×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')

Out of support

 

This documentation supports the 8.1 version of BMC Atrium Single Sign-On, which is in "End of Version Support." However, the documentation is available for your convenience. You will not be able to leave comments.

Click here to view the documentation for a supported version of Remedy Single Sign-On.
BMC Atrium Single Sign-On 8.1 Troubleshooting

Logon and logoff issues

Logon and logoff issues can occur (or appear to occur) associated with URL re-directs and normal Identity Provider (IdP) behavior.

Automatic IdP logon behavior

With SAMLv2 authentication configurations, an automatic logon can occur after you have terminated your single sign-on (SSO) session. This behavior gives the impression that the user was not logged out.

In SAMLv2 configurations, the IdP caches authentication information within the browser. This information allows the IdP to automatically re-authenticate a user without the user re-entering their credentials.

The effect is that when a user logs out of a SAMLv2 system, a browser refresh can automatically log the user back into the system. For this type of system, to ensure that the user is permanently logged off the system, close all browser windows and tabs.

For example, when a user has two browser windows (or tabs) open, one with BMC Remedy Mid Tier and the other with BMC Analytics and the user logs off of BMC Remedy Mid Tier and closes the window, the user terminates their SSO session. If the user goes to the BMC Analytics window and refreshes the browser (for example, clicks on a link), then the browser performs the action as through the user was still logged onto the system. What transpired was that a new SSO session was created automatically for the user (due to the auto-logon of the IdP).

URL re-direct issues

Logon and logoff issues can occur (typically with a SAMLv2 configuration) when too many URL re-directs happen between the browser and servers during logon and logoff processing.

  1. Capture the HTTP traffic between the browser and servers using a capture tool such as Fiddler, ieHttpHeaders, or Live HTTP Headers.
  2. Identify potential configuration changes to the reverse proxy, load balancer, or BMC Atrium Single Sign-On.
  3. Modify the configuration:
    • If the re-direct is from https://sample.bmc.com/arsys to https://sample.bmc.com/arsys/ (a forward-slash after arsys), check and modify the agent log on and log out URL configuration to include the forward-slash.
    • If the re-direct is associated with Reverse Proxy or Load Balancer where a protocol switch from HTTPS to HTTP occurs (for example, the browser communicates on HTTPS to the Reverse Proxy which then communicates to the server using HTTP), configure the Reverse Proxy or Load Balancer to include the HTTP AtssoReturnLocation header with the value https://.

      In this case, the agent in the server uses the HTTP protocol for the return address which causes the re-direct.

User profile issue

You may face another issue after logging on to the BMC application related to user profiles. After successful login, you may encounter the following error: User has no profile in this realm.

This error indicates that the User Profile setting in the realm is set to Required but the UserID from the authentication did not match any users available in the User Stores.

Resolution

Generally, you can resolve this issue by changing the User Profile to Ignored or Dynamic.

Was this page helpful? Yes No Submitting... Thank you
Last modified by Abhay Chokshi on Aug 13, 2014

Comments

Log in or register to comment.

Working with error messages
Upgrading from 7.6.04 to 8.1 silent installation issue
© Copyright 2013 - 2017 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.