This documentation supports the 19.08 version of Remedy with Smart IT.

To view an earlier version, select the version from the Product version menu.

Integrating BMC Remedy SSO with Smart IT

Related topics

For Remedy SSO Documentation, see   Manually integrating Remedy SSO with BMC applications

Remedy Single Sign-On (Remedy SSO) is an authentication system for a multi software environment that enables users to present credentials for authentication only once. After Remedy SSO authenticates the users, they can gain access to any other application with automatic authentication without providing the credentials again.

Remedy SSO supports the following authentication methods:

  • BMC Remedy AR System Server
  • SAMLv2
  • LDAP
  • Kerberos
  • Certificate-based
  • Remedy SSO authentication or Local authentication
  • OAuth 2.0
  • OpenID Connect

Based on the organization’s requirement, you can configure any of the authentication methods to authenticate the users for various BMC applications.

As an administrator you can integrate Remedy SSO with Smart IT. After the integration, you can configure the required protocol for authentication. BMC does not support the Kerberos authentication for mobile apps, but you can configure the Kerberos authentication for web apps.

Remedy Single Sign-On authentication applies to both the universal client and to mobile applications. When a user logs in to on a mobile device, the user is prompted to enter the host name and port. If the server has SSO enabled, the mobile client opens a browser to the SSO login page. The SSO server sets the SSO cookies after authentication on to the device browser. When the user relaunches the application, if the cookies are not expired, the mobile client displays the application. If the cookies are expired, the user is shown the login page again for authentication.

Note

If you are integrating BMC Remedy SSO with Smart IT, then AR integration with Remedy SSO is mandatory. For more information, see Integrating Remedy SSO with BMC Remedy AR System and Remedy Mid Tier .


To integrate Remedy SSO with Smart IT

  1. Connect to the database:

    For Oracle:

    • Enter Username: system and enter password.
    • Connect to:

      Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production
      With the Partitioning, OLAP, Data Mining and Real Application Testing options

      SQL> update SMARTIT_SYSTEM.TENANT set SAML_AUTHENTICATION=1;
      1 row updated.
      Note: Please commit after update
      SQL> commit;

      In SQL DB,

      UPDATE SmartIT_System.TENANT SET SAML_AUTHENTICATION=1;

      In PostgreSQL,

      update "SmartIT_System".tenant set SAML_AUTHENTICATION=true;
  2. Install the new Remedy SSO server.
  3. Integrate the new Remedy SSO server with the AR System server.
    If Remedy SSO server is already upgraded and integrated with Remedy AR Server, skip steps 2 and 3.
  4. In Smart IT, Stop the Tomcat service.
  5. Copy the following properties files from installer/Disk1/files/rsso-agent/ into tomcat/external-conf folder:
    1. rsso-agent.properties—modify this file manually to point to correct and new Remedy SSO server that is compatible with the sso sdk.

    2. sso-sdk.properties

      Note

      Identical rsso-agent.properties file should be present in the following locations:

      Smart IT Tomcat folder :\Program Files\Apache Software Foundation\Tomcat 8.0_Tomcat8_SmartIT\external-conf

      Smart IT Installation directory :\Program Files\BMC Software\Smart_IT\Smart_IT\smartit\WEB-INF\classes


  6. (Only for upgrade) If you want to get the new Remedy SSO features, clear the old Remedy SSO jar files by stopping Smart IT, and copy the following jar files from the Remedy SSO machine Installer Path \Disk1\files\lib, and paste the files at C:\Program Files\Apache Software Foundation\Tomcat8.0\external-conf\lib:

    1. caffeine-x.x.x.jar

    2. gson-x.x.x.jar

    3. jackson-annotations-x.x.x.jar

    4. jackson-core-x.x.x.jar

    5. jackson-databind-x.x.x.x.jar

    6. jjwt-api-x.xx.x.jar

    7. jjwt-impl-x.xx.x.jar

    8. jjwt-jackson-x.xx.x.jar

    9. json-20280813.jar

    10. org.apache.oltu.oauth2.client-x.x.x.jar

    11. slf4j-api-x.x.xx.jar

  7. (Only for upgrade) Copy the following files from the Disk1/files/rsso-agent folder to C:\Program Files\Apache Software Foundation\Tomcat8.0\external-conf\lib:

    1. rsso-agent-all-RSSO
    2. rsso-client-impl-RSSO
    3. rsso-sdk-atsso-RSSO
  8. Copy domain-entry.jsp from the Disk1/files/rsso-agent folder to the C:\Program Files\BMC Software\Smart_IT\Smart_IT\smartit folder.

  9. Restart the Tomcat service for Smart IT.
  10. Login to the Remedy SSO Admin console and setup the AR authentication pointing to the AR server, which is already integrated with Remedy SSO:

    Setup-1:


    Setup-2:

To enable single sign-on integration on the SmartIT database table

Make sure single sign-on integration is enabled on SmartIT database table. To enable the integration, go to the SmartIT database table SmartIT_System.TENANT and make sure that the value of the SAML_AUTHENTICATION column is True(1).

To update the SAML_AUTHENTICATION column

To update the SAML_AUTHENTICATION column, run the following command using Java 1.8 or later:

java
 -jar 
<Smart_IT_path>/tenant-config/tenant-config-3.1.00.000-jar-with-dependencies.jar
 updateTenant -server http://<SmartIT_FQDN>:9000/smartit -username 
<SmartIT_Super_Admin_username> -password 
<SmartIT_Super_Admin_password> -tenantName 000000000000001 
-hostname localhost -samlAuthentication true


Notes

  • The configuration in rsso-agent.properties is similar to Mid Tier integration, except logout-urls=/atssologout.html in rsso-agent.properties.
    The value of the agent-id property in rsso-agent.properties file should be a unique identifier, but should be same on all nodes in a Smart IT cluster. It is recommended that you set its value to a simple identifier instead of a HTTP URL. For example, agent-id=smartit_agent.
    For more information, see Configuring Remedy SSO agent in the Remedy SSO online documentation.
  • When you login to Smart IT, where Remedy SSO is integrated, if the Remedy SSO Token Maximum Session Time is set lesser than the Smart IT Session Time then,
    • in case of the Remedy SSO token timeout, the user is not directed to the login page. Here, the user needs to refresh the page.
    • in case the user re-logins and logs-out, then also the license may not be released.


To configure Smart IT to not require the tenant domain

You can configure integrated applications not to require the tenant domain. Without this setting, applications require login requests in a format used by Smart IT (for example, userLogin@domain.com). With this setting, applications accept login requests that do not include a tenant domain (for example, userLogin).

  1. On the Smart IT server, go to Smart_IT_TomcatDirectory/external-conf.
  2. Open the sso-sdk.properties file in a text editor, and add the following line:

    ignore-tenant=true
  3. Save and close the file.



Where to go from here

Complete the remaining tasks in Configuring after installation.

Was this page helpful? Yes No Submitting... Thank you

Comments

  1. Ashish Mistry

    Hello Team,

    For Smart IT rsso-agent.properties file is present in two locations:

    Smart IT Tomcat folder -:\Program Files\Apache Software Foundation\Tomcat 8.0_Tomcat8_SmartIT\external-conf

    Smart IT Installation directory-:\Program Files\BMC Software\Smart_IT\Smart_IT\smartit\WEB-INF\classes.

    The Second path is not referenced in the document and needs to be updated.For Smart IT to work correctly both the rsso-agent.properties file should be identical.

    Regards, Ashish

    Jun 03, 2020 08:38
    1. Nilay Agambagis

      Hello Ashish,

      I have added the required note in this topic ( Point 5).

      Regards,

      Nilay Agambagis

      Aug 17, 2020 04:37
  2. Nilay Agambagis

    Hello Ashish, Thanks a lot for your comment. I am communicating with the SMEs on this. I will get back to you with updates, as soon as I get a reply from them.

    Regards, Nilay Agambagis

    Jun 18, 2020 12:42