This documentation supports the 19.05 version of Remedy Single Sign-On.

To view an earlier version, select the version from the Product version menu.

Manually integrating Remedy SSO with BMC applications

This topic was edited by a BMC Contributor and has not been approved.  More information.

You manually integrate Remedy Single Sign-On with BMC applications when you want to install Remedy SSO server and Remedy SSO agents on platforms that are not supported by the Remedy SSO installer. 

In addition, compared to the Remedy SSO installer, the manual integration steps are easier to execute in various automation and deployment scripts.

The Remedy SSO agent is usually configured to communicate with only one Remedy SSO server. For information about how to configure the web agent to communicate with multiple servers, see Configuring Remedy SSO agent supporting multiple servers.

You can integrate Remedy SSO with the following BMC applications:

  • Remedy AR System Server
  • Remedy Mid Tier
  • BMC Analytics
  • TrueSight Presentation Server
  • BMC Configuration Management Database

Before you begin

  1. Manually install Remedy SSO
  2. Create a system backup. If there is a need to remove the Remedy SSO integration from a BMC application, you will need to restore files to their previous state.

To manually integrate Remedy SSO with Remedy AR System server

  1. Make sure the following AREA settings (<AR>/Conf/ar.cfg) are configured on the AR Server (can be set from the Server Information form > EA tab):

    External-Authentication-RPC-Socket: 390695
    Authentication-Chaining-Mode: 1
    Crossref-Blank-Password: T
  2. Copy rsso.cfg from rsso-area-plugin to <AR>/Conf.
  3. In rsso.cfg, adjust the value of your Remedy SSO server service url:

    SSO-SERVICE-URL: <rsso_service_url>

    You must set the sso-service-url in the configuration file only if you integrate Remedy AR System with a single Remedy SSO server.

    To integrate AR System with multiple Remedy SSO servers, you must configure this setting for each server in the Remedy SSO Admin Console.

  4. Copy rsso-area-plugin-all.jar file from rsso-area-plugin to <AR>/pluginsvr directory.

  5. Copy gson-2.3.1.jar and slf4j-api-1.7.25.jar from lib to <AR>/pluginsvr directory.
  6. Edit <AR>/pluginsvr/pluginsvr_config.xml, and add Remedy SSO AREA plug-in by replacing <AR> with the corresponding path:

    <plugin>
        <name>ARSYS.AREA.RSSO</name>
        <classname>com.bmc.rsso.plugin.area.RSSOPlugin</classname>
        <pathelement type="location"><AR>/pluginsvr/rsso-area-plugin-all.jar</pathelement>
        <pathelement type="location"><AR>/pluginsvr/gson-2.3.1.jar</pathelement>
        <pathelement type="location"><AR>/pluginsvr/slf4j-api-1.7.25.jar</pathelement>
        <userDefined>
            <configFile>{AR}/Conf/rsso.cfg</configFile>
        </userDefined>
    </plugin>
  7. Restart the AR System server.

To manually integrate Remedy SSO with Remedy Mid Tier

  1. Stop the Tomcat service installed on Mid Tier.
  2. Configure the Authenticator as follows:
    1. Edit the following line in the config.properties file (<Mid_Tier>/WEB-INF/classes) to use the RSSOAuthenticator:

      arsystem.authenticator=com.bmc.rsso.plugin.authenticator.RSSOAuthenticator
    2. Copy the rsso-authenticator-plugin-all.jar file from rsso-authenticator-plugin to the <Mid_Tier>/WEB-INF/lib folder.
    3. Copy the gson-2.3.1.jar file from Remedy SSO installation package Disk1\files\lib to the <Mid_Tier>/WEB-INF/lib folder.
  3. Configure the Web Agent as follows:
    1. Copy the rsso-agent-all.jar file from /rsso-agent to the <Mid_Tier>/WEB-INF/lib folder.
    2. Copy /rsso-agent/rsso-agent.properties file to the <Mid_Tier>/WEB-INF/classes folder, and modify it as required:

      logout-urls=/atssologout.html
      
      sso-external-url=${sp-services-url}
      # sso-external-url is a public user-facing URL exposed for end-users for authentication. 
      # In standalone mode, sso-external-url must be an HTTPS URL. For example, https://my-rsso.bmc.com/rsso
      # If Remedy SSO is installed in an HA mode, sso-service-url must be a Load Balancer (LB) URL.
      
      sso-service-url=${sp-services-internal-url}
      # If Remedy SSO is installed in an HA mode, sso-service-url must be a Load Balancer (LB) URL.
      # In standalone mode, sso-service-url is recommended to be an HTTP URL. For example, http://my-rsso.bmc.com/rsso.
      
      agent-id=${agent-id}
      # agent-id must be a unique identifier. Agent-id must be the same on all nodes in a Mid Tier HA cluster. 
      # BMC recommends to set this value to a simple identifier instead of a HTTP URL. For example, agent-id=analytics_agent.
      
      use-in-memory-cache=true
      # Allows to choose between HttpSession and in-memory cache to store token data.
      # Option can't be changed at run time
  4. Edit the <Mid_Tier>/WEB-INF/web.xml file and add the following Remedy SSO filter configuration:

    <filter>
        <filter-name>RSSOFilter</filter-name>
        <filter-class>com.bmc.rsso.agent.RSSOFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>RSSOFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    <listener>
        <listener-class>com.bmc.rsso.agent.RSSOListener</listener-class>
    </listener>


    You must disable Atrium SSO filter if it exists in the web.xml file by commenting it. 

  5. Copy the rsso-agent/rsso-log.cfg file to the <Mid_Tier>/WEB-INF/classes folder.
  6. Copy the following files from the lib folder to the <Mid_Tier>/WEB-INF/lib folder:
    • caffeine-<version>.jar
    • jjwt-impl-<version>.jar
    • org.apache.oltu.oauth2.client-<version>.jar
    • jjwt-jackson-<version>.jar
    • jjwt-api-<version>.jar
    • json-<version>.jar
    • slf4j-api-<version>.jar
    • jackson-annotations-<version>.jar
    • jackson-core-<version>.jar
    • jackson-databind-<version>.jar
  7. Copy rsso-agent-all.jar from the Disk1/files/rsso-agent folder to the <Mid_Tier>/WEB-INF/lib folder.
  8. Restart Mid Tier/ Tomcat.

To manually integrate Remedy SSO with BMC Analytics

Before executing the following steps to configure BMC Analytics for Single Sign-On, ensure that the prerequisites are met.

  1. Stop Analytics Tomcat service.
  2. Copy rsso-agent/rsso-agent-all.jar to <TOMCAT>/webapp/BI/WEB-INF/lib.
  3. Copy rsso-agent/rsso-agent.properties file to <TOMCAT>/webapp/BI/WEB-INF/classes, and modify it as required:

    logout-urls=/atssologout.html
    
    sso-external-url=${sp-services-url}
    # sso-external-url is a public user-facing URL exposed for end-users for authentication. 
    # In standalone mode, sso-external-url must be an HTTPS URL. For example, https://my-rsso.bmc.com/rsso
    # If Remedy SSO is installed in an HA mode, sso-service-url must be a Load Balancer (LB) URL.
    
    sso-service-url=${sp-services-internal-url}
    # If Remedy SSO is installed in an HA mode, sso-service-url must be a Load Balancer (LB) URL.
    # In standalone mode, sso-service-url is recommended to be an HTTP URL. For example, http://my-rsso.bmc.com/rsso.
    
    agent-id=${agent-id}
    # agent-id must be a unique identifier. Agent-id must be the same on all nodes in a Mid Tier HA cluster. 
    # BMC recommends to set this value to a simple identifier instead of a HTTP URL. For example, agent-id=analytics_agent.
    
    use-in-memory-cache=true
    # Allows to choose between HttpSession and in-memory cache to store token data.
    # Option can't be changed at run time.
  4. Copy the following jar files into <TOMCAT>/webapp/BI/WEB-INF/lib:
    • caffeine-<version>.jar
    • jjwt-impl-<version>.jar
    • org.apache.oltu.oauth2.client-<version>.jar
    • jjwt-jackson-<version>.jar
    • jjwt-api-<version>.jar
    • json-<version>.jar
    • slf4j-api-<version>.jar
    • jackson-annotations-<version>.jar
    • jackson-<version>.jar
    • jackson-databind-<version>.jar
  5. Copy the following files from the Disk1/files/rsso-agent folder to the <Mid_Tier>/WEB-INF/lib folder:
    • rsso-client-impl.jar
    • rsso-sdk-atsso.jar
    • rsso-agent-all.jar
  6. Copy rsso-sdk/sso-sdk.properties into <TOMCAT>/webapp/BI/WEB-INF/classes.
  7. Delete the following BMC Atrium Single Sign-On JAR files in <TOMCAT>/webapp/BI/WEB-INF/lib:
    • atsso-common-<version>.jar
    • atsso-sdk-<version>.jar
    • atsso-webagent-<version>.jar
  8. Restart the Analytics Tomcat service.

To manually integrate Remedy SSO with TrueSight Presentation Server

  1. Stop the TrueSight Presentation Server.
  2. Place theRemedy SSO filter into ${truesight.home}/modules/tomcat/conf/web.xml as the first filter:

    <filter>
        <filter-name>RSSOFilter</filter-name>
        <filter-class>com.bmc.rsso.agent.RSSOFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>RSSOFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
  3. Create the following folder: 
    <TrueSightPServer>\truesightpserver\modules\tomcat\rsso_agent.

  4. Copy the following files into the created folder:
    • caffeine-<version>.jar
    • jjwt-impl-<version>.jar
    • org.apache.oltu.oauth2.client-<version>.jar
    • jjwt-jackson-<version>.jar
    • jjwt-api-<version>.jar
    • json-<version>.jar
    • slf4j-api-<version>.jar
    • jackson-annotations-<version>.jar
    • jackson-core-<version>.jar
    • jackson-databind-<version>.jar
    • rsso-client-impl.jar
    • rsso-sdk-atsso.jar
    • rsso-agent-all.jar
  5. Delete rsso-agent.properties file from rsso-agent-all.jar.
  6. Open the file <TrueSightPServer>\truesightpserver\conf\services\csr.conf, and make the following changes: 
    1. Add the following paths to the classpath list:
      • ${truesight.home}/modules/tomcat/rsso_agent/caffeine-<version>.jar
      • ${truesight.home}/modules/tomcat/jjwt-impl-<version>.jar
      • ${truesight.home}/modules/tomcat/rsso_agent/org.apache.oltu.oauth2.client-<version>.jar
      • ${truesight.home}/modules/tomcat/rsso_agent/jjwt-jackson-<version>.jar
      • ${truesight.home}/modules/tomcat/rsso_agent/jjwt-api-<version>.jar
      • ${truesight.home}/modules/tomcat/rsso_agent/json-<version>.jar
      • ${truesight.home}/modules/tomcat/rsso_agents/slf4j-api-<version>.jar
      • ${truesight.home}/modules/tomcat/rsso_agents/jackson-annotations-<version>.jar
      • ${truesight.home}/modules/tomcat/rsso_agents/jackson-core-<version>.jar
      • ${truesight.home}/modules/tomcat/rsso_agents/jackson-databind-<version>.jar
      • ${truesight.home}/modules/tomcat/rsso_agents/rsso-client-impl.jar
      • ${truesight.home}/modules/tomcat/rsso_agents/rsso-sdk-atsso.jar
      • ${truesight.home}/modules/tomcat/rsso_agents/rsso-agent-all.jar
    2. Comment the following line with path:
      ${truesight.home}/lib/dependencies/gson-<version>.jar.
  7. Configure the Remedy SSO agent. 
    • Open the file <TrueSightPServer>\truesightpserver\modules\tomcat\rsso_agent\rsso-agent.properties and add the following configuration:

      agent-id=tsps_agent
      sso-external-url=https://<RSSO_HOST_PORT>/rsso
      sso-service-url=https://<RSSO_HOST_PORT>/rsso
  8. Generate new SSL certificate with CN=<TSPS_HOST> and replace the existing certificate in keystore <TrueSightPServer>\truesightpserver\conf\secure\loginvault.ks.
  9. Start the TrueSight Presentation Server.

To manually integrate Remedy SSO with BMC Configuration Management Database

Before integrating Remedy SSO with BMC Configuration Management Database, you must integrate RSSO with BMC Remedy AR System Server.

  1. Stop the AR Server as follows:

    %ISInstalledDirectory%/bin/arsystem stop
  2. Add the rsso.agent.properties file, and move it to the RSSO distributive package downloaded from EPD:
    %RSSODistr%/BMCRemedySSO/Disk1/files/rsso-agent/rsso-agent.properties
    1. Set the following Remedy SSO properties:

      agent-id=Gibraltar
      sso-external-url=http://%RSSOServerName%:%RSSOServerPort%/rsso
      sso-service-url=http://%RSSOServerName%:%RSSOServerPort%/rsso
      logout-urls=/api/rx/sso-logout
      # Allows to choose between HttpSession and in-memory cache to store token data.
      # Option can't be changed at run time
      use-in-memory-cache=true
      # excluded-url-pattern
      # Add the following text at the end of the excluded-url-pattern:
      # /api/jwt/login*
      # For example: excluded-url-pattern=.*\\.xml|.*\\.gif|.*\\.css|.*\\.ico|/shared/config/.*|/WSDL/.*|/shared
      /error.jsp|/shared/timer/.*|/shared/login_commn.jsp|/shared/view_form.jsp|/shared/ar_url_encoder.jsp|
      /ThirdPartyJars/.*|/shared/logout.jsp|/shared/doc/.*|/shared/images/.*|/shared/login.jsp|
      /services/.*|/shared/file_not_found.jsp|/plugins/.*|/shared/wait.jsp|/servlet/GoatConfigServlet|
      /servlet/ConfigServlet|/shared/HTTPPost.class|/shared/FileUpload.jar|/BackChannel.*|/servlet/LicenseReleaseServlet.*/api/jwt/login*
    2. Copy the modified file to the next location %ISInstalledDirectory%/conf

  3. Add the rsso-log.cfg file, and move it to the Remedy SSO distributive.
    %RSSODistr%/BMCRemedySSO/Disk1/files/rsso-agent/rsso-log.cfg
  4. Modify the rsso-log.cfg file as required.

    Example: rsso-log.cfg
    rsso.log.name.format=rsso.%g.log
    rsso.log.level=INFO
    rsso.log.roll=10
    rsso.log.limit=10485760
    rsso.log.dir=/opt/bmc/ars/arsystem/db
  5. Copy the modified file to %ISInstalledDirectory%/conf

  6. Update %ISInstalledDirectory%/bin/arserverd.conf.

  7. Add the following line right after JVM 1.7 parameters (line, starting with jvm.option.17).

    jvm.option.18=-Drsso.log.cfg.file=%ISInstalledDirectory%/conf/rsso-log.cfg

    arserverd.conf may contain an arbitrary number of jvm.option.xx lines initially. So, the general approach is to append the new one jvm.option.xx+1 with specified value after the last jvm.option.xx line.

  8. Copy rsso-agent-osgi.jar from %RSSODistr%/BMCRemedySSO/Disk1/files/rsso-agent/ to %ISInstalledDirectory%/deploy

  9. Start the AR Server as follows:

    %ISInstalledDirectory%/bin/arsystem start

To remove the integration of Remedy SSO from a BMC application

To remove the integration of Remedy SSO from a BMC application, perform the manual integration steps in reverse order. 

For information about how to remove integration between Remedy SSO and Remedy AR System, see Removing Remedy SSO integration from Remedy AR System and Remedy Mid Tier.

Was this page helpful? Yes No Submitting... Thank you

Comments

  1. Stefan Hall

    If you integrate the midtier via the installer, point 7 differ from the real world. Here I wish for a little more accuracy, even if I can't tell yet if the installer or the documentation are wrong.

    Point 7 in the installation is missing "rsso-client-impl.jar"

    Are you sure that points 6 and 7 are really necessary? it would be a significant change to version 1808 and there weren't that many changes. Please clarify and probably adapt the documentation.

    Jun 25, 2019 08:55
    1. Olga Kutetska

      Hello!

      Thank you for the comment. I'll consult with the development team and update the problematic step. We are working on improving the documentation.

      Jun 25, 2019 10:44
    1. Olga Kutetska

      Hello, Stefan!

      I have checked with the development team. Points 6 and 7 that describe manual integration with Mid Tier are required.

      Points 6 and 7 in the topic that describes automatic integration (via installer) are also correct. Manual integration is just an option how the integration can be done, automatic integration is preferred and recommended.

      The library that you have mentioned is indeed not required by the Mid Tier. It is used by BMC Analytics. We have encountered that the following libraries) mentioned in this topic) are not required:

      rsso-client-impl.jar
      rsso-sdk-atsso.jar

      I will update the docs later this week. Thank you for the catch!


      Jul 03, 2019 07:30
  2. Stefan Hall

    If I follow your last words for midtier integration "To remove the integration of Remedy SSO from a BMC application, perform the manual integration steps in reverse order.", I don't know what is the other value for point 2a. Please add the missing information

    Jun 25, 2019 08:58
    1. Olga Kutetska

      There is a fresh document that describes disintegration in more details. Could you, please, check if it is helpful to you:

      Removing Remedy SSO integration from Remedy AR System and Remedy Mid Tier

      Jun 25, 2019 10:46