This documentation supports the 19.11 version of BMC Remedy Single Sign-On, which is available only to BMC Helix subscribers (SaaS).

To view an earlier version, select the version from the Product version menu.

Configuring LDAP authentication

You can configure Remedy SSO server to authenticate end users through the Lightweight Directory Access Protocol (LDAP). You can also configure LDAP authentication for external administrators, see Configuring Remedy SSO server for details.

Remedy SSO supports strong LDAP bind with Simple Authentication and Security Layer (SASL). In SASL, a challenge-response authentication protocol enables data exchange between the client and the server. Data exchange supports authentication and establishes a security layer for communications.

LDAP v3 also uses SASL for pluggable authentication. By using pluggable authentication, you can select an authentication mechanism that enables a strong bind. For example, a mechanism such as External with SSL and client certificate establishes a strong bind. The mechanism gets the client certificate from the client (browser), and passes it to Remedy SSO server. The client certificate is then used to create an SSL connection to the LDAP server.

Remedy SSO supports providing additional information about LDAP users and groups. The additional information can be used by an integrated application such as BMC Atrium Orchestrator for administration and authorization.

Note

Remedy SSO does not follow LDAP referrals. 

Related blogs in BMC Communities

Single Sign-On LDAP authentication



Before you begin

  • Add a realm for LDAP authentication. For information about how to add a realm, see Adding and configuring realms.
  • You must have the LDAP server configured.
  • If you plan to use SASL, you must set up the service provider (SP) similar to that of SAML.
  • If you want to use TLS/SSL connection to the LDAP server, import the LDAP server certificates (cacerts) to the truststore (JavaHome \jre\lib\security) of the Apache Tomcat used by the Remedy SSO server. Import the certificates by using third-party utilities such as Keystore explorer .

  • Obtain the following information from the LDAP administrator:
    • Host name of the LDAP server
    • Port number of the LDAP server
    • Distinguished name of the bind LDAP user
    • Password of the bind LDAP user
    • Starting location within the LDAP directory for performing user searches
    • User attribute on which search is performed.
  1. (Optional) Click Test to verify the settings.

Related videos

Watch the video on how to configure LDAP in Remedy SSO.



 https://www.youtube.com/watch?v=ClbpS_acLuQ?rel=0

Where to go from here

To enable authentication chaining mode for the realm, see Configuring authentication chains.

To enable AR for bypassing authentication, see Enabling AR authentication for bypassing other authentication methods.

To transform the User ID value, see Transforming User ID to match Login ID.

Was this page helpful? Yes No Submitting... Thank you

Comments