
Note: The name of this jar depends on the version number. | driverClassName | Value of the driver class name as follows: For MS SQL version 9.1.04, use: MsSql: com.microsoft.sqlserver. jdbc.SQLServerDriver
For MS SQL version 9.1 and earlier, use:
MsSql: net.sourceforge.jtds.jdbc.Driver
For Oracle, use: Oracle: oracle.jdbc.driver.OracleDriver
For PostgreSQL, use: org.postgresql.Driver
|
Copy the following jdbc driver libraries to the <tomcat>/lib folder:
* sqljdbc4-4.0.jar * ojdbc6-11.2.0.2.0.jar * postgresql-9.4.1207.jre7.jar - Restart Tomcat.
|
Remedy SSO manual integration with BMC applications |
Integrate with BMC Remedy AR System Server | - Copy rsso.cfg from rsso-area-plugin into <AR>/Conf.
- In rsso.cfg, change the value of the following line to your Remedy SSO server service url:
SSO-SERVICE-URL: <rsso_service_url> - Copy rsso-area-plugin-all.jar file from rsso-area-plugin into <AR>/pluginsvr directory.
- Copy gson-2.3.1.jar and slf4j-api-1.7.25.jar from lib into <AR>/pluginsvr directory.
- Edit <AR>/pluginsvr/pluginsvr_config.xml and add RSSO AREA plug-in with the following snippet.
Note: Must be within the <plugins> section of the file. Replace {AR} with corresponding path.
<plugin>
<name>ARSYS.AREA.RSSO</name>
<classname>com.bmc.rsso. plugin.area.RSSOPlugin</classname> <pathelement type="location">{AR}/pluginsvr/ rsso-area-plugin-all.jar</pathelement>
<pathelement type="location">{AR}/pluginsvr/ gson-2.3.1.jar</pathelement>
<pathelement type="location">{AR}/pluginsvr/ slf4j-api-1.7.25.jar</pathelement>
<userDefined>
<configFile>{AR}/Conf/rsso.cfg</configFile>
</userDefined>
</plugin> - Restart BMC AR System Server.
|
Integrate with BMC Remedy MidTier | - Stop midtier/tomcat service.
- To configure the Authenticator:
- Edit the following lines in the config.properties file
(<MT>/WEB-INF/classes) to use the RSSOAuthenticator:
arsystem.authenticator=com.bmc.rsso. plugin.authenticator.RSSOAuthenticator - Copy the rsso-authenticator-plugin-all.jar file from
rsso-authenticator-plugin to the <MT>/WEB-INF/lib folder.
- To configure the Web Agent:
- Copy the rsso-agent-all.jar file from /rsso-agent to the
<MT>/WEB-INF/lib folder. - Copy and modify the following file to the
<MT>/WEB-INF/classes folder: /rsso-agent/rsso-agent.properties
If Remedy SSO is in a cluster, both sso-external-url and sso-service-url should be a Load Balancer (LB) URL. For example, https://solqa-rsso.bmc.com/rsso and internal IP of LB should be mapped to the hostname in hosts file on midtier machine. If it is a standalone Remedy SSO, sso-external-url must be an https URL, for example, https://my-rsso.bmc.com/rsso and sso-service-url is recommended to be an http URL, for example, http://my-rsso.bmc.com/rsso. Note that sso-external-url is a public user-faced URL exposed for end-users for authentication. It is recommended to use https connection. Note: The 'agent-id' property value in the rsso-agent.properties file should be a unique identifier, but should be same on all nodes in a Mid Tier cluster. It is recommended to set its value to a simple identifier instead of a HTTP URL. For example, agent-id=midtier_agent.
- Edit the <MT>/WEB-INF/web.xml file and add RSSO filter configuration.
Note: Disable Atrium SSO filter if it exists in the web.xml file by commenting it.
<filter>
<filter-name>RSSOFilter</filter-name>
<filter-class>com.bmc.rsso.agent. RSSOFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>RSSOFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>com.bmc.rsso.agent. RSSOListener</listener-class>
</listener> - Copy the rsso-agent/rsso-log.cfg file to the
<MT>/WEB-INF/classes folder. - Copy the following files from the lib folder to the
<MT>/WEB-INF/lib folder:- gson-2.3.1.jar
- caffeine-2.6.2.jar
- slf4j-api-1.7.25.jar
- Restart Midtier/Tomcat.
|
Integrate with Innovation Suite | - Stop the AR System server.
%ISInstalledDirectory%/bin/arsystem stop
- Update %ISInstalledDirectory%/conf/ar.cfg.
- Comment out the following plugins:
# Server-Plugin-Alias: ARSYS.ARDBC.PENTAHO
ARSYS.ARDBC.PENTAHO 127.0.0.1:9999
# Server-Plugin-Alias: ARSYS.ARF.ARMIGRATE
ARSYS.ARF.ARMIGRATE 127.0.0.1:9999
# Server-Plugin-Alias: ARSYS.ARDBC.ARREPORTENGINE
ARSYS.ARDBC.ARREPORTENGINE 127.0.0.1:9999
- Append the following lines:
Server-Plugin-Alias: AREA AREA 127.0.0.1:9999
Note - Provide the IP address where AR server is running
External-Authentication- RPC-Socket: 390695
Authentication- Chaining-Mode: 2
Use-Password-File: T
Crossref-Blank-Password: F
Allow-Guest-Users: F
- Add the rsso.cfg file.
- Locate file inside RSSO distributive. Distributive is the installer package downloaded from EPD.
%RSSODistr%/BMCRemedySSO/Disk1/ files/rsso-area-plugin/rsso.cfg - Define RSSO server url
SSO-SERVICE-URL: http://%RSSOServerName% :%RSSOServerPort%/rsso - Copy modified file to the next location
%ISInstalledDirectory%/conf
- Add rsso-agent.properties file.
- Locate the following file inside the Remedy SSO distributive.
%RSSODistr%/BMCRemedySSO/Disk1/files /rsso-agent/rsso-agent.properties - Define RSSO properties.
agent-id=Gibraltar
sso-external-url= http://%RSSOServerName%:
%RSSOServerPort%/rsso
sso-service-url= http://%RSSOServerName%:
%RSSOServerPort%/rsso
logout-urls=/api/rx/sso-logout
Copy the modified file to the %ISInstalledDirectory%/conf folder
- Add the rsso-log.cfg file.
- Locate file inside RSSO distributive.
%RSSODistr%/BMCRemedySSO/Disk1 /files/rsso-agent/rsso-log.cfg Modify the contents of the rsso-log.cfg file. For example:
rsso.log.name.format=rsso.%g.log
rsso.log.level=INFO
rsso.log.roll=10
rsso.log.limit=10485760
rsso.log.dir=/opt/bmc/ars/arsystem/db Copy the modified file to the next location %ISInstalledDirectory%/conf.
- Update the %ISInstalledDirectory%/pluginsvr
/pluginsvr_config.xml file.
Comment the following plugins: ARSYS.ARF.ATSSOCONFIRMPWD ARSYS.AREA.ATRIUMSSO Add new plugin configuration <plugin>
<name>ARSYS.AREA.RSSO</name>
<classname>com.bmc.rsso.plugin. area.RSSOPlugin</classname>
<pathelement type="location"> %ISInstalledDirectory%/ pluginsvr/rsso-area-plugin-all.jar </pathelement>
<pathelement type="location"> %ISInstalledDirectory%/ pluginsvr/gson-2.3.1.jar </pathelement>
<userDefined>
<configFile>%ISInstalledDirectory% /conf/rsso.cfg </configFile>
</userDefined>
</plugin>
- Update the %ISInstalledDirectory%/bin/arserverd.conf file by adding the following line after JVM 1.7 parameters (line, starting with jvm.option.17).
jvm.option.18=-Drsso.log.cfg.file= %ISInstalledDirectory% /conf/rsso-log.cfg
Note: arserverd.conf may contain arbitrary number of jvm.option.xx lines initially. So, the general approach is to append the new one jvm.option.xx+1 with specified value after the last jvm.option.xx line.
- Copy the following JAR files:
- rsso-area-plugin-all.jar from
%RSSODistr%/BMCRemedySSO/Disk1/files/ rsso-area-plugin/rsso-area-plugin-all.jar to %ISInstalledDirectory%/pluginsvr - gson-2.3.1.jar from
%RSSODistr%/BMCRemedySSO/Disk1/files /lib/gson-2.3.1.jar to %ISInstalledDirectory%/pluginsvr - rsso-agent-osgi.jar from
%RSSODistr%/BMCRemedySSO/Disk1/files /rsso-agent/rsso-agent-osgi.jar to %ISInstalledDirectory%/deploy
- Start the AR server.
%ISInstalledDirectory%/bin/arsystem start - Log in as tenant admin and verify/update authentication chaining mode (for every tenant).
|
Integrate with BMC Analytics | Before executing the following steps to configure Analytics for BMC Analytics for Single Sign-On, ensure that the prerequisites are met. - Stop Analytics Tomcat service.
- Copy rsso-agent/rsso-agent-all.jar to
<TOMCAT>/webapp/BI/WEB-INF/lib. - Copy and modify following file into
<TOMCAT>/webapp/BI/WEB-INF/classes: rsso-agent/rsso-agent.properties (Note: Configure 'logout-urls=/atssologout.html' in rsso-agent.properties)
If Remedy SSO is in a cluster, both sso-external-url and sso-service-url should be a Load Balancer (LB) URL. For example, https://solqa-rsso.bmc.com/rsso and internal IP of LB should be mapped to the hostname in hosts file on midtier machine. If it is a standalone Remedy SSO, sso-external-url must be an https URL, for example, https://my-rsso.bmc.com/rsso and BMC recommends sso-service-url to be an http URL, for example, http://my-rsso.bmc.com/rsso . Note that sso-external-url is a public user-faced URL exposed for end-users for authentication. BMC recommends that you use an https connection. Note: The 'agent-id' property value in rsso-agent.properties file should be a unique identifier, but should be same on all nodes in a MidTier cluster. It is recommended to set its value to a simple identifier instead of a HTTP URL. For example, agent-id=analytics_agent
- Copy the following jar files into
<TOMCAT>/webapp/BI/WEB-INF/lib:
* rsso-sdk/rsso-sdk-atsso.jar * rsso-sdk/rsso-client-impl.jar * lib/log4j*.jar * lib/slf4j*.jar * lib/gson-2.3.1.jar * lib/caffeine-2.6.2.jar - Copy rsso-sdk/sso-sdk.properties into
<TOMCAT>/webapp/BI/WEB-INF/classes. - Delete the following BMC Atrium Single Sign-On JAR files in
<TOMCAT>/webapp/BI/WEB-INF/lib: * atsso-common-<version>.jar * atsso-sdk-<version>.jar * atsso-webagent-<version>.jar - Restart the Analytics Tomcat service.
|
Integrate with TrueSight Presentation Server
| - Stop the TrueSight Presentation server.
Place the Remedy RSSO filter into ${truesight.home}/modules/tomcat /conf/web.xml as the first filter: <filter>
<filter-name>RSSOFilter </filter-name>
<filter-class>com.bmc.rsso.agent. RSSOFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>RSSOFilter </filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
Create the folder <TrueSightPServer>\truesightpserver\ modules\tomcat\rsso_agent. - Copy the following files into the created folder:
- rsso-agent-all.jar
- gson-2.3.1.jar
- rsso-agent.properties
- caffeine-2.6.2.jar
- Delete rsso-agent.properties file from rsso-agent-all.jar.
- Open the file
<TrueSightPServer>\truesightpserver \conf\services\csr.conf. - Add the following paths to classpath list:
- ${truesight.home}/modules/tomcat/
rsso_agent/rsso-agent-all.jar - ${truesight.home}/modules/tomcat/
rsso_agent/gson-2.3.1.jar - ${truesight.home}/modules/tomcat/
rsso_agent/ - ${truesight.home}/modules/tomcat/
rsso_agent/caffeine-2.6.2.jar
- Comment line with path
${truesight.home}/lib/dependencies/gson-1.4.jar. - Configure the Remedy SSO agent.
- Open the file
<TrueSightPServer>\truesightpserver\ modules\tomcat\rsso_agent\ rsso-agent.properties and modify\add following:- agent-id=tsps_agent
- sso-external-url=
https://<RSSO_HOST_PORT>/rsso - sso-service-url=
https://<RSSO_HOST_PORT>/rsso
- Generate new SSL certificate with
CN=<TSPS_HOST> and replace the existing certificate in keystore <TrueSightPServer> \truesightpserver\ conf\secure\loginvault.ks. - Start the TrueSight Presentation Server.
|
Comments
Log in or register to comment.