Integrating BMC Remedy SSO with Smart IT and BMC Digital Workplace
Remedy Single Sign-On (Remedy SSO) is an authentication system for a multi software environment that enables users to present credentials for authentication only once. After Remedy SSO authenticates the users, they can gain access to any other application with automatic authentication without providing the credentials again.
Remedy SSO supports the following authentication methods:
- BMC Remedy AR System Server
- Kerberos (Starting from version 9.1.01)
- Certificate-based (Starting from version 9.1.01)
- Remedy SSO authentication or Local authentication (Starting from version 9.1.02)
- OAuth 2.0 (Starting from version 9.1.04)
- OpenID Connect (Starting from version 9.1.04)
Based on the organization’s requirement, you can configure any of the authentication methods to authenticate the users for various BMC applications.
After Remedy SSO server is deployed, as an administrator you can integrate it with Smart IT and BMC Digital Workplace. Note that Smart IT and BMC Digital Workplace are part of the same installer, and are integrated with Remedy SSO as part of server integration. After the integration, you can configure the required protocol for authentication. BMC does not support the Kerberos authentication for mobile apps, but you can configure the Kerberos authentication for web apps.
This topic describes how you can integrate Remedy SSO with Smart IT and BMC Digital Workplace by using one of the three methods:
- Remedy SSO installer
- Manually integrating Remedy SSO with Smart IT/BMC Digital Workplace
- Integrating Remedy SSO in silent mode
Before you begin
Before you integrate Remedy SSO with Smart IT and BMC Digital Workplace, you must consider if the following prerequisites are fulfilled:
- If your application is already integrated with BMC Atrium Single Sign-On (BMC Atrium SSO), the Remedy SSO installer automatically removes BMC Atrium SSO agent artifacts at the time of integration. However, the Remedy SSO installer does not explicitly remove the integration of your application with BMC Atrium SSO. So, ensure that you have manually removed the integration with BMC Atrium SSO.
- Install Remedy SSO. For more information about installing Remedy SSO, see
- Configure realms to support authentication methods.
- Integrate Remedy SSO with BMC Remedy Mid Tier.
- Install Smart IT and BMC Digital Workplace.
- Verify that the access to Smart IT and Remedy SSO servers occurs through the same domain. If the domains are different, even after successful deployment, Remedy SSO agent does not work as expected.
You must have the following permissions:
- BMC Digital Workplace Super Admin permission
- Administrator permission to access mid tier server machines
To integrate by using Remedy SSO installer
Details about Remedy SSO installer:
- Remedy SSO installer is available on the Electronic Product Download (EPD) site.
- You must download the installer, and unzip it to extract files. The executable setup is located on the Disk1 directory of the extracted files.
- The URL must be Fully Qualified Domain Name (FQDN). When you access applications, use FQDN. For example, remedy.bmc.com.
- It is recommended not to use IP addresses or short aliases as they do not preserve cookie domain and prevent functioning of Remedy SSO.
To integrate by using Remedy SSO installer, follow these steps:
- Unzip Remedy SSO files.
- Run the installation program.
- For Windows based server, run setup.exe
- For Unix based server, run setup.sh
- On the lower-right corner of the Welcome panel, click Next.
- After you review the license agreement, select the I agree to the terms of license agreement radio button, and then click Next.
- Accept the default destination directory, or browse to select a different directory, and then click Next.
- Select the Integrate with BMC Digital Workplace / BMC SmartIT option, and then click Next.
- Enter the directory path where BMC Digital Workplace/Smart IT is installed.
- Enter the directory path to the BMC Digital Workplace/Smart IT web server.
- Enter your BMC Digital Workplace super admin login credentials.
- To redirect unauthenticated user requests to Remedy SSO for authentication, enter the the public facing (external) URL of Remedy SSO server. For example, .
- To communicate between BMC Digital Workplace/SmartIT server and Remedy SSO server, enter the internal URL of Remedy SSO server. For example, .
- To complete the integration, check the installation preview, and then click Install.
After successful integration, the server that hosted Smart IT and BMC Digital Workplace restarts.
To manually integrate Remedy SSO
Remedy SSO integration is enabled on Smart IT database table. You must ensure that on the Smart IT database table 'SmartIT_System.TENANT', the value of column 'SAML_AUTHENTICATION' is True when the database is Microsoft SQL, and 1 when the database is Oracle.
The following files are available in Remedy SSO installer at the location—Disk1/files/rsso-agent/:
- For Smart IT v1.4 and BMC Digital Workplace v3.1 onwards:
- Remedy SSO and ASSO libs are stored in <CATALIA_BASE>/external-conf/lib.
- Changes to Remedy SSO properties files must be made in the .properties file located at <CATALIA_BASE>/external-conf/.
- For fresh installation, the ASSO .jar files are located at <CATALIA_BASE>/external-conf/lib.
- When you upgrade from version prior to Smart IT v1.4 and BMC Digital Workplace v3.1, the installer places ASSO libs in <CATALIA_BASE>/external-conf/lib without user intervention.
- If Remedy SSO is configured, then during upgrade, the installer will copy from ux: rsso config files(*.properties) in <CATALIA_BASE>/external-conf/ and rsso jar files(lib) in <CATALIA_BASE>/external-conf/lib.
To manually integrate Remedy RSSO, follow these steps:
- Stop the SmartIT/BMC Digital Workplace Tomcat service.
- Configure the web agent. To do so, follow these steps:
- Copy the rsso-agent-all.jar file to <CATALIA_BASE>/external-conf/lib.
- Copy the rsso-agent.properties file to <CATALIA_BASE>/external-conf/.
- Modify the file rsso-agent.properties:
If Remedy SSO is in a cluster, both sso-external-url and sso-service-url should be Load Balancer (LB) url. For example, and the internal IP of LB must be mapped to the host name in the host's file on the Smart IT/BMC Digital Workplace machine.
This is only required on the sso-service-url if the hostname cannot be resolved by the Domain Name Server (DNS) used on BMC Digital Workplace server machines.
Irrespective of whether Remedy SSO server is standalone or cluster, HTTPS is required for sso-external-url. For example, and HTTP is recommended for sso-service-url such as .
The value of 'agent-id' property in the rsso-agent.properties file must be a unique identifier, and must be same on all nodes in SmartIT/BMC Digital Workplace cluster. It is recommended to set its value to a simple identifier instead of a HTTP URL. For example, agent-id=myit_smartit_agent.
- Configure the client library. To do so, follow these steps:
- Copy the rsso-sdk-atsso.jar and rsso-client-impl.jar files to <CATALIA_BASE>/external-conf/lib.
- Copy the sso-sdk.properties file to <CATALIA_BASE>/external-conf/.
Delete the following ASSO jar files in <CATALIA_BASE>/external-conf/lib:
Restart the SmartIT/BMC Digital Workplace Tomcat service.
Integrating Remedy SSO in silent mode
- Go to the command line.
- Type the following command.
- For Windows: setup.exe -i silent -DOPTIONS_FILE=<path_to_txt_file_with_installation_options>
- For Linux: sh setup.bin -i silent -DOPTIONS_FILE=<path_to_txt_file_with_installation_options>
To create a text file with installation options:
- Open a new text file in a text editor.
- Enter the following options on the text file:
- -P installLocation=<path where product info will be located>
- -A productRemedySSO
- -J MI_TYPE=true
- -J MI_HOME=<path_to_Midtier_home>
- -J MI_WEBSERVER_PATH=<path_to_BMC Digital Workplace/SmartIt_server_home>
- -J INT_URL=<internal_RSSO_url>
- -J EXT_URL=<external_RSSO_url>
- -J MI_USER=<BMC Digital Workplace_user_name>
- -J MI_USER_PASSWD=<password>
- -J MI_USER_PASSWD_CNFRM=<password>
- Save the file.
If you are integrating BMC Remedy SSO with Smart IT, then AR integration with RSSO is mandatory. For more information, see .
To authenticate Change request and Knowledge article approvers by using BMC Remedy Single Sign-On
In BMC Remedy IT Service Management, on the Basic tab of the AP:ProcessDefinition form, the administrator can set Require Password? to Yes to authenticate change request and knowledge article reviewers. To authenticate them by using BMC Remedy SSO, you must uncomment BMC Remedy SSO web agent filter and filter mapping elements. To do so, follow these steps:
- Stop SmartIT/MyIT Tomcat service.
Uncomment BMC Remedy SSO web agent <filter> and <filter-mapping> elements (by deleting <!-- and -->):
<!-- Remedy SSO webagent filter. Uncomment when needed --> <!-- <filter> <filter-name>RSSOFilter</filter-name> <filter-class>com.bmc.rsso.agent.RSSOFilter</filter-class> </filter> <filter-mapping> <filter-name>RSSOFilter</filter-name> <url-pattern>/rest/sso/validate-reauth</url-pattern> </filter-mapping> -->
- Restart SmartIT/MyIT Tomcat service.