Unsupported content


This version of the product is in limited support. However, the documentation is available for your convenience. You will not be able to leave comments.

Configuring Remedy SSO for authenticating users with LDAP

You can configure the Remedy Single Sign-On (Remedy SSO) server to authenticate users through LDAP server. The following flow shows the tasks that you need to perform to configure the LDAP authentication in Remedy SSO.



To configure LDAP authentication type for external administrators, see Configuring the Remedy SSO server.

Remedy SSO provides the following support with different releases:

  • Remedy SSO supports LDAP strong bind with Simple Authentication and Security Layer (SASL). With SASL, a challenge-response protocol enables data exchange between the client and the server. The data exchange supports authentication and establishes a security layer for communications.
    • In addition, LDAP v3 uses SASL for pluggable authentication. Pluggable authentication allows selection of an authentication mechanism that enables strong bind. For example, a mechanism such as External with SSL and client certificate establishes a strong bind. The mechanism gets the client certificate from the client (browser), and passes it to Remedy SSO server. The client certificate is then used to create SSL connection to the LDAP server.
  • Remedy SSO supports providing additional information about LDAP users and groups, which can be used by an integrated application such as TrueSight Orchestration (formerly BMC Atrium Orchestrator) for administration and authorization.

Before you begin

  • Ensure that you have performed the Remedy SSO server configuration. If you intend to use SASL, it is mandatory to set up the SP details similar to SAML. For more information on server configuration, see Configuring the Remedy SSO server.
  • Configure a realm for the authentication. For more information on realm configuration, see Configuring Realms.
  • Ensure that a LDAP server is configured.
  • Import the certificates for the LDAP server to the truststore of Apache Tomcat used by Remedy SSO if you want to use TLS/SSL connection to the LDAP server. For example, JavaHome \jre\lib\security\cacerts, where cacerts is the truststore file. You can use third-party utilities such as KeyStore Explorer to import the certificates.


    If your Remedy SSO server and the integrated application both use invalid TLS/SSL certificates for HTTPS connection, you may experience difficulties with login in Microsoft Edge and Safari browsers. The certificate confirmation dialog breaks the flow, and the login request is redirected to an empty rsso/start URL.
    BMC recommends using another browser to log on or open the application URL again after confirming the exception for the certificate.

  • Obtain the following information from the LDAP administrator:
    • Host name of the LDAP server
    • Port number of the LDAP server
    • Distinguished name of the bind LDAP user
    • Password of the bind LDAP user
    • Starting location within the LDAP directory for performing user searches
    • User attribute on which search is performed
  • Note that Remedy SSO does not follow referrals. 
  1. (Optional) Click Test to verify the settings.
  2. (Optional) Click Enable Chaining Mode and perform the following steps to enable authentication chaining. For more information about the authentications that you can chain with LDAP, see Authentication chaining.
    1. Click Add Authentication.
    2. Select the required authentication type and enter the authentication details.
    3. Repeat steps a through b to add more authentications for the realm.

Related videos

Click the image to view the video.

Where to go from here

Configuring the Remedy SSO server

Related topics

Transforming User ID to match Login ID

Troubleshooting authentication issues

Related blogs in BMC Communities

LDAP users group configuration

Was this page helpful? Yes No Submitting... Thank you