Configuring the Remedy SSO server after upgrade
After you upgrade Remedy Single Sign-On, perform the tasks described in this topic.
Task 1: Update the web.xml file
If before upgrade you modified the original web.xml located in <RSSO Tomcat>\webapps\rsso\WEB-INF folder on the Remedy SSO server, then update the upgraded file with your custom settings.
Task 2: Kill an active login session to Remedy SSO Admin Console
As an administrator of Remedy SSO, you must log out from the Remedy SSO Admin Console and log in again.
You need to perform this step if you had an active login session before upgrade, and it remained valid after upgrade.
Note
This task needs to be performed by all Remedy SSO administrators.
Task 3: Update SAML SP metadata template
If the Remedy SSO server had realms configured for SAML authentication before upgrade, you must reconfigure the SAML authentication settings.
Log in to Remedy SSO Admin Console.
- Navigate to Realm > Authentication, and select SAML type of authentication.
For all realms with SAML type of authentication, update the SP metadata template. To access the edit mode of the SP metadata, in the Template section, click Edit.
The following template is the original SP metadata template:
SP metadata template<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <EntityDescriptor entityID="%%ISSUER%%" xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> <SPSSODescriptor AuthnRequestsSigned="%%SIGN_REQUEST%%" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <KeyDescriptor use="signing"> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <X509Data> <X509Certificate>%%CERTIFICATE_DATA%%</X509Certificate> </X509Data> </KeyInfo> </KeyDescriptor> <KeyDescriptor use="encryption"> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <X509Data> <X509Certificate>%%ENC_CERTIFICATE_DATA%%</X509Certificate> </X509Data> </KeyInfo> </KeyDescriptor> <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings: HTTP-POST" Location="%%LOGOUT_REQUEST%%" ResponseLocation="%%LOGOUT_RESPONSE%%" /> <NameIDFormat>%%NAMEIDFORMAT%%</NameIDFormat> <AssertionConsumerService index="0" isDefault="true" Binding="urn:oasis:names:tc: SAML:2.0:bindings:HTTP-POST" Location="%%CONSUMER%%" /> </SPSSODescriptor> </EntityDescriptor>
If you enabled the IdP initiated single logout feature, include the following information in the SP metadata template after the
<AssertionConsumerService>
tag:<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="%%LOGOUT_REQUEST%%" ResponseLocation="%%LOGOUT_RESPONSE%%" />
Location
is the endpoint for the identity provider to send the logout request. For example, https://access.xyz.com:8443/rsso/receiver/Saml.Respon
seLocation
is the endpoint for the identity provider to send the logout response after getting the logout request from Remedy SSO. For example, https://access.xyz.com:8443/rsso/receiver/Saml.
To sign up the SP metadata, update the following tag:
<EntityDescriptor entityID="%%ISSUER%%" xmlns="urn:oasis:names:tc:SAML:2.0:metadata" %%METADATA_ID%%>
On the identity provider side, update the Remedy SSO (SP) metadata .
Task 4: Configure the Digital Service Management page to show applications
Note
Perform this task if you upgrade Remedy SSO from a version earlier than 19.08.
If before upgrade of Remedy SSO, some of the realms had the Tenant field configured, users who belong to these realms, after upgrade will not see these applications from the domain associated with these realms.
Where to go from here
When you have configured Remedy SSO after upgrade, you can check if the upgrade was successful. For information about how to do this, see Verifying the installation.
Comments
Log in or register to comment.