Unsupported content

 

This version of the product is in limited support. However, the documentation is available for your convenience. You will not be able to leave comments.

Configuring the Remedy SSO server after upgrade

After you upgrade Remedy Single Sign-On, perform the tasks described in this topic.

To configure the Remedy SSO server after upgrade

  1. If before upgrade you modified the original web.xml located in <RSSO Tomcat>\webapps\rsso\WEB-INF folder on the RSSO server, then you need to update the upgraded file with your custom settings.

  2. If your system had realms configured for SAML authentication, reconfigure the SAML authentication settings.

To update SAML SP metadata template

  1. Log in to Remedy SSO Admin Console.

  2. Go to Realm > Authentication
  3. For all realms with SAML type of authentication, update the SP metadata template. To access the edit mode of the SP metadata, in the Template section, click Edit

    The original SP metadata template is the following:

    SP metadata template
    <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
    <EntityDescriptor entityID="%%ISSUER%%" xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
        <SPSSODescriptor AuthnRequestsSigned="%%SIGN_REQUEST%%" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
            <KeyDescriptor use="signing">
                <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
                    <X509Data>
                        <X509Certificate>%%CERTIFICATE_DATA%%</X509Certificate>
                    </X509Data>
                </KeyInfo>
            </KeyDescriptor>
            <KeyDescriptor use="encryption">
                <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
                    <X509Data>
                        <X509Certificate>%%ENC_CERTIFICATE_DATA%%</X509Certificate>
                    </X509Data>
                </KeyInfo>
            </KeyDescriptor>
            <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings: HTTP-POST" Location="%%LOGOUT_REQUEST%%" ResponseLocation="%%LOGOUT_RESPONSE%%" />
            <NameIDFormat>%%NAMEIDFORMAT%%</NameIDFormat>
            <AssertionConsumerService index="0" isDefault="true" Binding="urn:oasis:names:tc: SAML:2.0:bindings:HTTP-POST" Location="%%CONSUMER%%" />
        </SPSSODescriptor>
    </EntityDescriptor>
    1. If you enabled the IdP initiated single logout feature, include the following information in the SP metadata template after the <AssertionConsumerService> tag:

      <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="%%LOGOUT_REQUEST%%" ResponseLocation="%%LOGOUT_RESPONSE%%" />


      • Location is the endpoint for the identity provider to send the logout request. For example, https://access.xyz.com:8443/rsso/receiver/Saml.
      • ResponseLocation is the endpoint for the identity provider to send the logout response after getting the logout request from Remedy SSO. For example, https://access.xyz.com:8443/rsso/receiver/Saml.

    2. To sign up the SP metadata, update the following tag as follows:

      <EntityDescriptor entityID="%%ISSUER%%" xmlns="urn:oasis:names:tc:SAML:2.0:metadata" %%METADATA_ID%%>
  4. Update Remedy SSO (SP) metadata on the identity provider side.

Where to go from here

Now, when you have configured Remedy SSO after upgrade, you can check the upgrade was successful. For information about how to do this, see Verifying the installation.

Was this page helpful? Yes No Submitting... Thank you

Comments