Running the SSOARIntegration utility on the AR System server
Performing the Single Sign-On integration with the BMC Remedy AR System server and the BMC Remedy Mid Tier is a two-step sequence:
- Run the SSOARIntegration utility on the computer where the AR System server is installed (this procedure).
- Run the SSOMidtierIntegration utility on the computer where the Mid Tier is installed.
Before you begin
- Make sure that Oracle JRE 1.6.0_23 or higher is installed on the AR System server.
- If you have enabled FIPS-140 mode in BMC Atrium Single Sign-On, you must install the FIPS encryption on AR System server before running the SSOARIntegration utility. For more information, see Configuring FIPS-140 mode
If you are running the AR System web services with a proxy server, you must configure your AR System server for a proxy server. For more information, see Configuring AR System server for a proxy server.
To run the SSOARIntegration utility to integrate Single Sign-On and the AR System server
On the computer where the AR System server is installed, navigate to the <ARSystemServerInstall>\artools\AtriumSSOIntegrationUtility directory.
For example, navigate to C:\Program Files\BMC Software\ARSystem\artools\AtriumSSOIntegrationUtility.Open the arintegration.txt file and update the parameters for your environment.
For example, you can enter the supported container types such as Tomcat 6, JBOSS v4, and so on.Tip
When you are using a BMC Atrium SSO load balancer, you must add the load balancer URL in the
--atrium-sso-urlparameter instead of adding the server URL.#AR Server Name, Provide the AR server name. --ar-server-name=arsystemserver.bmc.com #AR Server User, Provide the AR server user. --ar-server-user=Demo #AR Server Password, Provide the AR server password. --ar-server-password=Demo #AR Server Port, Provide the AR server port. --ar-server-port=0 #Atrium SSO URL, Provide the Atrium SSO URL #and and make sure the server name is #provided with fully qualified domain name #and port is also provided in the URL. --atrium-sso-url=https://ssoserver.bmc.com:8443/atriumsso #Atrium SSO Admin Name --admin-name=amadmin #Atrium SSO Password --admin-pwd=ssoadminpassword #TrustStore Path, Path to the truststore directory. #This is an optional parameter. #Remove # to uncomment and use the below property. #--truststore=truststorepath | Optional parameter. #TrustStore Password. This is an optional parameter. #Remove # to uncomment and use the below property. #--truststore-password=truststorepassword | Optional parameter. #force option, It accepts values as "Yes" or "No" where default is "No". #If "Yes" is provided then utility will not wait #for user to shutdown the webserver, if not shutdown already. #This is true in case, where webserver is other then tomcat or jboss. #Remove # to uncomment and use the below property. #--force=<Yes or No>Note
- Blank passwords are not supported. Your AR System server user must have a password before you run this utility.
- Fully-qualified domain names for the AR System server and Atrium SSO URL parameters are required.
- The --truststore=truststorepath and --truststore-password=truststorepassword parameters are optional when integrating Single Sign-On and the AR System server. The #TrustStore Path is the local java truststore path and the value is used for providing the path of the certificate. This value is added automatically by the SSOARIntegration utility using the local java truststore.
- The --force=Yes or No parameter is optional. If you pass this input, you are not prompted for any manual inputs to restart the AR System server and the server is started automatically. Otherwise, you are prompted to restart the AR System server.
- Review the optional inputs carefully for your environment.
Open a command window and navigate to the <ARSystemServerInstall>\artools\AtriumSSOIntegrationUtility directory.
- Enter the following command:
java -jar SSOARIntegration.jar --inputfile arintegration.txtNote
If you have enabled FIPS-140 mode in BMC Atrium SSO and BMC Remedy AR System, you must run the following integration command using -Datsso.sdk.in.fips140.mode=true parameter.
For more information about enabling FIPS-140 mode, see Configuring FIPS-140 modejava -jar SSOARIntegration.jar -Datsso.sdk.in.fips140.mode=true --inputfile arintegration.txt
When prompted by the utility, restart the AR System server.
- Review AR server external authentication settings and group mapping and restart the AR System server.
- When execution is successfully completed, run the SSOMidtierIntegration utility on the Mid Tier.
Info
To troubleshoot installation failures, or for information about log files or configurations performed by the SSOMidtierIntegration utility, see Troubleshooting AR System server and Mid Tier integrations.
Comments
7. Go to Reviewing AR server external authentication settings and configuring group mapping page. Restart AR again.
8. When execution is successfully completed, run the SSOMidtierIntegration utility on the Mid Tier.
Thanks for your comment, Koray.
I have updated the procedure.
-Hemant
Please add more details on
#TrustStore Path, Path to the truststore directory. This is an optional parameter.#Remove # to uncomment and use the below property.#--truststore=truststorepath | Optional parameter.Thank you for your comment, Srivamsi.
I have updated the Note with necessary information.
The #TrustStore Path is the local java truststore path and the value is used for providing the path of the certificate. This value is added automatically by the SSOARIntegration utility using the local java truststore.
- Abhay
Guys if AR server is in server group and behind physical load balancer, should i put LB name or each AR server name in
--ar-server-name=parameter?Hi Taras,
When AR System server is in a server group with LB, you have to run this utility on each server individually and for each
--ar-server-name= parameter, you must provide the name of the AR System server which is specified in the Windows services. For example, BMC Remedy Action Request System Server XYZ-s.Thanks!
-Abhay
Abhay thank you for prompt response. Going to submit change request to correct config
If i'm setting up multiple AR servers, should I configure more than 1 in the AR User store or I should take the existing one and point in to the Load balancer in front of my AR Servers that are accessible to end users?
Hi Mario, you can use the LB.
Hi,
For ARS Server 7.6 P4, is the AR Tool Utility available? I know BMC enforce upgrade be done on the ARS Server. Can the integration still be done without the utility and how?
Hi Peter,
Sorry for the delay in response.
For upgrading, you need to run the upgrade script from upgrade directory: SSOBuild>Webagents.zip>upgrade.
You can find the webagent upgrade script in upgrade directory when you unzip the webagent.zip file from your BMC Atrium Single Sign-On server build.
You do not need to reintegrate your AR System server.
Thanks!
-Abhay
Ok, so far, here is the setup
2 Mid Tiers Load Balanced
2 SSO Servers Clustered
2 ARS Server group'd
1 ARS Admin
1 Analytics Standalong
I have 1 Mid tier server integrated into SSO cluster (SSO console on each see's the Agent)
I have SSO Clustered and talking to each other
ARS Server group working properly.
When i stop the service on SSO 1, MT appears to be sending traffic to SSO2, but never gets a reply, when i fiddler trace, I see it's sent a request to SSO2, but just sits in pending forever.
When I test :
Analytics on SSO1 only : it works fine.
Analytics on SSO2 only: it works fine.
SSO talks to the LB in front of AR and it does the job without issues.
Is there any settings i missed somewhere?
I have the Agents, Server config and HA config on SSO set with the Same cookie (SSO LB name)
Seems that there are settings on my MT that need updating. Any clues ?
Hi Mario,
Sorry for the delay in response.
Can you please confirm if you have done the MT integration correctly using the MT Integration utility?
When you say you shutdown your SSO node, is the issue specific to any one node or the behavior is same for any of the node?
Please get in touch with support if none of the above resolves your queries.
Thanks!
-Abhay
Hi
If I want to uninstall BMC ASSO, will the installer automatically undo the integration with both AR and MidTier servers? or is there any addtional steps or commands I need to perform?
Thank you!
Hi Darmwan,
You cannot run the installer for removing the integration. Please find the topic for removing Mid Tier integration here:
Removing integration with BMC Remedy Mid Tier
You do not need to remove integration with AR System server.
Thanks!
-Abhay
Log in or register to comment.