This section contains information about enhancements in Remedy Single Sign-On version 19.08.
Remedy Single Sign-On enhancements
The following sections provide information about the enhancements in the 19.08 release.
The launchpad functionality has been updated for end users and Remedy SSO administrators.
End user experience on the Digital Service Management page
In earlier versions of Remedy SSO, only applications that belonged to the end users' realm were displayed on the Digital Service Management page. With this release, in addition to the previous behavior, launchpad applications associated with tenants can be displayed on this page. Thus, applications from different realms or even external applications can be displayed on the Digital Service Management page. For more information about this feature, see Start page.
Remedy SSO administrator experience on the LaunchPad page
In earlier versions of Remedy SSO, to add applications protected by Remedy SSO, in the Application URL field an administrator needed to enter only those URLs that were allowed from the domain of a realm. Applications that did not belong to end users' realm were not displayed to them, but the administrator could add any URL. Now, the administrator can enter any URL in this field if the tenant is specified.
The Tenant field is available in the application registration form on the LaunchPad page in Remedy SSO Admin Console. The value that you enter in this field must be mapped to value of the Tenant field available in General settings of a realm. You can associate only one launchpad application with one tenant. For details about how to add applications on the LaunchPad page, see Adding applications to the Digital Service Management page.
In addition to this, The LaunchPad page has been enhanced with the new filtering and search options:
The Tenant field, by default, is empty after upgrade. Hence, all launchpad applications available to the end user on the Digital Service Management page prior to the 19.08 upgrade remain available after upgrade, if the Tenant field was not specified in the associated realm.
If the Tenant field was specified for some of the realms, then you must set this field for all applications associated with the realms. See Configuring the Remedy SSO server after upgrade for more details.
MSP page new look
The MSP page, displayed to end users in cases when Remedy SSO server does not know to which realm an end user belongs to, has been updated to the BMC style look and feel:
OAuth 2 support for native clients
OAuth 2.0 authorization framework for third-party applications has been enhanced to support OAuth 2.0 for Native Apps. Oauth 2.0 for Native Apps provides a unified, modern, and secure way to use Remedy SSO for authenticating all types of native apps.The Remedy SSO toolkit for native apps reuses one of the existing libraries that supports OAuth 2.0 for Native Apps and embeds all the dependencies in one JAR file.
The Remedy SSO toolkit for native apps creates the authorization URL and opens in a default browser that redirects the user to this URL. The Remedy SSO toolkit provides an easy and fast way of obtaining the OAuth token required for authentication flow.
To use OAuth2 for native apps, a Remedy SSO administrator must register a public OAuth2 client by using the new Native (Public) client setting on the OAuth2 tab in Remedy SSO Admin Console.
For information about how to register a native OAuth2 client, see To register a native OAuth2 client.
Simplification of allowing Remedy SSO to authenticate applications in iframes
In earlier versions, to configure Remedy SSO to open RSSO login page in an iframe, you had to start Remedy SSO server with the following JAVA option: com.bmc.rsso.show.advanced.option.ui=true. The Allow-From Domain(s) option did not display by default. With version 19.08, the Allow-From Domain(s) option is by default available for all authentication types, and you need not start Remedy SSO server with this option.
Section 508 has been implemented for the following Remedy SSO end user facing pages:
- Login page
- Digital Service Management page
- Multi-Service Provider page
- Consent page (the page where an end user confirms that the client application can act on behalf of this user)
- Change password page
End users with limited physical opportunities can complete tasks on the Remedy SSO end user facing pages in the following way:
- Complete tasks without using a mouse
- Complete tasks by using a screen reader application
- Complete tasks without using speakers.
Remedy SSO has been enhanced to support the following system requirements:
|Software||New versions supported|
What else changed in this release
In this release, note the following significant changes in the product behavior:
Product behavior in versions earlier than 19.08
Product behavior in version 19.08
Remedy SSO agent and Remedy SSO server compatibility is limited.
Remedy SSO agent was compatible with any version or Remedy SSO server.
You must upgrade Remedy SSO server to a version later than 18.05 if you have Remedy SSO agent upgraded to 19.08.
|logback.xml has been updated to replace calalina.home with catalina.base|
On a server that had several Tomcat web servers installed, log files were recorded in the home directory calalina.home. It was difficult to analyze logs of different Tomcat servers.
On a server that has several Tomcat web servers installed, log files are recorded in the catalina.base directories of the corresponding Tomcat server.