This documentation supports the 19.11 version of BMC Remedy Single Sign-On, which is available only to BMC Helix subscribers (SaaS).

To view an earlier version, select the version from the Product version menu.

Configuring the Remedy SSO agent to enable end users to change their passwords

Remedy SSO supports a server-side action of changing end user passwords on behalf of Remedy AR System server integrated with Remedy SSO.

Related topics

Remedy SSO agent


Troubleshooting authentication issues

SSL/TLS Configuration How-To Open link

How the action support feature works

As client applications interact with Remedy SSO through the Remedy SSO agent, the agent is provided with the mechanism of changing the end user password by using the action support feature. 

The Remedy SSO agent defines the action by using the predefined URL path mask. The default action path mask is /_rsso/. The following setting is enabled by default in the configuration file:


After identifying the action, the Remedy SSO agent redirects the server-side action to Remedy SSO server with the 401 or 200 status code and an auto-post HTML form.

  • 401 code indicates that the user is not authenticated
  • 200 code indicates that the user is authenticated. 

The auto-post HTML issues the HTTP POST request with the URL and action parameters in the request body.

All server-side actions get similar parameters that are provided for a basic login operation (currently covered by the /rsso/start servlet). The parameters  support all Remedy SSO agent-based features such as Multi-Service Providers (MSPs) and preauthentication.

Before you begin

The server-side action handlers must be configured to dynamically match the action name. Hence the action handler must be added as the class, matching the action name to the class attribute.

To configure the integrated application for using the allow password change action

As an administrator of an integrated application, you can build a URL to include it in the email that is triggered to the user to change their password.

The URL should have the following format: /_rsso/server/<action-path>/<action-name>?<action-params>, where:  

_rsso is the action-path-mask defined on the Remedy SSO server

<action-path> allows the grouping of some actions by categories - is optional

<action-name> is the name of a server-side action 

Thus, a URL could look like the following:

Was this page helpful? Yes No Submitting... Thank you