23.1 enhancements and patches

Review the BMC Helix Single Sign-On 23.1 enhancements and patches for features that will benefit your organization and to understand changes that might impact your users.

For updates and enhancements in the previous release and its patches, see 22.4 enhancements and patches.

BMC applies upgrades as described in the BMC Helix Upgrade policy Open link . BMC applies upgrades and patches during Maintenance windows Open link .

(On premises only) Downloading and installing the patch

See Deploying BMC Helix common services for BMC Helix IT Service Management Open link and Deploying BMC Helix IT Operations Management Open link .


Verify access for an integrated BMC application

Administrators can perform a Transmission Control Protocol (TCP) health check to verify whether an integrated BMC application can be accessed by the BMC Helix SSO server. By selecting one of the following TCP connection types, the administrator can review the logs and troubleshoot integration issues:

  • Plain — Non-TLS connection
  • Encrypted insecure — TLS connection without certificate verification
  • Encrypted secure — TLS connection with certificate verification

For more information, see Setting up tenants

What else changed in this release 23.1.01

In this release, note the following significant changes in the product behavior:


Product behavior in versions earlier than 23.1.01

Product behavior in version 23.1.01 and later

UI elements in the BMC Helix SSO Admin Console were renamed, and the display order was changed.

The following UI elements are present in the BMC Helix SSO Admin Console and they are titled as RSSO Settings section, OAuth2 Configuration section, and OpenID Connect tab.

The following headers are displayed on the OAuth2 tab page: List of Tokens, List of JWKs, List of Clients.

The UI elements were renamed accordingly:

  • RSSO Settings to SSO settings
  • OAuth2 Configuration section to OAuth2 and OpenID Configuration
  • OpenID Connect tab to JWKs

For more information, see Enabling self-service for tenant administrators.

Additional changes:

  • The OpenID Connect Issuer URL section was moved up, before Access Token Timeout.
  • The List of Tokens, List of JWKs, and List of Clients table headers were removed.

For more information, see Configuring infinite user sessions.

What else changed in this release 23.1

In this release, note the following significant changes in the product behavior:


Product behavior in versions earlier than 23.1

Product behavior in version 23.1 and later

Extended audit events for the SAML 2.0 authentication

When an administrator updated or created SAML templates within a realm, an audit reflected these actions as RSSO_CONFIG_CHANGED.

When an administrator updates or creates SAML templates within a realm, these actions are distinctively recorded as SAML_TEMPLATE_UPDATED and SAML_TEMPLATE_CREATED, which simplifies troubleshooting. For more information, see Reviewing audit records.

Custom response HTTP headers issued by the OAuth 2.0 client

When users were trying to open a BMC application in an iframe, they saw Content Security Policy (CSP) errors. For example, a user logged in to BMC Helix Digital Workplace who wanted to open BMC Helix Virtual Agent, but received an error.

An administrator can enable the CSP Headers setting for a tenant. After that, the user can add custom CSP headers, values, and origins to the OAuth client. Custom headers help end users access BMC applications through iframes without CSP errors; therefore, users can seamlessly open BMC Helix Virtual Agent from BMC Helix Digital Workplace.

For more information about the CSP Headers feature, see Setting up tenants.

For more information about configuring custom headers in the OAuth 2.0 response, see Configuring OAuth 2.0.

Was this page helpful? Yes No Submitting... Thank you