This documentation supports the 19.05 version of Remedy Single Sign-On.

To view an earlier version, select the version from the Product version menu.

19.05 enhancements

This section contains information about enhancements in Remedy Single Sign-On (Remedy SSO) version 19.05.

BMC Remedy Single Sign-On enhancements

LDAP authentication enhancements

LDAP authentication configuration has been enhanced to support the following cases:

  • In LDAP Page Size, you can set the default limitation for the number of entries the LDAP server returns in a single call. You might need to change this value if your LDAP server is configured to return less than 2000 entries.
  • In Server Hosts, you can set several hosts. If you have LDAP failover configuration, you can add several LDAP server hosts to support LDAP authentication in the failover mode. This will help to handle a situation when one of the servers is down, and the other server is up and running. If the connection to the first server fails, RSSO will automatically redirect the request to another server.

For more details about these settings, see Configuring Remedy SSO for authenticating users with LDAP.

Allowing RSSO to authenticate applications in iframes

In version 19.02, opening the RSSO login page in iframe is supported. In version 19.05, this functionality has been enhanced, and now applications protected by RSSO can be opened in nested iframes (iframes wrapped in iframes). To enable this feature, you must configure the RSSO server to allow specific domains to display RSSO login page. For more information about how to do this, see Allowing RSSO to authenticate applications in iframes.

What else changed in this release

In this release, note the following significant changes in the product behavior:

UpdateProduct behavior in versions earlier than 19.05Product behavior in version 19.05

Groups creation for Local User Management authentication

In Remedy SSO version 19.02, you cannot use properly a group that contains slash characters (you cannot retrieve a list of users for such group).

In this version, you can create and use a user group with a name that contains slash characters ( \ and / ).

REST response has been enhanced for the Token/info endpointThe token/info endpoint does not return token timeout in the REST response.

The token/info endpoint returns token timeout in the REST response.

The timeout value is in number of seconds.

RSSO branding can be changed via REST APIs RSSO login page cannnot be changed by using REST API.

Two new REST API endpoints are added to support RSSO branding:

  • PUT /rsso/api/v1.1/realms/<realm_name>/branding with branding JSON payload in the request body
  • POST /rsso/api/v1.1/asset/<asset_type> with binary file in the request body (asset_type > companyLogo or backgroundImage)

Both endpoints are protected by adminToken.

admin_token header is renamed to adminToken in the authorization header of an HTTP request.

The HTTP header of the admin_token includes the underscore (_) symbol.

Previously some of the REST APIs required the admin_token header to be present in the authentication request. The format of such an authorization header was blocked by the default settings of different load balancers.

Starting from version RSSO 19.05, all REST API endpoints support the following authorization header:

Authorization: RSSO {adminToken}


rsso_token header was renamed to RSSO-User-TokenThe HTTP header of the rsso_token includes the underscore symbol.Starting from version RSSO 19.02, rsso_token header with rsso_token in it is called RSSO-USER-TOKEN.

Was this page helpful? Yes No Submitting... Thank you

Comments