This documentation supports the 9.0 version of BMC Atrium Single Sign-On, which is in "End of Version Support." However, the documentation is available for your convenience. You will not be able to leave comments.

Click here to view the documentation for a supported version of Remedy Single Sign-On.

Setting an HTTPS connection

Important

  • HTTPS connection is used to communicate securely with the browsers of end-users so as to protect their credentials, to communicate with LDAPS servers, and to simplify exchange of metadata and certificates with SAML Identity Providers (IdPs).
  • BMC Atrium Single Sign-On does not recommend using an HTTP connection.

To set up an HTTPS connection, the Tomcat server that hosts the BMC Atrium Single Sign-On server must be modified to define an HTTPS connection with an explicit TrustStore and an explicit KeyStore.

The default Tomcat server used by BMC Artium Single Sign-On uses a KeyStore and a TrustStore for secure (HTTPS, Transport Layer Security) communications. 

If the Tomcat server does not have a TrustStore and a KeyStore, you can generate new self-signed certificates. For more information, see Apache Tomcat 7 documentation.

The following XML code is an example of the HTTPS connection and is one of the configuration supported.

The example shows use of KeyStore and TrustStore of type PKCS#12, named keystore.p12 and cacerts.p12 along with password "keystore_password" and "truststore_password" respectively.

<Connector port="8443"
	protocol="org.apache.coyote.http11.Http11Protocol"
	SSLEnabled="true"
	maxThreads="150"
	scheme="https"
	secure="true"
	clientAuth="false"
	sslProtocol="TLS"
	ciphers="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,
	TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
	SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
	SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"
	keystoreFile="CATALINA_HOME/conf/keystore.p12"
	keystorePass="keystore_password " 
	keystoreType="PKCS12"
	keystoreProvider="JsafeJCE"
	truststoreFile="CATALINA_HOME/conf/cacerts.p12"
	truststorePass="truststore_password"
	truststoreType="PKCS12"
	truststoreProvider="JsafeJCE"/>

Note

Switch CATALINA_HOME to the full path in the Tomcat directory. The values provided to CATALINA_HOME needs to be adjusted according to the environment.

Related topics

Where to go from here

  • To install BMC Atrium Single Sign-On, see Installation options .
Was this page helpful? Yes No Submitting... Thank you

Comments