Configuring Remedy SSO for authenticating users with LDAP
You can configure the Remedy Single Sign-On (Remedy SSO) server to authenticate users through the LDAP server. The following flow shows the tasks that you need to perform to configure the LDAP authentication in Remedy SSO.
To configure LDAP authentication type for external administrators, see Configuring general settings for Remedy SSO server.
Remedy SSO provides the following support with different releases:
- Remedy SSO supports a strong LDAP bind with Simple Authentication and Security Layer (SASL). In SASL, a challenge-response protocol enables data exchange between the client and the server. Data exchange supports authentication and establishes a security layer for communications.
- In addition, LDAP v3 uses SASL for pluggable authentication. By using pluggable authentication, you can select an authentication mechanism that enables strong bind. For example, a mechanism such as External with SSL and client certificate establishes a strong bind. The mechanism gets the client certificate from the client (browser), and passes it to Remedy SSO server. The client certificate is then used to create SSL connection to the LDAP server.
- Remedy SSO supports providing additional information about LDAP users and groups. The additional information can be used by an integrated application such as BMC Atrium Orchestrator for administration and authorization.
- Configuring general settings for Remedy SSO server. If you want to use SASL, you must set up the SP similar to that of SAML. For more information about server configuration, see
- Ensure that the LDAP server is configured.
If your Remedy SSO server and the integrated application both use invalid TLS/SSL certificates for HTTPS connection, you may experience difficulties with login in Microsoft Edge and Safari browsers. The certificate confirmation dialog breaks the flow, and the login request is redirected to an empty rsso/start URL.
BMC recommends that you use another browser to log on or open the application URL again after confirming the exception for the certificate.
To configure the LDAP authentication
- (Optional) Click Test to verify the settings.
- (Optional) Click Enable Chaining Mode and perform the following steps to enable authentication chaining. For more information about the authentications that you can chain with LDAP, see Authentication chaining.
- Click Add Authentication.
- Select the required authentication type and enter the authentication details.
- Repeat steps a through b to add more authentications for the realm.
Click the image to view the video.