×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')

Unsupported content

 

This version of the product is in limited support. However, the documentation is available for your convenience. You will not be able to leave comments.
Remedy Single Sign-On 19.08 Upgrading

Configuring the Remedy SSO server after upgrade

After you upgrade Remedy Single Sign-On, perform the tasks described in this topic.

Related topics

Preparing for upgrade

Performing the upgrade

To configure the Remedy SSO server after upgrade

  1. If before upgrade you modified the original web.xml located in <RSSO Tomcat>\webapps\rsso\WEB-INF folder on the Remedy SSO server, then update the upgraded file with your custom settings.

  2. If your system had realms configured for SAML authentication, reconfigure the SAML authentication settings.

  3. If your system had the Tenant field configured for some of the realms,  configure the Digital Service Management page to show applications.

To update SAML SP metadata template

  1. Log in to Remedy SSO Admin Console.

  2. Navigate to Realm > Authentication, and select SAML type of authentication.

  3. For all realms with SAML type of authentication, update the SP metadata template. To access the edit mode of the SP metadata, in the Template section, click Edit

    The following template is the original SP metadata template:

    SP metadata template 
    <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<EntityDescriptor entityID="%%ISSUER%%" xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
    <SPSSODescriptor AuthnRequestsSigned="%%SIGN_REQUEST%%" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
        <KeyDescriptor use="signing">
            <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
                <X509Data>
                    <X509Certificate>%%CERTIFICATE_DATA%%</X509Certificate>
                </X509Data>
            </KeyInfo>
        </KeyDescriptor>
        <KeyDescriptor use="encryption">
            <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
                <X509Data>
                    <X509Certificate>%%ENC_CERTIFICATE_DATA%%</X509Certificate>
                </X509Data>
            </KeyInfo>
        </KeyDescriptor>
        <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings: HTTP-POST" Location="%%LOGOUT_REQUEST%%" ResponseLocation="%%LOGOUT_RESPONSE%%" />
        <NameIDFormat>%%NAMEIDFORMAT%%</NameIDFormat>
        <AssertionConsumerService index="0" isDefault="true" Binding="urn:oasis:names:tc: SAML:2.0:bindings:HTTP-POST" Location="%%CONSUMER%%" />
    </SPSSODescriptor>
</EntityDescriptor>

    1. If you enabled the IdP initiated single logout feature, include the following information in the SP metadata template after the <AssertionConsumerService> tag:

      <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="%%LOGOUT_REQUEST%%" ResponseLocation="%%LOGOUT_RESPONSE%%" />


      • Location is the endpoint for the identity provider to send the logout request. For example, https://access.xyz.com:8443/rsso/receiver/Saml.
      • ResponseLocation is the endpoint for the identity provider to send the logout response after getting the logout request from Remedy SSO. For example, https://access.xyz.com:8443/rsso/receiver/Saml.

    2. To sign up the SP metadata, update the following tag:

      <EntityDescriptor entityID="%%ISSUER%%" xmlns="urn:oasis:names:tc:SAML:2.0:metadata" %%METADATA_ID%%>

  4. On the identity provider side, update the Remedy SSO (SP) metadata .

To configure the Digital Service Management page to show applications

If before upgrade of Remedy SSO, some of the realms had the Tenant field configured, users who belong to these realms, after upgrade will not see these applications from the domain associated with these realms.
If you want to preserve the behavior before upgrade, you must configure the Tenant field on the Launchpad page for these applications. For information about how to do this, see Adding applications to the Digital Service Management page.

Where to go from here

When you have configured Remedy SSO after upgrade, you can check if the upgrade was successful. For information about how to do this, see Verifying the installation.

Was this page helpful? Yes No Submitting... Thank you
Last modified by Olga Kutetska on Mar 23, 2020
upgrade task

Comments

Log in or register to comment.

Performing the upgrade
Migrating from BMC Atrium Single Sign-On to Remedy Single Sign-On
© Copyright 1991 – 2019 BMC Software, Inc.
© Copyright 1991 – 2019 BladeLogic, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.