Integrating BMC Mobility for ITSM 8.1.00
This topic describes how to integrate BMC Atrium Single Sign-On with BMC Mobility for supporting Security Assertion Markup Language (SAML). The typical process for integrating BMC Atrium Single Sign-On with BMC Remedy IT Service Management (ITSM) is to install BMC Atrium Single Sign-On, install BMC Remedy ITSM, and then integrate Atrium SSO with ITSM.
Following topics are provided:
Before you begin
- Ensure that you have BMC Remedy ITSM installed, before you can enable integration with BMC Atrium Single Sign-On.
- Ensure that users of BMC Remedy ITSM that you want to use, exist in the BMC Atrium Sign-On server. See Managing users and Managing user groups.
- The mobile applications do not support pop-up windows for login. The SAML IdP in Atrium SSO must provide a login page that is compatible with the embedded WebKit browser.
The only identity provider (IdP) that BMC Mobility for ITSM supports is BMC Atrium SSO, which is the only supported service provider (SP). Other IdPs and SPs are not supported.
Integrating BMC Mobility to support SAML authentication
You must use the following steps for configuring BMC Mobility and BMC Atrium SSO so that BMC Mobility can use single sign-on for logging on to BMC Mobility.
To integrate Atrium SSO support in BMC Mobility Server
- Stop the BMC Mobility server.
Copy all the jar files from the <MidtierInstallDir>\webagent\dist\jee\WEB-INF\lib directory to the <MidtierInstallDir>\WEB-INF\lib directory.
For example, copy all the jar files from C:\Program Files\BMCSoftware\ARSystem\midtier\webagent\dist\jee\WEB-INF\lib to C:\Program Files\BMCSoftware\ARSystem\midtier\WEB-INF\lib.
Uncomment the BMC Atrium Single Sign-On filter in the web.xml file on BMC Mobility server.
To integrate BMC Mobility in BMC Atrium SSO Console
Configure the Login URl for the BMC Atrium Single Sign-On server using following steps:
- Log on to the BMC Atrium SSO Admin Console and click Agent Details.
- Select the /MobilityServer@FQDN:portNumber agent and click Edit.
In the Agent Editor, change the Login URl to be the same as the Mid Tier Agent Login URl (for example, https://serverName:portNumber/atriumsso/spssoinit?metaAlias=/BmcRealm/sp&idpEntityID=idp).
Login URl field in the Agent Editor
Click the following figure to expand it.
- Configure the Logout URl for the BMC Atrium Single Sign-On server using following steps:
- In the Agent Editor, change the Logout URl to be the same as the Mid Tier Agent Logout URl (for example, https://serverName:portNumber/atriumsso/saml2/jsp/spSingleLogoutInit.jsp?idpEntityID=idp).
To enable SAML logon
- Open the Mobility Administration: Tenant form in a browser.
- Search for the record with Tenant ID 000000000000001.
- Change the SAML Authentication setting to Yes.
- Save your changes.
You must start the BMC Mobility server after making the configuration changes.