×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')

 

This documentation supports the 9.0 version of BMC Atrium Single Sign-On, which is in "End of Version Support." However, the documentation is available for your convenience. You will not be able to leave comments.

Click here to view the documentation for a supported version of Remedy Single Sign-On.
BMC Atrium Single Sign-On 9.0 Integrating

Integrating BMC Mobility for ITSM

This topic describes how to integrate BMC Atrium Single Sign-On with BMC Mobility for supporting Security Assertion Markup Language (SAML). The typical process for integrating BMC Atrium Single Sign-On with BMC Remedy IT Service Management (ITSM) is to install BMC Atrium Single Sign-On, install BMC Remedy ITSM, and then integrate Atrium SSO with ITSM.

Following topics are provided:

Before you begin

  • Ensure that you have BMC Remedy ITSM installed, before you can enable integration with BMC Atrium Single Sign-On.
  • Ensure that users of BMC Remedy ITSM that you want to use, exist in the BMC Atrium Sign-On server. See Managing users and Managing user groups.
  • If you want to use the latest features of BMC Atrium Single Sign-On, you must upgrade to the 9.0 web agents libraries on your existing BMC product servers.You do not need to reintegrate your products with BMC Atrium Single Sign-On. Contact the respective BMC product administrator for upgrading agent libraries.

Limitations

  • The mobile applications do not support pop-up windows for login. The SAML IdP in Atrium SSO must provide a login page that is compatible with the embedded WebKit browser.
  • The BMC Mobility server must be configured with secure socket layer (SSL) for SAML authentication. The mobile applications require a trusted SSL certificate and do not work with self-signed or untrusted certificates.

  • The identity provider (IdP) that BMC Mobility for ITSM supports are as follows:

    • Active Directory Federation Services (ADFS)

    • Okta
    • BMC Atrium SSO

Integrating BMC Mobility to support SAML authentication

You must use the following steps for configuring BMC Mobility and BMC Atrium SSO so that BMC Mobility can use single sign-on for logging on to BMC Mobility.

To integrate Atrium SSO support in BMC Mobility server

  1. Stop the BMC Mobility server.

  2. Copy all the jar files from the <MidtierInstallDir>\webagent\dist\jee\WEB-INF\lib directory to the <MidtierInstallDir>\WEB-INF\lib directory.
    For example, copy all the jar files from C:\Program Files\BMCSoftware\ARSystem\midtier\webagent\dist\jee\WEB-INF\lib to C:\Program Files\BMCSoftware\ARSystem\midtier\WEB-INF\lib.

  3. Uncomment the BMC Atrium Single Sign-On filter in the web.xml file on BMC Mobility server.

     <!- Atrium SSO webagent filter. Un-comment when needed ->
  <filter>
    <filter-name>Agent</filter-name>
    <filter-class>com.bmc.atrium.sso.agents.web.SSOFilter</filter-class>
  </filter>
  <!- Atrium SSO webagent filter. Un-comment when needed ->
  <filter-mapping>
    <filter-name>Agent</filter-name>
    <url-pattern>/restapi/SSOLogin/*</url-pattern>
    <dispatcher>REQUEST</dispatcher>
    <dispatcher>INCLUDE</dispatcher>
    <dispatcher>FORWARD</dispatcher>
    <dispatcher>ERROR</dispatcher>
</filter-mapping>
  4. Copy the cacerts file from JDKInstallationDirectory\jre\lib\security to the Tomcat conf folder (for example, C:\Program Files\Apache Software Foundation\Tomcat6.0\conf).

  5. To deploy the web agent that will be used by the BMC Mobility server to perform single sign-on using SAML, run the following script in the command line from the deployer directory (change directory to webagent > deployer):

    java -jar deployer.jar --install --container-type tomcatv7 --atrium-sso-url https:// <FQDN-of-Atrium-SSO-Server>:<port>/atriumsso --web-app-url https:// <FQDN-of-loadbalancer>:<port>/MobilityServer --notify-url https://<FQDN-of-Mobility-Server>:<port>/MobilityServer --container-base-dir C:\Program Files\Apache Software Foundation\Tomcat6.0\ --admin-name [SSO Admin Username] --admin-pwd [SSO Admin Password] --jvm-truststore "C:\ProgramFiles\Java\jdk1.6.0_18\jre\lib\security\cacerts" --jvm-truststore-password changeit --trustore "C:\Program Files\Apache Software Foundation\Tomcat6.0\conf\cacerts" --truststore-password changeit --web-app-logout-uri /restapi/SSOLogin/Logout

    Note

    Ensure that the paths in the script are replaced by the actual paths on your server.

To integrate BMC Mobility support on BMC Atrium SSO Console

You must integrate BMC Mobility in BMC Atrium SSO Console differently when multi-tenancy support for mid tier is enabled. When multi-tenancy support is enabled

When multi-tenancy support for mid tier is disabled

  1. Configure the Login URl for the BMC Atrium Single Sign-On server using following steps:

    1. Log on to the BMC Atrium SSO Admin Console and click Agent Details.
    2. Select the /MobilityServer@FQDN:portNumber agent and click Edit.

    3. In the Agent Editor, change the Login URl to be the same as the Mid Tier Agent Login URl (for example, https://serverName:portNumber/atriumsso/spssoinit?metaAlias=/BmcRealm/sp&idpEntityID=idp). 

      Login URl and Logout URI field in the Agent Editor

  2. Configure the Logout URl for the BMC Atrium Single Sign-On server as follows:
    In the Agent Editor, change the Logout URl to be the same as the Mid Tier Agent Logout URl (for example, https://serverName:portNumber/atriumsso/saml2/jsp/spSingleLogoutInit.jsp?idpEntityID=<idp>).

When multi-tenancy support for mid tier is enabled

  1. Configure the Login URl and Logout URIfor the BMC Atrium Single Sign-On server using following steps:
    1. Log on to the BMC Atrium SSO Admin Console and click Agent Details.
    2. Select the /MobilityServer@FQDN:portNumber agent and click Edit.
    3. Select the realm from the Realms drop-down list and click Add.
    4. Select the tenant and click Edit.

    5. Add the individual Login URI for each realm. For more information about mapping realm URLs, see Mapping realm URLs to an agent manually.

      Login URl and Logout URI field in the Agent Editor with multiple realms

    6. Add the Logout URl for each realm. For more information about mapping realm URLs, see Mapping realm URLs to an agent manually.
  2. Configure the tenant domain using the following steps:
    1. On the BMC Atrium SSO Console, select the realm for which you want to add the tenant domain.
    2. Click Edit on the top-right corner of the console and edit the Tenant Domain field value that you provided for creating a realm.
    3. Add the tenant domain URL which you the users will access from the mobile devices. Use semi colon for adding more than one URL. For example, admin.xyz.bmc.com; users.xyz.bmc.com.

To enable SAML logon in the BMC Mobility application

  1. Open the Mobility Administration: Tenant form in a browser.
  2. Search for the records for specific tenant with their Tenant ID or Tenant name. If multi-tenancy is disabled, you can search for the record with Tenant ID as 000000000000001.
  3. Change the SAML Authentication setting to Yes.
  4. Save your changes.

You must start the BMC Mobility server after making the configuration changes.

Related Topics

Was this page helpful? Yes No Submitting... Thank you
Last modified by Kamalakannan Srinivasan on May 18, 2015

Comments

Log in or register to comment.

Integrating BMC Atrium Orchestrator Platform
Integrating BMC Real End User Experience Monitoring
© Copyright 2024 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.