User ID transformation
Remedy Single Sign-On uses the login ID provided by the authentication provider to match the user ID in the user store. Remedy SSO provides options of transforming the login IDs to match them with the user IDs.
However, many times customers have different user names in the user store and their login details may vary. So, it is impossible to predict the kind of transformation that may be needed for a particular customer. For this, Remedy Single Sign-On provides User ID Transformation options that you can use to enable the required transformation for the authentication method in your realm.
When you integrate Remedy SSO with BMC applications, set up an authentication method, and then change the original authentication method, the new authentication method might not provide the same user ID format that was available with the original method.
Some authentication methods, such as Security Assertion Markup Language (SAML) also return the user ID in a format that cannot be used directly. In such situations, in addition to the default transformation options provided by Remedy SSO, you must create customized plugins to add complex transformations to the Transformation list.
User ID transformation options
The following table lists the user ID transformation options provided by Remedy SSO:
Displays the entered userID without any transformation.
|RemoveBMCDomain||Displays the userID without the suffix.|
Displays the userID without the prefix <domain>.
Example: companyname\userid is transformed to userID.
|RemoveEMailDomain||Displays userID without the suffix@<anyemaildomain>.|
Displays userID after converting it to lower case.
Example: UserID is transformed to userid.
Displays userID after converting it to upper case.
Example: userid is transformed to USERID.
|custom||Displays more transformation options if custom transformation plug-ins are provided.|
Provide any value if there is a mismatch between a user name coming from the identity provider and user name specified in the user form. Suppose you have a user name CustomeUserName@gmail.com coming from identity provider response, and user name specified in AR System is CustomUserName user form. You will need to select RemoveDomain option to transform the user ID.
Creating a new plugin to transform user IDs
This section provides details to create and deploy a plugin to transform user IDs in addition to the options provided by Remedy SSO.
Before creating a new plugin, ensure the following prerequisites:
- Install JDK (not JRE) 7.
- Set the system variable JAVA_HOME appropriately.
- Ensure accessibility of Remedy SSO binaries.
To create a new transformation plugin
- Download the Apache Maven tool ( ) archive.
- Unpack the archive to <maven_dir>.
- Add the PATH system variable path to the <maven dir>/bin directory.
Run the following command to perform the check:
- Unpack the CustomTransformationTemplate.zip to CustomTransformationTemplate.
- Locate the Remedy SSO libraries folder. Usually, it can be found in <RSSO Tomcat>/webapps/RSSO/WEB-INF/lib.
- Find the sdk-plugins-<version>.jar file inside the path, and copy it into the CustomTransformationTemplate folder.
- Ensure that you have the correct dependency set.
- In the CustomTransformationTemplate/pom.xml file, check the <version > value inside the <dependency> element. If required, correct it according to the <version> part of the sdk-plugins-<version>.jar file.
- In the CustomTransformationTemplate/ build.cmd file, check the –Dversion argument in the first line and change it if required.
To incorporate code changes
- Go to the CustomTransformationTemplate\java\src\main\java\com\bmc\rsso\plugins\transformation\custom folder.
- Create a copy of the TransformationTemplate.java file to preserve the original.
- Open this file and change the class name accordingly.
- Open CustomTransformationTemplate\ src\main\resources\META-INF\services\com.bmc.rsso.plugins.transformation.spi.UserIdTransformation file, and change the class name inside it there accordingly.
- Open the .java file and make the following changes:
- Content of the transform () function
- Returned value of the getStrategyName() function. The return value is what you see in the console. Do not use any white spaces or special characters in the name.
- Optional. Content of the getDescription() function. This only leaves a comment when getDescription argument is used with java. It does not change anything in the console or functionality.
Do not use clipboard to copy and paste when making the changes. Clipboard picks up hidden characters that are not visible in the code. This causes errors when compiled.
To build and deploy the new plugin
- Run the CustomTransformationTemplate/build.bat file.
Produced .jar file can be found at the CustomTransformationTemplate/target folder.
Copy this file into the <RSSO Tomcat>/webapps/RSSO/WEB-INF/lib folder.
If you need any additional libraries for the transformation plug-in, save the libraries in the following directory: <RSSO Tomcat>/webapps/RSSO/WEB-INF/lib.
Restart the Remedy SSO server.
Log in to the Remedy SSO Admin Console.
Open authentication configuration for edit. Choose the newly found corresponding entry from User ID Transformation list.
If you have deployed Remedy SSO in a high availability (HA) environment, install the plug-in on all servers in the cluster before configuring the realm to use the new transformation.