Manually configuring mid tier for BMC Atrium Single Sign-On user authentication
For the mid tier to communicate with the BMC Atrium Single Sign-On server for user authentication, follow the steps below to manually configure the mid tier.
Note
- If you do not select the Configuration of Atrium Single Sign-On option during the AR System server installation or during the stand-alone installation of mid tier, only then perform the steps in this section.
- BMC recommends, you do not install BMC Atrium Single Sign-on and BMC Remedy Mid-Tier on the same computer. BMC Atrium Single Sign-on and BMC Remedy Mid-Tier must use different Tomcat because if the mid-tier computer needs to be restarted, all the other applications will be unavailable because BMC Atrium Single Sign on will be down during the restart.
To manually configure the Mid Tier for BMC Atrium Single Sign-On user authentication
- Go to the computer where you installed the Mid Tier.
- Stop the mid tier service, if it is already running.
- Copy all the jar files from the <MidtierInstallDir>\webagent\dist\jee\WEB-INF\lib directory to the <MidtierInstallDir>\WEB-INF\lib directory.
For example, copy all the jar files from C:\Program Files\BMC Software\ARSystem\midtier\webagent\dist\jee\WEB-INF\lib to C:\Program Files\BMC Software\ARSystem\midtier\WEB-INF\lib. - Go to the <MidtierInstallDir>\Web-Inf directory and open the web.xml file in an editor.
Uncomment the <filter> and <filter-mapping> tags for the Atrium Single Sign-On filter.
These tags should look like the following:
Make sure that you save your changes to the web.xml file.<!--Atrium SSO webagent filter. Un-comment when needed--> <filter> <filter-name>Agent</filter-name> <filter-class>com.bmc.atrium.sso.agents.web.SSOFilter</filter-class> </filter> <!--Atrium SSO webagent filter. Un-comment when needed--> <filter-mapping> <filter-name>Agent</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> <dispatcher>INCLUDE</dispatcher> <dispatcher>FORWARD</dispatcher> <dispatcher>ERROR</dispatcher> </filter-mapping>
- Go to the <MidtierInstallDir>\Web-Inf\classes directory (for example, C:\Program Files\BMC Software\ARSystem\midtier\WEB-INF\classes) and open the config.properties file in an editor.
- Add an attribute in the config.properties file.
For this, comment the DefaultAuthenticator line (arsystem.authenticator=com.remedy.arsys. session.DefaultAuthenticator) and add the following line for the Atrium Single Sign-On Authenticator:
arsystem.authenticator=com.remedy.arsys.sso.AtriumSSOAuthenticator
Make sure that you save your changes to the config.properties file. - Go to the computer where you installed the AR System serve and open the ar.cfg (Microsoft Windows) or ar.conf (UNIX or Linux) file in an editor.
The default location for Windows is C:\Program Files\BMC Software\ARSystem\Conf. - Add the following SSO AREA plug-in entries to the ar.cfgfile:
- (Unix) Plugin — areaatriumsso.so
- (Windows) Plugin — areaatriumsso.dll
For example:
Plugin: areaatriumsso.dll - Server Plugin Alias — ARSYS.AREA.ATRIUMSSO ARSYS.AREA.ATRIUMSSOFQDN of AR System server name:PluginPort
For example:
Server-Plugin-Alias: ARSYS.AREA.ATRIUMSSO ARSYS.AREA.ATRIUMSSO arSystemServer.bmc.com:9999
Make sure that the SSO entries are listed first; otherwise they will not be used by the AR System server.Plugin: areaatriumsso.dll Plugin: ardbcconf.dll Plugin: reportplugin.dll Plugin: ServerAdmin.dll Server-Plugin-Alias: ARSYS.AREA.ATRIUMSSO ARSYS.AREA.ATRIUMSSO xyz-abc-x28-vm1.dsl.bmc.com:9999 Server-Plugin-Alias: ARSYS.ARF.REGISTRY ARSYS.ARF.REGISTRY xyz-abc-x28-vm1.dsl.bmc.com:9999 Server-Plugin-Alias: ARSYS.ARDBC.REGISTRY ARSYS.ARDBC.REGISTRY xyz-abc-x28-vm1.dsl.bmc.com:9999 Server-Plugin-Alias: ARSYS.ARDBC.ARREPORTENGINE ARSYS.ARDBC.ARREPORTENGINE xyz-abc-x28-vm1.dsl.bmc.com:9999 Server-Plugin-Alias: ARSYS.ARF.QUERYPARSER ARSYS.ARF.QUERYPARSER xyz-abc-x28-vm1.dsl.bmc.com:9999 Server-Plugin-Alias: ARSYS.ALRT.WEBSERVICE ARSYS.ALRT.WEBSERVICE xyz-abc-x28-vm1.dsl.bmc.com:9999 Server-Plugin-Alias: ARSYS.ARF.PARSEPARAMETERS ARSYS.ARF.PARSEPARAMETERS xyz-abc-x28-vm1.dsl.bmc.com:9999 Server-Plugin-Alias: ARSYS.ARF.PUBLISHREPORT ARSYS.ARF.PUBLISHREPORT xyz-abc-x28-vm1.dsl.bmc.com:9999 Server-Plugin-Alias: ARSYS.ARF.REPORTSCHEDULER ARSYS.ARF.REPORTSCHEDULER xyz-abc-x28-vm1.dsl.bmc.com:9999 Server-Plugin-Alias: ARSYS.ARF.RSAKEYPAIRGENERATOR ARSYS.ARF.RSAKEYPAIRGENERATOR xyz-abc-x28-vm1.dsl.bmc.com:9999 Server-Plugin-Alias: ARSYS.ALRT.TWITTER ARSYS.ALRT.TWITTER xyz-abc-x28-vm1.dsl.bmc.com:9999 Server-Plugin-Alias: ARSYS.ARF.TWITTER ARSYS.ARF.TWITTER xyz-abc-x28-vm1.dsl.bmc.com:9999
- Save your changes to the ar.cfg or ar.conf file.
- Go back to the computer where you installed the Mid Tier.
- Copy the cacerts file from the JDK installed location to the Tomcat conf folder.
For example, copy cacerts fromC:\Program Files\Java\jdk1.7.0_03\jre\lib\security
toC:\Program Files\Apache Software Foundation\Tomcat6.0\conf
. - If your Mid Tier installation does not already include the not-enforced.txt file, save the attached file to the Mid Tier folder.
For example, right-click the link, and then select Save link as to theC:\Program Files\BMC Software\ARSystem\midtier
folder.
A typical not-enforced.txt file contains the URIs listed in the code snippet below. URIs listed in this file are not protected by the agent. Their contents are uploaded into the BMC Atrium Single Sign-On server to become part of the Agent configuration.
When you later finish integration, this file is no longer used or needed. If you must update the agent configuration, access Agent Details on the BMC Atrium SSO Admin Console to modify the Not Enforced URI Processing values./arsys/services/* /arsys/WSDL/* /arsys/shared/config/* /arsys/shared/doc/* /arsys/shared/images/* /arsys/shared/timer/* /arsys/shared/ar_url_encoder.jsp /arsys/shared/error.jsp /arsys/shared/file_not_found.jsp /arsys/shared/HTTPPost.class /arsys/shared/login.jsp /arsys/shared/login_common.jsp /arsys/shared/view_form.jsp /arsys/shared/logout.jsp /arsys/shared/wait.jsp /arsys/servlet/ConfigServlet /arsys/servlet/GoatConfigServlet /arsys/plugins/*
- Execute the deployer script to deploy the WebAgent.
For this, run the following script through command line interface under the deployer directory (webagent\deployer):java -jar deployer.jar --install --container-type -TOMCATversion --atrium-sso-url AtriumSSOURL<FQDNofAtriumSSOServer>:<port>/atriumsso --web-app-url MidtierSSOURL<FQDNofMidtierServer>:<port>/arsys --container-base-dir AppServerHome --admin-name AtriumServerAdminUsername --admin-pwd AtriumServerAdminPassword --jvm-truststore "JavaHome \jre\lib\security\cacerts" --jvm-truststore-password TruststorePassword --truststore "AppServerHome\conf\cacerts" --truststore-password TruststorePassword --not-enforced-uri-file "midTierPath\not-enforced.txt" --web-app-logout-uri /shared/loggedout.jsp
For example,
java -jar deployer.jar --install --container-type tomcatv6 --atrium-sso-url https://ssoServer.bmc.com:8443/atriumsso --web-app-url http://midTierServer:8080/arsys --container-base-dir "c:\Program Files\Apache Software Foundation\Tomcat6.0" --admin-name amadmin --admin-pwd Let$in09 --jvm-truststore "c:\Program Files\Java\jdk1.7.0_03\jre\lib\security\cacerts" --jvm-truststore-password changeit --truststore "c:\Program Files\Apache Software Foundation\Tomcat6.0\conf\cacerts" --truststore-password changeit --not-enforced-uri-file "C:\Program Files\BMC Software\ARSystem\midtier\not-enforced.txt" --web-app-logout-uri /shared/loggedout.jsp
Make sure that the deployer script successfully finishes execution and is completed.
Tip
If the deployer script fails:
- Delete the <containerBaseDir>/atssoAgents folder (for example,
C:\Program Files\Apache Software Foundation\Tomcat6.0\atssoAgents
). - Delete the agent if it exists in Agent Details on the BMC Atrium SSO Admin Console.
- Re-run the deployer script after you fixed the problem (for example, added additional parameters).
- Delete the <containerBaseDir>/atssoAgents folder (for example,
Start the mid tier service.
By default, this plug-in is configured to work with the native plug-in server (C plug-in). You can also use this plug-in directly with the Java plug-in server. For more information on the configuration settings, see Using the Java plug-in server for dynamic plug-in loading in the BMC Remedy AR System 8.1 online documentation.
Note
If the container is not using HTTPS, the
truststore
andtruststore-password
parameters can be ignored. For example:java -jar deployer.jar --install --container-type tomcatv6 --atrium-sso-url https://ssoServer.bmc.com:8443/atriumsso --web-app-url http://midTierServer:8080/arsys --container-base-dir "C:\Program Files\Apache Software Foundation\Tomcat6.0" --admin-name amAdmin --admin-pwd bmcAdm1n --jvm-truststore "C:\Program Files\Java\jre6\lib\security\cacerts" --jvm-truststore-password changeit --not-enforced-uri-file "C:\Program Files\BMC Software\ARSystem\midtier\not-enforced.txt" --web-app-logout-uri /shared/loggedout.jsp
If the
--web-app-logout-uri
parameter is not specified, you can specify the parameter value in Agent Details on the BMC Atrium SSO Admin Console:- On the BMC Atrium SSO Admin Console, click Agent Details.
- Select the agent and click Edit.
- In the Logout Processing section, replace the default value with /arsys/shared/loggedout.jsp.
When you are using a load balancer or reverse proxy, you must add the
--web-app-url
and--notify-url
URLs. In this case, the--web-app-url
URL must be the load balancer URL and the--notify-url
must be the mid tier URL. For example:java -jar deployer.jar --install --container-type tomcatv6 --atrium-sso-url https://ssoServer.bmc.com:8443/atriumsso --web-app-url http://loadbalancerURL:8080/arsys --- --container-base-dir "C:\Program Files\Apache Software Foundation\Tomcat6.0" --admin-name amAdmin --admin-pwd bmcAdm1n --jvm-truststore "C:\Program Files\Java\jre6\lib\security\cacerts" --jvm-truststore-password changeit --not-enforced-uri-file "C:\Program Files\BMC Software\ARSystem\midtier\not-enforced.txt" --web-app-logout-uri /shared/loggedout.jsp
For more information about containers, agents, and deployer commands, see:
Where to go from here
Configuring the BMC Atrium Single Sign-On server for AR System integration
Comments
Log in or register to comment.