9.1.01: Service Pack 1
Remedy Single Sign-On (Remedy SSO) 9.1 Service Pack 1 introduces new authentication methods and enhanced security features. The following table provides information about fixes and updates in this service pack and provides instructions for downloading and installing the service pack.
|Updates in Service Pack 1||For information about new features added to Remedy SSO in Service Pack 1, see Enhancements.|
|Known and corrected issues||For information about issues corrected in this Service Pack 1, see|
|Downloading the service pack||For download instructions, see Downloading the installation files.|
|Installing the service pack|
For information about installing and upgrading the Service Pack 1, see
The 9.1 Service Pack 1 provides the following enhancements for Remedy SSO:
The 9.1 Service Pack 1 introduces Single Sign-On authentication using Kerberos. If the system is configured for Kerberos authentication, you can log on to the system transparently without providing the credentials. For more information, see Kerberos authentication process.
Certificate-based authentication for CAC, PIV, and Smart Cards
The 9.1 Service Pack 1 introduces certificate-based authentication that supports authentication performed using CAC, PIV, and Smart Cards. You can now use a CAC card to log on to Remedy SSO without providing the log on credentials. For more information, see.
LDAP authentication with SASL
The 9.1 Service Pack 1 supports LDAP v3 authentication with selected SASL mechanism. LDAP v3 prot ocol supports SASL to enable pluggable authentication that does not require the hard coding of the authentication method into the protocol.
Remedy SSO supports the following SASL mechanisms:
- DIGEST-MD5 (RFC 2831)
- GSSAPI (RFC 2222)
For more information, see LDAP authentication process.
- The out-of-the box SAML keystore cot.jks file is not included in the installation anymore. SAML keystore file, keystore password, and signing key certificate alias are now configurable through the Admin console instead of being hard coded. For more information about setting the SP signing certificate, see Setting SP signing certificate for SAML authentication.
- All passwords in Remedy SSO such as LDAP bind password, Kerberos SPN password, and keystore password are AES encrypted.
- Encryption key rotation is supported. For more information about changing the encryption key, see Changing encryption key after upgrading Remedy SSO.
- Admin user password that is stored in the database is PBKDF2 hashed.