This documentation supports the 19.02 version of Remedy Single Sign-On.

To view an earlier version, select the version from the Product version menu.

19.02 enhancements

This section contains information about enhancements in Remedy Single Sign-On (Remedy SSO) version 19.02.

Related topics

Downloading the installation files

Known and corrected issues

Release notes and notices

Additional Remedy ITSM 19.02 enhancements Open link

BMC Remedy Single Sign-On enhancements

The following sections provide information about the enhancements in the 19.02 release.


Kerberos authentication for a pre-defined IP range

You can now authenticate requests coming from a set of pre-defined IP addresses by using the Kerberos authentication. For this, a Remedy SSO administrator must provide a range of IP addresses using the Remedy SSO Admin Console. When a user tries to login through a realm, the Remedy SSO server checks the IP of the user with the IP addresses configured in the Remedy SSO Admin Console. If the IP address of the user exists in the configured range of IP addresses, the Remedy SSO server sends the user to log in through this IdP. However, if the IP address of the user is not configured, it skips the IdP and moves on to the next IdP in the authentication chain. For more information about on configuring the range of IP addresses, see Configuring Kerberos authentication.

Enabling signed SAML metadata for security

To ensure that the security policies of your organization are followed, you can now sign the SAML metadata. For this, a new Sign Metadata field is added on the Remedy SSO Admin Console. When the SAML realm is configured for signing metadata, the Remedy SSO server gets the certificate and private key from keystore based on the specified alias and signs the metadata with it.

For more information on enabling the signing metadata, see Configuring Remedy SSO to authenticate users with SAMLv2.

Ability to configure Remedy SSO agent and Remedy SSO server for applications hosted on different domains

In earlier versions, only the applications hosted on the same domain were authenticated using the same Remedy SSO server. From version 19.02, applications hosted on different domains can use the same Remedy SSO server for authentication. For this, the Remedy SSO agent and server must act as an OpenID Client and OpenID provider respectively to protect an application through the authentication process. For more information about configuring the Remedy SSO agent for supporting applications hosted on different domains, see Configuring Remedy SSO agent.

Ability to secure the cookie by providing access only to the issuing domain

You can now set the cookie domain value to the domain on which the Remedy SSO server is installed, and not restrict it to the network domain (parent domain) of the computer on which you are installing the Remedy SSO server domain. This ensures that the cookie is not accessible to any less trusted applications. You can set this cookie domain value either during installation, or through the Remedy SSO Admin Console. For more information, see Security planning and Configuring the Remedy SSO server.

Data Transfer tool installed by default

From version 19.02, the Data Transfer tool is installed by default by the Remedy SSO installer with the Remedy SSO server. The tool gets installed in the BMC Software\RemedySSO\tools folder. For more information about data transfer tool, see Exporting and Importing Remedy SSO configuration.

What else changed in this release

In this release, note the following significant changes in the product behavior:

UpdateProduct behavior in versions earlier than 19.02Product behavior in version 19.02

Importing the configurations using the Data Transfer tool.

In Remedy SSO version 18.11, while importing a realm from an exported file, if you provide a realm name that does not exist, then no error message was displayed.

While importing a realm from an exported file, if you provide a realm name that does not exist, then the following error message is displayed:
Wrong argument. Realm '<realm_name>' does not exist in dump file.

Added support for applications hosted on different domains.Only the applications that are hosted on the same domain as the Remedy SSO server were authenticated using Remedy SSO.Applications hosted on different domains can be authenticated by using the same Remedy SSO server.
Removed the restriction of setting the value of the cookie domain to the parent domain.The Remedy SSO administrator could set the value of the cookie domain only to the parent domain.The Remedy SSO administrator can now set the value of the cookie domain to the issuing domain.
Was this page helpful? Yes No Submitting... Thank you

Comments