Configuring multiple domain support
In versions earlier than 19.02, the Remedy SSO server could not protect applications hosted in different domains. With 19.02 version, Remedy SSO server can now establish connection with applications in different domains. For this, the Remedy SSO agent and server must act as an OpenID Client and OpenID provider respectively to protect an application through the authentication process.
This feature is needed in cases where you have an application which is hosted in your company data center, and Remedy SSO server is hosted in another data center, for example BMC data center.
The following Remedy SSO functionalities are not supported for the applications for which the Remedy SSO agent and server act as an OpenID Client and OpenID provider respectively:
- Bypass SAML authentication for reauthentication requests
- Multi-Service Provider (MSP)
To allow applications hosted on different domains to use the same RSSO server for authentication
In the Remedy SSO server, register an application as an OAuth2 client. For information about how to configure the OAuth2 client, see Configuring OAuth 2.0.
Perform the following steps to register the client as an OAuth2 client:
- Set the OpenID Issuer URL. The value must correspond to the sso-external-url configured in the rsso-agent.properties file.
- Select the openid (Scope used for OpenID connect) check box to enable the OpenID scope for this client.
- Configure the Access Token Timeout value for managing the user session time.
- Generate the JWK Id.
Copy the Client ID and Client Secret generated after registering the client as OAuth2 and save them.
In the RSSO agent, configure the rsso-agent.properties file as follows:
multi-domain-support=true oauth-client-id=<Client ID> oauth-client-secret=<Client Secret>
Save the rsso-agent.properties file.
The RSSO is now configured for using OpenID connect.