This documentation supports the 9.1 version of Remedy Single Sign-On.

To view the latest version, select the version from the Product version menu.

Manually integrating Remedy SSO with Remedy applications

You can integrate Remedy Single Sign-On (Remedy SSO) to work with the following applications:

  • BMC Remedy AR System
  • BMC Remedy Mid Tier
  • BMC Innovation Suite
  • BMC SmartIT
  • BMC Digital Workplace
  • BMC Analytics
  • BMC TrueSight Presentation Server

The following sections provide the detailed information:

Prerequisites

Before setting up Remedy SSO, verify that the following prerequisites are met:

  • Installation of JRE version 1.7 and later is installed, and JVM_HOME variable is appropriately set.
  • Installation of Tomcat.
  • Turn on the Tomcat auto-deployment feature or you should know how to deploy the war-files manually.
  • Starting from version 9.1.02, JBOSS is supported to deploy the Remedy SSO agent. An application such as Mid Tier deployed on JBOSS can be integrated with Remedy SSO agent manually.

Setting up Remedy SSO

Installation of Remedy SSO comprises the following stages:

  1. Configure Remedy SSO web server
  2. Configure Remedy SSO web server with database

Integrate Remedy SSO with BMC applications

Perform the following processes to integrate Remedy SSO with BMC applications :

The table below provides the steps to execute for each stage.

StageActionSteps
Remedy SSO manual installation
1.

Configure BMC Remedy SSO web server

  1. Install Tomcat.

  2. Delete all content except the index page in the ROOT directory.

  3. Deploy rsso.war to <Tomcat>/webapps/rsso folder.

Note: Refer Security Planning for configurations related to security requirements.

2.

Configure Remedy SSO web server with database

  1. Set up the database.
    For more information about setting up the database, see Manually configuring database for Remedy SSO . 
  2. Go to the Remedy SSO Tomcat folder and stop Tomcat.
  3. Edit <Tomcat>/webapps/rsso/WEB-INF/classes/database.properties and set the value of database-type property to Oracle, PostgreSQL, or MsSql according to the database used.   

  4. Edit <Tomcat>/webapps/rsso/META-INF/context.xml and set the following parameters based on the values that you used for setting up the database:

    PropertyValue
    url

    Value of the jdbc URL to access the Remedy SSO database as follows:

    For MsSQL, use the following format:

     Version 9.1.01

    jdbc:sqlserver:// <DBServerHostName>:<Port> ;instanceName= <instanceName> ;databaseName=<databaseName>
    Example, jdbc:sqlserver://AMS3-SQ-DEV01:1433;instanceName=DEV01;databaseName=whthat_dev_ar

     Versions earlier than 9.1.01

    jdbc:jtds:sqlserver://<DBServerHostname>:<port>/< databaseName >;instance=<instanceName>
    jdbc:jtds: sqlserver://MA-SQL-SERVER001:1433/whitehat_rsso;instance=MSSQLSERVER


    For Oracle, use the following format:

    jdbc:oracle:thin:@[host][:port]:SID
    Example, jdbc:oracle:thin:@localhost:1521:XE

    For PostgreSQL,use the following format:

    jdbc:postgresql://[host]:[port]/[database]

    example, jdbc:postgresql://localhost:5432/rsso
    usernameValue of the database user name.
    password

    Value of database user password with the following format.

    AES:{encrypted-password} where {encrypted-password} is the encrypted password.

    To generate an encrypted password:

    1. Open the command line window.

    2. Change the path to <Tomcat>/rsso/WEB-INF/lib.

    3. Run the following command.

      java -jar rsso-ds-9.1.04.jar -cp <Tomcat>/rsso/WEB-INF/classes <message-to-encrypt>

        Note: The name of this jar depends on the version number.

    driverClassName

    Value of the driver class name as follows:

    For MS SQL version 9.1.04, use:
    MsSql: com.microsoft.sqlserver.jdbc.SQLServerDriver

    For MS SQL version 9.1 and earlier, use:
    MsSql: net.sourceforge.jtds.jdbc.Driver


    For Oracle, use:
    Oracle: oracle.jdbc.driver.OracleDriver


    For PostgreSQL, use:

    org.postgresql.Driver 

  5. Copy the following jdbc driver libraries to <Tomcat>/lib folder:
    Version 9.1.01 and later:

     Version 9.1.01 and above

    * sqljdbc4-4.0.jar

    * ojdbc6-11.2.0.2.0.jar

    * postgresql-9.4.1207.jre7.jar

  6. Restart Tomcat.
Remedy SSO manual integration with BMC applications

Integrate with BMC Remedy AR System Server

  1. Make sure the required AREA settings (<AR>/Conf/ar.cfg) are set up on the arserver (can be set from the Server Information form > EA tab).
    External-Authentication-RPC-Socket: 390695
    Authentication-Chaining-Mode: 1
    Crossref-Blank-Password: T
  2. Copy rsso.cfg from rsso-area-plugin into <AR>/Conf.
  3. In rsso.cfg, change the value of the following line to your Remedy SSO server service url:
    SSO-SERVICE-URL: <rsso_service_url>
  4. Copy rsso-area-plugin-all.jar file from rsso-area-plugin into <AR>/pluginsvr directory.
  5. Copy gson-2.3.1.jar from lib into <AR>/pluginsvr directory.
  6. Edit <AR>/pluginsvr/pluginsvr_config.xml and add RSSO AREA plug-in with the following snippet.
    Note: Must be within the <plugins> section of the file. Replace {AR} with corresponding
    path
    .
     
    <plugin>
    <name>ARSYS.AREA.RSSO</name>
    <classname>com.bmc.rsso.plugin.area.RSSOPlugin</classname>
    <pathelement type="location">{AR}/pluginsvr/rsso-area-plugin-all.jar</pathelement>
    <pathelement type="location">{AR}/pluginsvr/gson-2.3.1.jar</pathelement>
    <userDefined>
    <configFile>{AR}/Conf/rsso.cfg</configFile>
    </userDefined>
    </plugin>
  7. Restart BMC AR System Server.

Integrate with BMC Remedy MidTier

  1. Stop Midtier/Tomcat service.

    For configuring the Authenticator:
  2. Edit the following lines in config.properties (<MT>/WEB-INF/classes) to use the RSSOAuthenticator:
    arsystem.authenticator=com.bmc.rsso.plugin.authenticator.RSSOAuthenticator
  3. Copy rsso-authenticator-plugin-all.jar from rsso-authenticator-plugin to <MT>/WEB-INF/lib.

    For configuring the Web Agent:
  4. Copy rsso-agent-all.jar from /rsso-agent into <MT>/WEB-INF/lib.
  5. Copy and modify the following file into <MT>/WEB-INF/classes
    /rsso-agent/rsso-agent.properties

    If Remedy SSO is in a cluster, both sso-external-url and sso-service-url should be a Load Balancer (LB) URL. For example, https://solqa-rsso.bmc.com/rsso and internal IP of LB should be mapped to the hostname in hosts file on midtier machine.
    If it is a standalone Remedy SSO, sso-external-url must be an https URL, for example, https://my-rsso.bmc.com/rsso and sso-service-url is recommended to be an http URL, for example, http://my-rsso.bmc.com/rsso.
    Note that sso-external-url is a public user-faced URL exposed for end-users for authentication. It is recommended to use https connection.


    Note: The 'agent-id' property value in rsso-agent.properties file should be a unique identifier, but should be same on all nodes in a MidTier cluster. It is recommended to set its value to a simple identifier instead of a HTTP URL. For example, agent-id=midtier_agent.
  6. Edit <MT>/WEB-INF/web.xml and add RSSO filter configuration.
    Note: Disable Atrium SSO filter if it exists in web.xml by commenting it.

    <filter>

        <filter-name>RSSOFilter</filter-name>
        <filter-class>com.bmc.rsso.agent.RSSOFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>RSSOFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    <listener>
    <listener-class>com.bmc.rsso.agent.RSSOListener</listener-class>
    </listener>
     
  7. Copy the rsso-agent/rsso-log.cfg file to <MT>/WEB-INF/classes.
  8. Copy gson-2.3.1.jar from lib into <MT>/WEB-INF/lib  
  9. Restart Midtier/Tomcat.

Integrate with Innovation Suite / Configuration Manager dashboard (CMDB 9.1.04 Atrium Core)

Prerequisites: Perform the steps mentioned in Integrate with BMC Remedy AR System Server

  1. Stop AR server.
    %ISInstalledDirectory%/bin/arsystem stop
  2. Add the rsso-agent.properties file.

      • Locate the following file inside the Remedy SSO distributive.

        %RSSODistr%/BMCRemedySSO/Disk1/files/rsso-agent/rsso-agent.properties

      • Define the following Remedy SSO properties.
        agent-id=Gibraltar
        sso-external-url=http://%RSSOServerName%:%RSSOServerPort%/rsso
        sso-service-url=http://%RSSOServerName%:%RSSOServerPort%/rsso
        logout-urls=/api/rx/sso-logout
      • Add the following text at the end of the excluded-url-pattern:
        /api/jwt/login*

        For example:
        excluded-url-pattern=.*\\.xml|.*\\.gif|.*\\.css|.*\\.ico|/shared/config/.*|/WSDL/.*|/shared
        /error.jsp|/shared/timer/.*|/shared/login_commn.jsp|/shared/view_form.jsp|/shared/ar_url_encoder.jsp|
        /ThirdPartyJars/.*|/shared/logout.jsp|/shared/doc/.*|/shared/images/.*|/shared/login.jsp|
        /services/.*|/shared/file_not_found.jsp|/plugins/.*|/shared/wait.jsp|/servlet/GoatConfigServlet|
        /servlet/ConfigServlet|/shared/HTTPPost.class|/shared/FileUpload.jar|/BackChannel.*|/servlet/LicenseReleaseServlet.*/api/jwt/login*

      • Copy the modified file to the next location %ISInstalledDirectory%/conf

  3. Add rsso-log.cfg file.

    • Locate file inside Remedy SSO distributive.
      %RSSODistr%/BMCRemedySSO/Disk1/files/rsso-agent/rsso-log.cfg

      Modify the contents of the rsso-log.cfg file. Sample example below:
      rsso.log.name.format=rsso.%g.log
      rsso.log.level=INFO
      rsso.log.roll=10
      rsso.log.limit=10485760
      rsso.log.dir=/opt/bmc/ars/arsystem/db
    • Copy the modified file to the next location %ISInstalledDirectory%/conf

  4. Update %ISInstalledDirectory%/bin/arserverd.conf.

    Add the following line right after JVM 1.7 parameters (line, starting with jvm.option.17).

    jvm.option.18=-Drsso.log.cfg.file=%ISInstalledDirectory%/conf/rsso-log.cfg

    Note: arserverd.conf may contain arbitrary number of jvm.option.xx lines initially. So, the general approach is to append the new one jvm.option.xx+1 with specified value after the last jvm.option.xx line.

  5. Copy the following JAR file:

    • rsso-agent-osgi.jar

      From: %RSSODistr%/BMCRemedySSO/Disk1/files/rsso-agent/rsso-agent-osgi.jar

      To: %ISInstalledDirectory%/deploy

  6. Start the AR server.
    %ISInstalledDirectory%/bin/arsystem start

Integrate with BMC SmartIT or BMC Digital Workplace

  1. Stop SmartIT/BMC Digital Workplace Tomcat service.
  2. Copy rsso-agent-all.jar from rsso-agent to the following folder:

     MyIT versions 3.1 and later

    <MyIT_Tomcat>/external-conf/lib

     MyIT versions earlier than 3.1

    <SMART_IT_MYIT>/Smart_IT_MyIT/ux/WEB-INF/lib


  3. Copy the rsso-agent/rsso-agent.properties file into the following folder and modify the file.

     MyIT versions 3.1 and later

    <MyIT_Tomcat>/external-conf/

     MyIT versions earlier than 3.1

    <SMART_IT_MYIT>/Smart_IT_MyIT/ux/WEB-INF/classes


    Note:
    The configuration in rsso-agent.properties is similar to Mid Tier integration, except logout-urls=/atssologout.html in rsso-agent.properties.

    The value of agent-id property in rsso-agent.properties file should be a unique identifier, but should be same on all nodes in a SmartIT/BMC Digital Workplace cluster. It is recommended that you set its value to a simple identifier instead of a HTTP URL. For example, agent-id=myit_smartit_agent.

    For configuring Client Library

  4. Copy rsso-sdk/rsso-sdk-atsso.jar and rsso-sdk/rsso-client-impl.jar to the following folder:

     MyIT versions 3.1 and later

    <MyIT_Tomcat>/external-conf/lib

     MyIT versions earlier than 3.1

    <SMART_IT_MYIT>/Smart_IT_MyIT/ux/WEB-INF/lib

  5. Copy rsso-sdk/sso-sdk.properties into the following folder.

     MyIT versions 3.1 and later

    <MyIT_Tomcat>/external-conf/

     MyIT versions earlier than 3.1

    <SMART_IT_MYIT>/Smart_IT_MyIT/ux/WEB-INF/classes


  6. Back up and delete the existing BMC Atrium SSO jar files in <SMART_IT_MYIT>/Smart_IT_MyIT/ux/WEB-INF/lib:
    * atsso-common-<version>.jar
    * atsso-sdk-<version>.jar
    * atsso-webagent-<version>.jar
  7. Restart SmartIT/BMC Digital Workplace Tomcat service.
  8. Make sure single sign-on integration is enabled on SmartIT database table.
  9. To enable the integration, go to the SmartIT database table 'SmartIT_System.TENANT' and make sure that the value of column 'SAML_AUTHENTICATION' value is True(1).
    For more information on updating the SAML_AUTHENTICATION column, refer the following content.

Updating the value of the SAML_AUTHENTICATION column

To update the SAML_AUTHENTICATION value to 1 in the SmartIT_System.TENANT table, run the following command using Java 1.8 or later:

java -jar <MyIT_Smart_IT_path>/tenant-config/tenant-config-3.1.00.000-jar-with-dependencies.jar updateTenant -server http://<MyIT_FQDN>:9000/ux -username <MyIT_Super_Admin_username> -password <MyIT_Super_Admin_password> -tenantName 000000000000001 -hostname localhost -samlAuthentication true

For BMC Digital Workplace release earlier than 3.1, the name for tenant-config-3.1.00.000-jar-with-dependencies.jar will be: tenant-config-2.5.00.000-jar-with-dependencies.jar.


Integrate with BMC Analytics

Before executing the following steps to configure Analytics for BMC Analytics for Single Sign-On, ensure that the prerequisites are met.

  1. Stop Analytics Tomcat service.
  2. Copy rsso-agent/rsso-agent-all.jar   to <Tomcat>/webapp/BI/WEB-INF/lib.
  3. Copy and modify following file into <Tomcat>/webapp/BI/WEB-INF/classes:
    rsso-agent/rsso-agent.properties
    (Note: configure logout-urls=/atssologout.html in rsso-agent.properties)

    If Remedy SSO is in a cluster, both sso-external-url and sso-service-url should be a Load Balancer (LB) URL. For example, https://solqa-rsso.bmc.com/rsso and internal IP of LB should be mapped to the hostname in hosts file on midtier machine.
    If it is a standalone Remedy SSO, sso-external-url must be an https URL, for example, https://my-rsso.bmc.com/rsso and BMC recommends sso-service-url to be an http URL, for example, http://my-rsso.bmc.com/rsso .
    Note that sso-external-url is a public user-faced URL exposed for end-users for authentication. BMC recommends that you use an https connection.


    Note:
    The agent-id property value in rsso-agent.properties file should be a unique identifier, but should be same on all nodes in a MidTier cluster. It is recommended to set its value to a simple identifier instead of a HTTP URL. For example, agent-id=analytics_agent .

  4. Copy the following jar files into <Tomcat>/webapp/BI/WEB-INF/lib:

    * rsso-sdk/rsso-sdk-atsso.jar
    * rsso-sdk/rsso-client-impl.jar
    * lib/log4j*.jar
    * lib/slf4j*.jar
    * lib/gson-2.3.1.jar
       


  5. Copy rsso-sdk/sso-sdk.properties into <Tomcat>/webapp/BI/WEB-INF/classes.
  6. Delete the following BMC Atrium Single Sign-On JAR files in <Tomcat>/webapp/BI/WEB-INF/lib:
    * atsso-common-<version>.jar
    * atsso-sdk-<version>.jar
    * atsso-webagent-<version>.jar
  7. Restart the Analytics Tomcat service.

Integrate with TrueSight Presentation Server




  1. Stop the TrueSight Presentation server.
  2. Place the Remedy RSSO filter into <Truesight>/modules/Tomcat/conf/web.xml as the first filter:

    <filter>
       <filter-name>RSSOFilter</filter-name>
       <filter-class>com.bmc.rsso.agent.RSSOFilter</filter-class>
    </filter>
    <filter-mapping>
       <filter-name>RSSOFilter</filter-name>
       <url-pattern>/*</url-pattern>
    </filter-mapping>
    <listener>
    <listener-class>com.bmc.rsso.agent.RSSOListener</listener-class>
    </listener>

  3. Create the folder <TrueSightPServer>\truesightpserver\modules\Tomcat\rsso_agent.

  4. Copy the following files into the created folder:
    • rsso-agent-all.jar
    • gson-2.3.1.jar
    • rsso-agent.properties
  5. Delete rsso-agent.properties file from rsso-agent-all.jar.
  6. Open the file <TrueSightPServer>\truesightpserver\conf\services\csr.conf.
  7. Add the following paths to classpath list:
    • <Truesight>/modules/Tomcat/rsso_agent/rsso-agent-all.jar
    • <Truesight>/modules/Tomcat/rsso_agent/gson-2.3.1.jar
    • <Truesight>/modules/Tomcat/rsso_agent/
  8. Comment line with path <Truesight>/lib/dependencies/gson-1.4.jar.
  9. Configure the Remedy SSO agent.
    • Open the file <TrueSightPServer>\truesightpserver\modules\Tomcat\rsso_agent\rsso-agent.properties and modify\add following:
      • agent-id=tsps_agent
      • sso-external-url=https://<RSSO_HOST_PORT>/rsso
      • sso-service-url=https://<RSSO_HOST_PORT>/rsso
  10. Generate new SSL certificate with CN=<TSPS_HOST> and replace the existing certificate in keystore <TrueSightPServer>\truesightpserver\conf\secure\loginvault.ks.
  11. Start TSPS server.

Note

  • The Remedy SSO web agent is usually configured to communicate with only one Remedy SSO server. If you want to configure the web agent to communicate with multiple servers, refer to the Agent supporting multiple servers section in Remedy Single Sign-On Agent.
  • To remove the integration of Remedy SSO from a BMC application, perform the manual integration steps in reverse order.


Related topic

PUBLISH

Was this page helpful? Yes No Submitting... Thank you

Comments

  1. Calogero Lucia

    Hi Team,

    can you please update the documentation regarding the part "Integrate with Innovation Suite / Configuration Manager dashboard (CMDB 9.1.04 Atrium Core)". I really don't know in which directory the modified "rsso-agent.properties" and "rsso-log.cfg" needs to copied. In the Install directory of RSSO no "conf" folder exist. The only "Conf" is placed under "ARSystem". Can you please specified the use case in more detail. Probably you can add some examples.

    Thanks in advance and best regards, Calo

    Aug 02, 2018 03:46