This documentation supports the 9.1 version of Remedy Single Sign-On.

To view the latest version, select the version from the Product version menu.

2018-03-08_23-44-55_Remedy SSO server general configuration

Following the installation of Remedy Single Sign-On (Remedy SSO), you must set the general configurations. You can also export and import the configurations, when you want to backup and restore the configuration settings.

Use the following sections to configure general settings, export, import, and view the session details for Remedy SSO.

Before you begin

You must have installed Remedy SSO.

To set the general configurations

  1. Log in to the Remedy SSO console as an Admin user.
  2. Click General.
  3. On the Basic tab, enter the basic server details. For more information about the basic server details, see Basic parameters.
  4. On the left navigation panel, click the Advanced tab and enter the advanced details. (Optional) Enter the SAML service provider details only if you are configuring Remedy SSO for SAML authentication. For more information about the advanced server details, see Advanced parameters.
  5. Click Save.

Basic parameters

FieldDescription
Cookie

Cookie Domain

The value that controls the cookie visibility between servers within the domain. The default cookie domain value is the network domain of the computer on which you are installing the Remedy SSO server. The default cookie domain specifies the most restrictive access.

The cookie domain value must be the same for all integrated applications and Remedy SSO server.

Ensure that the value is correct as a wrong value can cause a redirection loop.

For example, in case your ITSM and MyIT applications are available on itsm.yourcompany.com and myit.yourcompany.com and Remedy SSO is on sso.yourcompany.com, then the cookie domain must be set to yourcompany.com.

Installing Remedy SSO on another domain like your company.internal and setting the cookie domain to yourcompany.com or your company.internal causes a redirection loop as the cookie cannot be set across different domains.

Session Settings

Max Session Time

The time after which the user session expires. When this value is selected, time constraints are automatically enforced. The default is 24 hours.

The value for maximum session time is usually 4, 8, or 12 hours.

Ensure that the maximum session time is more than the time that you configure for session token validation on an agent.

Log

Server Log Level

The level of log details.

If the Sign Request option is selected, Remedy SSO logs show the WARN message with a stack trace. Otherwise, the logs show the DEBUG message and the stack trace only at the TRACE level. Showing the TRACE level affects the server performance.

Advanced parameters

FieldDescriptionApplicable versions
Cookie

Cookie Name

The cookie name is automatically created at installation and is based on the timestamp. The timestamp is the time the database is created during Remedy SSO installation.

9.0.01 and later
Enable Secured Cookie

The option to enable secured cookie. If this option is selected then all applications must also run on HTTPS and the application servers must be accessed through https only. Otherwise, it causes a redirection loop.

9.0.01 and later
Back Channel
Service URLRemedy SSO generates a token and inserts this URL into the token to provide information about the location of the Remedy SSO server. This is an optional configuration as Remedy SSO server location can also be specified in the configuration files of Remedy SSO Agent and AREA plugin.9.1.01 and later
SAML Service Provider
SP Entity IDThe entity ID of the service provider.9.1.01 and later
External URLThe external URL of the service provider, that is, the URL for Remedy SSO server.9.1.01 and later
Signing CertificateThe certificate used to sign a SAML request if Sign Request is selected.9.1 and earlier
Keystore File

The keystore file path that includes the keystore file name. The keystore file contains all the required certificates. If you are using PKCS12 keystores file, the file extension must be .p12.

If the keystore file is placed in the tomcat/rsso/webapp/WEB-INF/classes folder, the value of this field can be the name of the keystore file, where tomcat represents the Tomcat path. Otherwise, use the absolute file path.

9.1.01 and later
Keystore PasswordThe keystore file password. The keypair and keystore passwords must be the same.9.1.01 and later
Signing Key AliasThe alias name of the signing key in the keystore file.9.1.01 and later

Importing and exporting Remedy SSO configurations

You can import or export the configuration settings of Remedy SSO.

To export Remedy SSO configuration

You can export the server configuration details and the templates. In most browsers, a file is downloaded to your local machine automatically. But in Safari, a new browser with the exported configuration is opened. You can copy and save the content.

  1. Log in to the Admin console of Remedy SSO.
  2. On the Admin menu, click Export.

To import Remedy SSO configuration

You can import configuration of the same Remedy SSO version only. Importing configuration overrides all the previous configurations.

  1. Log in to the Admin console of Remedy SSO
  2. On the Admin menu, click Import.
  3. Select the required file.
  4. Click Import.

Note

With respect to Local Users and Groups Management, exporting configurations does not affect local users and groups, though importing overrides them. For example, first you create realm A and export the server configuration details. Secondly, you create realm B and local users and groups for realm B. Then you import the previously exported configuration which has only realm A. Now all the users and groups associated with realm B are overridden, though they still exist in the database. To resolve the issue, create realm B again manually.

Hence while exporting or importing configurations, you must ensure consistency between the realm, local users, and groups.

To view session details

  1. In the Search field, enter the user or realm ID for which you want to view the session details.
    The system displays the following information.
FieldDescription
User IDUser ID associated with the session.
RealmRealm ID associated with the session.
Time RemainingTime remaining for the session.
Maximum Session TimeTime that was associated for the session

Related videos

Click the images to view the video.



Related topic



Was this page helpful? Yes No Submitting... Thank you

Comments

  1. Himanshu Pandya

    In the "Enable Secured Cookie" section, if you enable secured cookies then the client applications must also run on HTTPS.

    Nov 17, 2016 08:09
  2. Giuseppe Fentini

    Hello,

     

    My SSO server in not in a domain, then I wonder: must it be placed on a domain? If not, what is the value that I should put on the Cookie Domain?

    Jul 19, 2017 11:24
    1. Kamalakannan Srinivasan

      Hi Giuseppe,

      Thank you for your comment. I will discuss with the technical team and revert.

      Regards,
      Kamal

      Jul 20, 2017 02:50
    1. Kamalakannan Srinivasan

      Hi Giuseppe,

      Thank you for your comment. For cookie domain, you must put the value of application domain. The domain of Remedy SSO does not matter if it is still accessible from agent's/application's domain.

      Regards,

      Kamal

      Jul 20, 2017 03:22
  3. Saloni Joshi

    Hi,

    I need to enable lockout policy for users in RSSO. Please let me know who I can enable lockout policy using Realm in RSSO or any other feature.

    THanks, Saloni

    Jan 18, 2018 05:50
    1. Kamalakannan Srinivasan

      Hi Saloni,

      Thank you for your comment. I will discuss with the technical team and revert.

      Regards,
      Kamal

      Jan 19, 2018 01:30
    1. Kamalakannan Srinivasan

      Hi Saloni,

      Thank you for your comment. Remedy SSO does not manage lockout policies for users.

      Regards,

      Kamal

      Jan 19, 2018 02:38