This topic provides information about enhancements in Remedy Single Sign-On (Remedy SSO) version 9.1.04 and instructions for downloading and installing version 9.1.04.
|Enhancements in version 9.1.04||For information about enhancements in this release, see Enhancements.|
|Known and corrected issues|
For information about issues corrected in this version, see Known and corrected issues.
|Downloading version 9.1.04||For download instructions, see Downloading the installation files.|
|Installing or upgrading version 9.1.04||For information about installing version 9.1.04, see Installing or upgrading version 9.1.04.|
Version 9.1.04 provides the following enhancements:
Implementing OAuth 2.0 protocol
OAuth 2.0 is an authorization framework for third-party applications. On behalf of a end user, third-party applications use OAuth 2.0 to get limited access to an HTTP service, for example, a BMC application. The end user does not share the end-user credentials, but only authorizes the third-party application to access the HTTP service.
When third-party applications access the end user's resources, it could result in issues, such as compromising of passwords and resources. OAuth addresses these issues by introducing an authorization layer and separating the role of the client from that of the resource owner. In OAuth, the client requests access to resources controlled by the resource owner and hosted by the resource server, and is issued a different set of credentials than those of the resource owner.
For more information, see Configuring OAuth 2.0.
Authenticating using OpenID Connect
OpenID Connect, an authentication method is built on top of the OAuth 2.0 protocol and implements authentication as an extension to the OAuth 2.0 authorization process. The primary extension that OpenID Connect makes to OAuth 2.0 to enable end users to be authenticated is the ID Token data structure. The ID Token is a security token that contains claims about the authentication of an end user by an authorization server when using a client, and potentially other requested claims. The ID Token is represented as a JSON Web Token (JWT).
OpenID enables clients to verify the identity of the end user based on the authentication performed by an authorization server, as well as to obtain basic profile information about the end user in an interoperable and REST-like manner. OpenID benefits mobile device authentication and cloud based services.
For more information, see Configuring OpenID Connect authentication.
Integrating with BMC TrueSight Presentation Server
Remedy Single Sign-On (Remedy SSO) can now be integrated with BMC TrueSight Presentation Server. The TrueSight Presentation Server integrates with Remedy SSO to authenticate the TrueSight products that are registered with the Presentation Server. After registering Remedy SSO with the Presentation Server, you can configure some of the Remedy SSO settings from the TrueSight console.
For more information, see Integrating Remedy SSO with BMC TrueSight Presentation Server.
Integrating with Innovation Suite
Changing the redirection code
Starting from version 9.1.04, Remedy SSO agent uses the
401 Unauthorized HTTP response code for redirection to Remedy SSO server. In addition, Remedy SSO agent also returns an HTML page with a form that is automatically redirected to the Remedy SSO server.
In previous versions, the redirection code 302 was used.
Enhancing support for load balancer
Remedy SSO supports the X-Forwarded-Proto and X-Forwarded-Host headers that might be sent by the load balancer with a request. Remedy SSO considers that information from headers while generating a login URL (pointing to Remedy SSO server) for the end user.