This documentation supports the 19.08 version of Remedy Single Sign-On.

To view an earlier version, select the version from the Product version menu.

Configuring general settings for Remedy SSO server

After the installation of Remedy Single Sign-On, review and update the general configuration settings. If needed, you can export the configuration settings to back them up. Use the import option to restore the configuration settings.

In the general configuration settings, you can also set some of the SAML authentication settings, such as including a certificate for signing a SAML request. You can also configure Remedy SSO to decrypt the encrypted assertions in SAML responses. For more information about how to create the signing certificate and encryption key for SAML assertions, see Creating and updating the SP signing certificate for SAML authentication.

To update the general configuration settings

  1. Log in to Remedy SSO Admin Console as an administrator.
  2. Click General.
  3. On the Basic tab, enter the basic server details.

    FieldDescription
    Cookie

    Cookie Domain

    The value that controls the cookie visibility between servers within the same or different domains. The default cookie domain value is the network (parent) domain of the computer on which you are installing Remedy SSO server. The default cookie domain specifies the most restrictive access.

    You can specify the specific domain name where Remedy SSO server is installed, instead of the parent domain. For example, if your Remedy SSO server is on rsso.yourcompany.com, you can now set the cookie domain to rsso.yourcompany.com instead of just yourcompany.com.

    Note: The cookie domain value must contain a dot (".").

    For example, in case your ITSM and BMC Digital Workplace applications are available on itsm.yourcompany.com and dwp.yourcompany.com and Remedy SSO is on sso.yourcompany.com, then the cookie domain must be set to sso.yourcompany.com. Ensure that the value is correct because a wrong value can cause a redirection loop.

    Session Settings

    Max Session Time

    The time after which the user session expires. When this value is selected, time constraints are automatically enforced.

    The default value is 24 hours.

    Ensure that the maximum session time is more than the time that you configure for session token validation on an agent.

    Max Admin Session Time

    The time after which the admin session expires. When this value is selected, time constraints are automatically enforced. The default is 1 hour.

    The minimum value is 1 minute and the maximum value is 1 year.

    Admin Lockout Threshold

    The number of incorrect password attempts by a Remedy SSO administrator account before the account gets locked out. 

    In version 18.08 and above, If the administrator enters an incorrect password, you can set the value in this field to make sure that after those many attempts, the administrator account gets locked out.

    The default value is 0, which indicates that the account lockout functionality is disabled.

    Log

    Server Log Level

    The level or severity of logging messages.

    Using the DEBUG level affects the server performance.

  4. On the Advanced tab, enter the following advanced details.

    FieldDescription
    Cookie

    Cookie Name

    The cookie name is automatically created at installation and is based on the timestamp. The timestamp is the time of creation of the database during Remedy SSO installation.

    This value is shared between all applications that use Remedy SSO. When you configure Remedy SSO across multiple staged environments, then the cookie name must be unique for each environment. For example, if you have four environments (DEV, QA, STAGING, and PRODUCTION), then each group of applications within the same environment would share the environment's unique cookie name.

    Enable Secured Cookie

    The option to enable secured cookie. If this option is selected then all applications must also run on HTTPS and the application servers must be accessed through https only. Otherwise, it causes a redirection loop.

    Back Channel
    Service URL

    Remedy SSO generates a token and inserts this URL into the token to provide information about the location of Remedy SSO server. This is an optional configuration as Remedy SSO server location can also be specified in the configuration files of Remedy SSO agent and AREA plugin.

    SAML Service Provider (Optional) Enter these details only if you are configuring Remedy SSO for SAML authentication.

    SP Entity ID

    The entity ID of the service provider (SP). You can specify any value for SP Entity ID, for example rsso_sp_hostname. Remedy SSO server name is used as SP identifier in Relying Party Trust configured on IdP side.

    External URL

    The external URL of the service provider. It is the URL for Remedy SSO server. Note: The URL must be HTTPS only.

    Keystore File

    The keystore file path on Remedy SSO server file system that includes the keystore file name. The keystore file contains all the required certificates. If you are using PKCS12 keystores file, the file extension must be .p12.

    If the keystore file is available in the tomcat/rsso/webapp/WEB-INF/classes folder, the value of this field can be the name of the keystore file, where tomcat is the Tomcat path. Otherwise, use the absolute file path.

    Keystore PasswordThe keystore file password. The keypair and keystore password must be the same.

    Signing Key Alias

    The alias name of the signing key in the keystore file.

    Encryption Key Alias

    The alias name of the encryption key used to encrypt the SAML assertions from the identity provider. The metadata of this encryption key is imported into the IdP.

    For information related to decrypting SAML assertions, see SAML 2.0 authentication.

  5. On the Admin Authentication tab, click Add Authentication to configure the authentication type for administrators.

    Field
    Authentication Type
    The types of authentication for administrators.
    • Internal—Select this option to authenticate internal administrators. You can specify Internal authentication type only once. To add an internal administrator, see Setting up Remedy SSO administrator accounts.
    • LDAP—Select this option to authenticate external administrators and enter the details given following rows for getting administrators from the LDAP server. You can define LDAP authentication multiple times for authentication chaining.
    Server Host

    Host name of the LDAP server. You can specify more than one LDAP servers by providing a comma separated list of servers. If the first server is unavailable, Remedy SSO server switches to the second one and so on.

    Server PortPort number for the LDAP server, such as 389.
    Bind DN

    The distinguished name (DN) of a bind LDAP user, such as CN=Administrator,CN=Users,DC=example,DC=com.

    This user must have privileges to search the directory.

    Bind Password

    Enter the password for bind LDAP user.

    Users Base DN

    Enter the starting location within the LDAP directory for performing user searches. For example, CN=Users,DC=example,DC=com.

    User Search Filter

    Enter the LDAP query to search for the user to be authenticated who has rights to use the admin resources in Remedy SSO.

    The user login ID is specified by $ADMIN$ keyword. For example - (&(objectCategory=user)(sAMAccountName=$ADMIN$)(memberof=CN=RSSOAdmin,OU=Users,DC=example,DC=com)).

    Identity Attribute

    Enter the LDAP attribute to be used as the login ID of the administrator. For example, sAMAccountName.

  6. Click Add to chain to add the admin authentication to the authentication chain.
  7. (Optional) Click arrow up or arrow down buttons to move the added authentication to a desired place in the authentication chain.
  8. Click Save.

Related videos

Watch the video on how to manage SSL Certificates with SSL offloading.



 https://www.youtube.com/watch?v=jFbKpzJX4pk?rel=0

Was this page helpful? Yes No Submitting... Thank you

Comments