This documentation supports the 19.11 version of BMC Remedy Single Sign-On, which is available only to BMC Helix subscribers (SaaS).

To view an earlier version, select the version from the Product version menu.

Configuring general settings for a realm

When you are in the process of adding a realm for any authentication type, the first thing you need to do is to configure the general details of a realm.

The following table describes realm settings on the General tab that you need to configure:

FieldAction

Realm ID

Enter a realm name. The value that you enter must satisfy the following requirements:

  • Must be a unique value
  • Must not be more than 80 characters
  • Must include only alphanumeric characters
  • Can contain the following special symbols:
    • asterisk ( * )
    • dot ( . )
    • underscore ( _ )
    • dash ( - )
    Note: The realm ID stored in the Remedy SSO database is case-insensitive. So, for example, you cannot create a realm called "Cola" if a realm "cola" already exists.
Application Domain(s)

Enter comma-separated domain names of applications integrated with Remedy SSO. Each value in the application domain is a host of an application URL of a tenant. For example, if the URL for the Mid Tier application is http://tenant1.midtier.company.com/arsys, the host will be tenant1.midtier.company.com.

Ensure that all applications of a tenant have a corresponding value in the application domain string. For example, consider that you created realm1 for a tenant that has two applications with the following URLs:

  • Mid Tier URL as http://tenant1.midtier.company.com/arsys
  • BMC Digital Workplace URL as http://tenant1.dwp.company.com/ux/dwpapp

In this scenario, for realm1, the application domain value will be a comma-separated string of tenant1.midtier.company.com and tenant1.dwp.company.com.

You can define the application domain by using one of the following patterns:

  • Subdomain of an application
  • Host name + subdomain of an application
  • Host name

Example:

<hostname>.calbro.bmc.com is a fully qualified domain name.

calbro is a subdomain of bmc.com

bmc is a subdomain of com

com is the parent domain.

Notes:

  • You must not add a domain to more than one realm.
  • The Application Domains field does not accept uppercase characters; every entry is automatically transformed to lowercase characters.

Tenant

(Optional)

Enter a tenant name of the integrated applications.

Note: You can associate a realm with only one application tenant.

After Logout URL

(Optional)

Enter the URL to which a user is redirected after the user logs out from Remedy SSO.

Single Log Out

(Optional)

Select this check box to enable the single logout option for end users.

When the single logout experience is enabled, if an end user clicks the logout URL in one application, the user is automatically logged out from the Remedy SSO server and, as a result, from all applications belonging to his realm.

When the single logout experience is disabled, if an end user clicks the logout URL in one application, the user is still logged in to Remedy SSO server if the user is simultaneously logged in to at least one application.

For more information about the logout experience for end users, see Logon and logoff experience for end users.

Session Quota

For security reasons, you might need to configure the number of active sessions or simultaneous logins for a particular realm. You can also decide whether to invalidate an older session or not allow the user to log in to a new session and display an error message.

In this field, you can enter the number of active sessions or simultaneous logins for a particular user.

Enter one of the following values:

  • 0—Allow multiple simultaneous logins, that is, any number of logins are allowed.
    Note: This is the default value, so that after an upgrade, there is no restriction on the number of simultaneous logins.
  • 1—Only one login session is allowed for the user.
  • Any other value other than 0 or 1—Only those number of session logins will be allowed for the user.

Note: If you select the Automatically invalidate oldest session on reaching quota checkbox, and if a user exceeds the number of logins, the user can log in, but will get logged out from the oldest session. If you do not select this option, the user cannot log in to any session beyond the entered value and the following error message is displayed: Exceeded session quota limit.

Was this page helpful? Yes No Submitting... Thank you

Comments