This documentation supports the 9.1 version of Remedy Single Sign-On.

To view the latest version, select the version from the Product version menu.

9.1.01: Service Pack 1

Remedy Single Sign-On (Remedy SSO) 9.1 Service Pack 1 introduces new authentication methods and enhanced security features. The following table provides information about fixes and updates in this service pack and provides instructions for downloading and installing the service pack.

Updates in Service Pack 1For information about new features added to Remedy SSO in Service Pack 1, see Enhancements.
Known and corrected issuesFor information about issues corrected in this Service Pack 1, see Known and corrected issues.
Downloading the service packFor download instructions, see Downloading the installation files.
Installing the service pack

For information about installing and upgrading the Service Pack 1, see:


The 9.1 Service Pack 1 provides the following enhancements for Remedy SSO:

Kerberos authentication

The 9.1 Service Pack 1 introduces Single Sign-On authentication using Kerberos. If the system is configured for Kerberos authentication, you can log on to the system transparently without providing the credentials. For more information, see Kerberos authentication process.

Certificate-based authentication for CAC, PIV, and Smart Cards

The 9.1 Service Pack 1 introduces certificate-based authentication that supports authentication performed using CAC, PIV, and Smart Cards. You can now use a CAC card to log on to Remedy SSO without providing the log on credentials. For more information, see the section Configuring Remedy SSO for certificate-based authentication in Certificate-based authentication process.

LDAP authentication with SASL

The 9.1 Service Pack 1 supports LDAP v3 authentication with selected SASL mechanism. LDAP v3 prot ocol supports SASL to enable pluggable authentication that does not require the hard coding of the authentication method into the protocol.

Remedy SSO supports the following SASL mechanisms:

    • DIGEST-MD5 (RFC 2831)
    • GSSAPI (RFC 2222)

For more information, see LDAP authentication process.

Security enhancements

  • The out-of-the box SAML keystore cot.jks file is not included in the installation anymore. SAML keystore file, keystore password, and signing key certificate alias are now configurable through the Admin console instead of being hard coded. For more information about setting the SP signing certificate, see Setting SP signing certificate for SAML authentication.
  • All passwords in Remedy SSO such as LDAP bind password, Kerberos SPN password, and keystore password are AES encrypted.
  • Encryption key rotation is supported. For more information about changing the encryption key, see Changing encryption key after upgrading Remedy SSO.
  • Admin user password that is stored in the database is PBKDF2 hashed.

Was this page helpful? Yes No Submitting... Thank you