This documentation supports the 9.0 version of BMC Atrium Single Sign-On, which is in "End of Version Support." However, the documentation is available for your convenience. You will not be able to leave comments.

Click here to view the documentation for a supported version of Remedy Single Sign-On.

Manually configuring mid tier for BMC Atrium Single Sign-On user authentication

For the mid tier to communicate with the BMC Atrium Single Sign-On server for user authentication, follow the steps below to manually configure the mid tier.

Important

If you do not select the Configuration of Atrium Single Sign-On option during the AR System server installation or during the stand-alone installation of mid tier, only then perform the steps in this section.

Note

BMC recommends, you do not install BMC Atrium Single Sign-on and BMC Remedy Mid-Tier on the same computer. BMC Atrium Single Sign-on and BMC Remedy Mid-Tier must use different Tomcat because if the mid-tier computer needs to be restarted, all the other applications will be unavailable because BMC Atrium Single Sign on will be down during the restart.

To manually configure the Mid Tier for BMC Atrium Single Sign-On user authentication

  1. Go to the computer where you installed the Mid Tier.
  2. Stop the mid tier service, if it is already running.
  3. Copy all the jar files from the <MidtierInstallDir>\webagent\dist\jee\WEB-INF\lib directory to the <MidtierInstallDir>\WEB-INF\lib directory.
    For example, copy all the jar files from C:\Program Files\BMC Software\ARSystem\midtier\webagent\dist\jee\WEB-INF\lib to C:\Program Files\BMC Software\ARSystem\midtier\WEB-INF\lib.
  4. Go to the <MidtierInstallDir>\Web-Inf directory and open the web.xml file in an editor.
  5. Uncomment the <filter> and <filter-mapping> tags for the Atrium Single Sign-On filter.
    These tags should look like the following:
    <!--Atrium SSO webagent filter. Un-comment when needed-->
    <filter>
    <filter-name>Agent</filter-name>
    <filter-class>com.bmc.atrium.sso.agents.web.SSOFilter</filter-class>
    </filter>
    
    <!--Atrium SSO webagent filter. Un-comment when needed-->
    <filter-mapping>
    <filter-name>Agent</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>REQUEST</dispatcher>
    <dispatcher>INCLUDE</dispatcher>
    <dispatcher>FORWARD</dispatcher>
    <dispatcher>ERROR</dispatcher>
    </filter-mapping>
    
    Make sure that you save your changes to the web.xml file.
  6. Go to the <MidtierInstallDir>\Web-Inf\classes directory (for example, C:\Program Files\BMC Software\ARSystem\midtier\WEB-INF\classes) and open the config.properties file in an editor.
  7. Add an attribute in the config.properties file.
    For this, comment the DefaultAuthenticator line (arsystem.authenticator=com.remedy.arsys. session.DefaultAuthenticator) and add the following line for the Atrium Single Sign-On Authenticator:
    arsystem.authenticator=com.remedy.arsys.sso.AtriumSSOAuthenticator
    Make sure that you save your changes to the config.properties file.
  8. Go to the computer where you installed the AR System serve and open the ar.cfg (Microsoft Windows) or ar.conf (UNIX or Linux) file in an editor.
    The default location for Windows is C:\Program Files\BMC Software\ARSystem\Conf.
  9. Add the following SSO AREA plug-in entries to the ar.cfg file:
    • (Unix) Plugin — areaatriumsso.so
    • (Windows) Plugin — areaatriumsso.dll
      For example:
      Plugin: areaatriumsso.dll
    • Server Plugin Alias — ARSYS.AREA.ATRIUMSSO ARSYS.AREA.ATRIUMSSO FQDN of AR System server name:PluginPort
      For example:
      Server-Plugin-Alias: ARSYS.AREA.ATRIUMSSO ARSYS.AREA.ATRIUMSSO arSystemServer.bmc.com:9999
      Make sure that the SSO entries are listed first; otherwise they will not be used by the AR System server.
      Plugin: areaatriumsso.dll
      Plugin: ardbcconf.dll
      Plugin: reportplugin.dll
      Plugin: ServerAdmin.dll
      Server-Plugin-Alias: 
      ARSYS.AREA.ATRIUMSSO ARSYS.AREA.ATRIUMSSO 
      xyz-abc-x28-vm1.dsl.bmc.com:9999
      Server-Plugin-Alias: 
      ARSYS.ARF.REGISTRY ARSYS.ARF.REGISTRY 
      xyz-abc-x28-vm1.dsl.bmc.com:9999
      Server-Plugin-Alias: 
      ARSYS.ARDBC.REGISTRY ARSYS.ARDBC.REGISTRY 
      xyz-abc-x28-vm1.dsl.bmc.com:9999
      Server-Plugin-Alias: 
      ARSYS.ARDBC.ARREPORTENGINE ARSYS.ARDBC.ARREPORTENGINE 
      xyz-abc-x28-vm1.dsl.bmc.com:9999
      Server-Plugin-Alias: 
      ARSYS.ARF.QUERYPARSER ARSYS.ARF.QUERYPARSER 
      xyz-abc-x28-vm1.dsl.bmc.com:9999
      Server-Plugin-Alias: 
      ARSYS.ALRT.WEBSERVICE ARSYS.ALRT.WEBSERVICE 
      xyz-abc-x28-vm1.dsl.bmc.com:9999
      Server-Plugin-Alias: 
      ARSYS.ARF.PARSEPARAMETERS ARSYS.ARF.PARSEPARAMETERS 
      xyz-abc-x28-vm1.dsl.bmc.com:9999
      Server-Plugin-Alias: 
      ARSYS.ARF.PUBLISHREPORT ARSYS.ARF.PUBLISHREPORT 
      xyz-abc-x28-vm1.dsl.bmc.com:9999
      Server-Plugin-Alias: 
      ARSYS.ARF.REPORTSCHEDULER ARSYS.ARF.REPORTSCHEDULER 
      xyz-abc-x28-vm1.dsl.bmc.com:9999
      Server-Plugin-Alias: 
      ARSYS.ARF.RSAKEYPAIRGENERATOR ARSYS.ARF.RSAKEYPAIRGENERATOR 
      xyz-abc-x28-vm1.dsl.bmc.com:9999
      Server-Plugin-Alias: 
      ARSYS.ALRT.TWITTER ARSYS.ALRT.TWITTER 
      xyz-abc-x28-vm1.dsl.bmc.com:9999
      Server-Plugin-Alias: 
      ARSYS.ARF.TWITTER ARSYS.ARF.TWITTER 
      xyz-abc-x28-vm1.dsl.bmc.com:9999
      
  10. Save your changes to the ar.cfg or ar.conf file.
  11. Go back to the computer where you installed the Mid Tier.
  12. Copy the cacerts file from the JDK installed location to the Tomcat conf folder.
    For example, copy cacerts from C:\Program Files\Java\jdk1.7.0_03\jre\lib\security to C:\Program Files\Apache Software Foundation\Tomcat6.0\conf.
  13. If your Mid Tier installation does not already include the not-enforced.txt file, save the attached file to the Mid Tier folder.
    For example, right-click the link, and then select Save link as to the C:\Program Files\BMC Software\ARSystem\midtier folder.
    A typical not-enforced.txt file contains the URIs listed in the code snippet below. URIs listed in this file are not protected by the agent. Their contents are uploaded into the BMC Atrium Single Sign-On server to become part of the Agent configuration.
    When you later finish integration, this file is no longer used or needed. If you must update the agent configuration, access Agent Details on the BMC Atrium SSO Admin Console to modify the Not Enforced URI Processing values.
    /arsys/services/*
    /arsys/WSDL/*
    /arsys/shared/config/*
    /arsys/shared/doc/*
    /arsys/shared/images/*
    /arsys/shared/timer/*
    /arsys/shared/ar_url_encoder.jsp
    /arsys/shared/error.jsp
    /arsys/shared/file_not_found.jsp
    /arsys/shared/HTTPPost.class
    /arsys/shared/login.jsp
    /arsys/shared/login_common.jsp
    /arsys/shared/view_form.jsp
    /arsys/shared/logout.jsp
    /arsys/shared/wait.jsp
    /arsys/servlet/ConfigServlet
    /arsys/servlet/GoatConfigServlet
    /arsys/plugins/*
    
  14. Execute the deployer script to deploy the WebAgent.
    For this, run the following script through command line interface under the deployer directory (webagent\deployer):
    java -jar deployer.jar --install --container-type -TOMCATversion 
    --atrium-sso-url AtriumSSOURL<FQDNofAtriumSSOServer>:<port>/atriumsso 
    --web-app-url MidtierSSOURL<FQDNofMidtierServer>:<port>/arsys 
    --container-base-dir AppServerHome --admin-name AtriumServerAdminUsername 
    --admin-pwd AtriumServerAdminPassword 
    --jvm-truststore "JavaHome \jre\lib\security\cacerts" 
    --jvm-truststore-password TruststorePassword 
    --truststore "AppServerHome\conf\cacerts" 
    --truststore-password TruststorePassword 
    --not-enforced-uri-file "midTierPath\not-enforced.txt" 
    --web-app-logout-uri /shared/loggedout.jsp
    
    For example:
    java -jar deployer.jar --install --container-type tomcatv6 
    --atrium-sso-url https://ssoServer.bmc.com:8443/atriumsso 
    --web-app-url http://midTierServer:8080/arsys 
    --container-base-dir 
    "c:\Program Files\Apache Software Foundation\Tomcat6.0" 
    --admin-name amadmin --admin-pwd Let$in09 
    --jvm-truststore 
    "c:\Program Files\Java\jdk1.7.0_03\jre\lib\security\cacerts" 
    --jvm-truststore-password changeit 
    --truststore 
    "c:\Program Files\Apache Software Foundation\Tomcat6.0\conf\cacerts" 
    --truststore-password changeit 
    --not-enforced-uri-file 
    "C:\Program Files\BMC Software\ARSystem\midtier\not-enforced.txt" 
    --web-app-logout-uri /shared/loggedout.jsp
    

    Note

    If the container is not using HTTPS, the truststore and truststore-password parameters can be ignored. For example:

    java -jar deployer.jar --install --container-type tomcatv6 --atrium-sso-url 
    https://ssoServer.bmc.com:8443/atriumsso --web-app-url 
    http://midTierServer:8080/arsys 
    --container-base-dir "C:\Program Files\Apache Software Foundation\Tomcat6.0" 
    --admin-name amAdmin --admin-pwd bmcAdm1n --jvm-truststore 
    "C:\Program Files\Java\jre6\lib\security\cacerts" 
    --jvm-truststore-password changeit 
    --not-enforced-uri-file 
    "C:\Program Files\BMC Software\ARSystem\midtier\not-enforced.txt" 
    --web-app-logout-uri /shared/loggedout.jsp
    

    Tip

    If the --web-app-logout-uri parameter is not specified, you can specify the parameter value in Agent Details on the BMC Atrium SSO Admin Console:

    1. On the BMC Atrium SSO Admin Console, click Agent Details.
    2. Select the agent and click Edit.
    3. In the Logout Processing section, replace the default value with /arsys/shared/loggedout.jsp.
  15. Make sure that the deployer script successfully finishes execution and is completed.

    Tip

    If the deployer script fails:

    1. Delete the <containerBaseDir>/atssoAgents folder (for example, C:\Program Files\Apache Software Foundation\Tomcat6.0\atssoAgents).
    2. Delete the agent if it exists in Agent Details on the BMC Atrium SSO Admin Console.
    3. Re-run the deployer script after you fixed the problem (for example, added additional parameters).
  16. Start the mid tier service.

    Note

    By default, this plug-in is configured to work with the native plug-in server (C plug-in). You can also use this plug-in directly with the Java plug-in server. For more information on the configuration settings, see Using the Java plug-in server for dynamic plug-in loading in the BMC Remedy AR System 8.0 online documentation.

For more information about containers, agents, and deployer commands, see:

Where to go from here

Configuring the BMC Atrium Single Sign-On server for AR System integration

Was this page helpful? Yes No Submitting... Thank you

Comments