Reference implementation with AR authentication

This reference implementation topic describes the end-to-end tasks required to implement BMC Atrium Single Sign-On with AR System sever and BMC Remedy Mid Tier. The implementation assumes that BMC Atrium Single Sign-On is configured to run in cluster mode comprising initially two nodes.

Navigation Tip

Click the steps in the image to go to the detailed steps in the end-to-end process.

 

Stage 1: Prepare for implementation and installation

StepActionAdditional information
1.

Prepare for Implementation

You must verify the following prior to implementing BMC Atrium Single Sign-On:

  1. Ensure availability of FQDNs of BMC Atrium Single Sign-On Load balancer and individual BMC Atrium Single Sign-On nodes.
  2. Check if the load balancers of the BMC Remedy Mid Tier and BMC Atrium Single Sign-On belong to a common domain.
  3. If your user facing servers are not in the same domain, then you can add DNS aliases to bring them under the same sub-domain. In such an instance, you need to use the alias names during installation. This is applicable to BMC Atrium Single Sign-On server too.
  4. Open communication between the BMC Atrium Single Sign-On nodes. If this is not possible, ensure that the ports - 8091, 8092, 8443 - are configured to accept incoming and outgoing communication for each of the BMC Atrium Single Sign-On nodes.
  5. Check connectivity between the BMC Atrium Single Sign-On nodes:
    1. From Node1 run:
      1. nslookup “fqdn of SSO node1”
      2. nslookup “Hostname of SSO node1”
        i.e. server name without FQDN
      3. “nslookup IPADDRESS_OF_EACH_NODE”
        This command should display the same host name as that of this IP.

    2. From Node2:
      1. nslookup “fqdn of SSO node2”
      2. nslookup “Hostname of SSO node2”
        i.e. server name without FQDN
      3. “nslookup IPADDRESS_OF_EACH_NODE”
        This command should display the same host name as that of this IP.

2.

System Requirements

Before you begin installation, ensure to adhere to the system requirements mentioned in the topic.

Stage 2: Install BMC Remedy AR System server and BMC Remedy Mid Tier

StepActionAdditional information
3.

Installing or Upgrading the BMC Remedy AR System server

You must perform the procedures given in the topic to install or upgrade BMC Remedy AR System server.
4.

Installing or Upgrading the BMC Remedy Mid Tier

You must perform the procedures given in the topic to install or upgrade BMC Remedy Mid Tier.

Stage 3: Install first node

StepActionAdditional information
5.

Installing the first node for an HA cluster on a new Tomcat server

You must perform the procedures given in the topic to install BMC Atrium Single Sign-On first node.
6.

Perform Post Install procedures for the first node

 After installation, you must do the following steps to ensure successful installation of the first node.
  1. Log on to the system using the url: https:<SSO_HOST_NAME>:PORT/atriumsso. SSO_HOST_NAME is the name of the load balancer name if you are using HA. Otherwise, it is the FQDN of BMC Atrium Single Sign-On Host.
  2. After successful login, click few links to ensure that the links respond.
  3. Log off.
  4. Stop the service.
  5. Take a backup of the system because during HA installation some configuration might change in the first node. If the second node installation fails, then this backup will help to restart the installation of the additional nodes.
    1. If this is a VM, take asnapshot of the VM.
    2. If this is not a VM, take the back up of the installed folder “AtriumSSO”.
  6. Start the BMC Atrium Single Sign-On service.

Stage 4: Install additional nodes

StepActionAdditional information
7.

Installing additional nodes for an HA cluster on a new Tomcat server

 You must perform the procedures given in the topic to install BMC Atrium Single Sign-On additional nodes.
8.Perform Post Install procedures for the second node

 After installation, you must do the following steps to ensure successful installation of the second node.

  1. Login to the system using url: https:<SSO_HOST_NAME>:PORT/atriumsso. SSO_HOST_NAME is the name of the load balancer name if you are using HA, otherwise it is the FQDN of the BMC Atrium Single Sign-On Host.
  2. After login, you must see the two BMC Atrium Single Sign-On nodes in the screen on the right hand side.
  3. Logout.

Stage 5: Setup Cluster Communications

StepActionAdditional information
9.Setup cluster communications

After installation of the nodes, you must perform the following steps to setup cluster communications.

  1. Stop both the BMC Atrium Single Sign-On nodes.

  2. Configure messaging between the nodes. Refer Session sharing

  3. Start the first node. If the node takes more than two minutes to start on Linux, it must be due to low entropy. You must ensure adequate level of entropy.
  4. Start the second node.
10.Test cluster communications

You must test the cluster communications prior to installing the certificates.      

  1. Login to the first node.
  2. Enter https://SSO_NODE_NAME:PORT/atriumsso/atsso/ha in the browser window. The resulting page shows two entries on the screen as shown below. If you do not see the results as below then there is a problem with replications from this node.

  3. Login to the second node. Repeat step 2.

Stage 6: Install certificate

StepActionAdditional information
11.

Installing certificates

In a HA environment, the load balancer can serve the certificate to clients or a customer can decide that individual BMC Atrium Single Sign-On nodes can serve the certificates. For deploying certificates, refer this topic.


12.Verify certificate installation

You must verify successful installation of the certificate:

  1. Log on to the system using the url: https:<SSO_HOST_NAME>:PORT/atriumsso.
  2. Ensure that you are not prompted with error messages about the absence of a certificate or an invalid certificate.

Stage 7: Integrate BMC Atrium Single Sign-On with BMC Remedy AR System server and BMC Remedy Mid Tier

StepActionAdditional information
13.

Integrating BMC Single Sign-On with BMC Remedy AR System

9.0 installer has an option to integrate either with BMC Atrium AR System server or BMC Atrium Mid Tier. You must perform the procedures given in the topic to integrate with BMC Atrium AR System server.



14.

Integrating BMC Single Sign-On with BMC Remedy Mid Tier

You must perform the procedures given in the topic to integrate with BMC Atrium Mid Tier.
15.

Using AR for authentication

The AR System Data Store plug-in allows group information associated with BMC Remedy AR System server users to be retrieved and provided to BMC products. The AR authentication module and the AR user store are designed to be used together because it provides additional information for users authenticated against the AR System server.

Stage 8: Test integration

StepActionAdditional information
16.

Test Integration

Testing AR/MT/ASSO with AR Authentication

  1. Login to the BMC Atrium Single Sign-On console using the Load Balancer URL.
  2. Select  /BmcRealm and click Edit.
  3. In the “Realm authentication”, click Add and select “AR Authentication”.
  4. In the resulting screen enter the AR server details.
  5. Save.

Testing Mid Tier

  1. Login to Mid Tier.
  2. Enter your user credentials.
  3. Make sure that you get the view as per your permissions.

Fail Over Testing

  1. Login to Mid Tier.
  2. Stop one of the nodes.
  3. Continue to work on the Mid Tier. You must be able to continue to work without any issues.

Was this page helpful? Yes No Submitting... Thank you

Comments