Reference implementation with AR authentication

This reference implementation topic describes the end-to-end tasks required to implement BMC Atrium Single Sign-On with AR System sever and BMC Remedy Mid Tier. The implementation assumes that BMC Atrium Single Sign-On is configured to run in cluster mode comprising initially two nodes.

Navigation Tip

Click the steps in the image to go to the detailed steps in the end-to-end process.

Stage 1: Prepare for implementation and installation

Step

Action

Additional information

1.

Prepare for Implementation

You must verify the following prior to implementing BMC Atrium Single Sign-On:

Ensure availability of FQDNs of BMC Atrium Single Sign-On Load balancer and individual BMC Atrium Single Sign-On nodes.
Check if the load balancers of the BMC Remedy Mid Tier and BMC Atrium Single Sign-On belong to a common domain.
If your user facing servers are not in the same domain, then you can add DNS aliases to bring them under the same sub-domain. In such an instance, you need to use the alias names during installation. This is applicable to BMC Atrium Single Sign-On server too.
Open communication between the BMC Atrium Single Sign-On nodes. If this is not possible, ensure that the ports - 8091, 8092, 8443 - are configured to accept incoming and outgoing communication for each of the BMC Atrium Single Sign-On nodes.
Check connectivity between the BMC Atrium Single Sign-On nodes:
1. From Node1 run:
  1. nslookup “fqdn of SSO node1”
  2. nslookup “Hostname of SSO node1”
    i.e. server name without FQDN
  3. “nslookup IPADDRESS_OF_EACH_NODE”
    This command should display the same host name as that of this IP.
2. From Node2:
  1. nslookup “fqdn of SSO node2”
  2. nslookup “Hostname of SSO node2”
    i.e. server name without FQDN
  3. “nslookup IPADDRESS_OF_EACH_NODE”
    This command should display the same host name as that of this IP.

2.

System Requirements Open link

Before you begin installation, ensure to adhere to the system requirements mentioned in the topic.

Stage 2: Install BMC Remedy AR System server and BMC Remedy Mid Tier

Step

Action

Additional information

3.

Installing Open link or Upgrading the BMC Remedy AR System server

You must perform the procedures given in the topic to install or upgrade BMC Remedy AR System server.

4.

Installing Open link or Upgrading the BMC Remedy Mid Tier

You must perform the procedures given in the topic to install or upgrade BMC Remedy Mid Tier.

Stage 3: Install first node

Step

Action

Additional information

5.

Installing the first node for an HA cluster on a new Tomcat server Open link

You must perform the procedures given in the topic to install BMC Atrium Single Sign-On first node.

6.

Perform Post Install procedures for the first node

After installation, you must do the following steps to ensure successful installation of the first node.

Log on to the system using the url: https:<SSO_HOST_NAME>:PORT/atriumsso. SSO_HOST_NAME is the name of the load balancer name if you are using HA. Otherwise, it is the FQDN of BMC Atrium Single Sign-On Host.
After successful login, click few links to ensure that the links respond.
Log off.
Stop the service.
Take a backup of the system because during HA installation some configuration might change in the first node. If the second node installation fails, then this backup will help to restart the installation of the additional nodes.
1. If this is a VM, take asnapshot of the VM.
2. If this is not a VM, take the back up of the installed folder “AtriumSSO”.
Start the BMC Atrium Single Sign-On service.

Stage 4: Install additional nodes

Step

Action

Additional information

7.

Installing additional nodes for an HA cluster on a new Tomcat server Open link

You must perform the procedures given in the topic to install BMC Atrium Single Sign-On additional nodes.

8.

Perform Post Install procedures for the second node

After installation, you must do the following steps to ensure successful installation of the second node.

Login to the system using url: https:<SSO_HOST_NAME>:PORT/atriumsso. SSO_HOST_NAME is the name of the load balancer name if you are using HA, otherwise it is the FQDN of the BMC Atrium Single Sign-On Host.
After login, you must see the two BMC Atrium Single Sign-On nodes in the screen on the right hand side.
Logout.

Stage 5: Setup Cluster Communications

Step

Action

Additional information

9.

Setup cluster communications

After installation of the nodes, you must perform the following steps to setup cluster communications.

Stop both the BMC Atrium Single Sign-On nodes.
Configure messaging between the nodes. Refer Session sharing
Start the first node. If the node takes more than two minutes to start on Linux, it must be due to low entropy. You must ensure adequate level of entropy.
Start the second node.

10.

Test cluster communications

You must test the cluster communications prior to installing the certificates.

Login to the first node.
Enter https://SSO_NODE_NAME:PORT/atriumsso/atsso/ha in the browser window. The resulting page shows two entries on the screen as shown below. If you do not see the results as below then there is a problem with replications from this node.
Login to the second node. Repeat step 2.

Stage 6: Install certificate

Step

Action

Additional information

11.

Installing certificates Open link

In a HA environment, the load balancer can serve the certificate to clients or a customer can decide that individual BMC Atrium Single Sign-On nodes can serve the certificates. For deploying certificates, refer this topic.

12.

Verify certificate installation

You must verify successful installation of the certificate:

Log on to the system using the url: https:<SSO_HOST_NAME>:PORT/atriumsso.
Ensure that you are not prompted with error messages about the absence of a certificate or an invalid certificate.

Stage 7: Integrate BMC Atrium Single Sign-On with BMC Remedy AR System server and BMC Remedy Mid Tier

Step

Action

Additional information

13.

Integrating BMC Single Sign-On with BMC Remedy AR System Open link

9.0 installer has an option to integrate either with BMC Atrium AR System server or BMC Atrium Mid Tier. You must perform the procedures given in the topic to integrate with BMC Atrium AR System server.

14.

Integrating BMC Single Sign-On with BMC Remedy Mid Tier Open link

You must perform the procedures given in the topic to integrate with BMC Atrium Mid Tier.

15.

Using AR for authentication Open link

The AR System Data Store plug-in allows group information associated with BMC Remedy AR System server users to be retrieved and provided to BMC products. The AR authentication module and the AR user store are designed to be used together because it provides additional information for users authenticated against the AR System server.

Stage 8: Test integration

Step

Action

Additional information

16.

Test Integration

Testing AR/MT/ASSO with AR Authentication

Login to the BMC Atrium Single Sign-On console using the Load Balancer URL.
Select /BmcRealm and click Edit.
In the “Realm authentication”, click Add and select “AR Authentication”.
In the resulting screen enter the AR server details.
Save.

Testing Mid Tier

Login to Mid Tier.
Enter your user credentials.
Make sure that you get the view as per your permissions.

Fail Over Testing

Login to Mid Tier.
Stop one of the nodes.
Continue to work on the Mid Tier. You must be able to continue to work without any issues.

Reference implementation with AR authentication

Stage 1: Prepare for implementation and installation

Stage 2: Install BMC Remedy AR System server and BMC Remedy Mid Tier

Stage 3: Install first node

Stage 4: Install additional nodes

Stage 5: Setup Cluster Communications

Stage 6: Install certificate

Stage 7: Integrate BMC Atrium Single Sign-On with BMC Remedy AR System server and BMC Remedy Mid Tier

Stage 8: Test integration

Comments