Configuring user authentication for the Presentation Server in Remedy SSO
After you create or edit and configure the tenant details in Remedy SSO, you must configure the user authentication type. Remedy SSO can be configured to provide one of the following authentication types for the TrueSight Presentation Server:
From the TrueSight console, you can only view the user information. You must perform all modifications to the user information in Remedy SSO. You can do that by cross-launching to Remedy SSO from the TrueSight console.
Before you begin
- You must have installed Remedy SSO.
- You must have
- You must have configured tenants to be used with the TrueSight Presentation Server.
Local User Management authentication
Local Users Management authentication is a simple light-weight user store which is not supposed to be a corporate-wide authentication provider. It is not designed as a high performance authentication provider to support group policies, password expiration, and so on. It allows creating realm specific user stores which can be used for different purposes. For example, in multi-tenant environments, it can be used to configure admin privileges for different tenants using different user accounts belonging to appropriate realms.
Typical use cases for Local User Management authentication:
- when using local users for applications requiring several user accounts
- when corporate identity providers are not available
- for testing purposes
You should consider other authentication types in case you are designing corporate-wide authentication for a high workload.
All local users and groups created after the release of 9.1 SP2 and prior to upgrading to 9.1 SP3 are not assigned to any realm. After the upgrade of Remedy Single Sign-On to 9.1 SP3, a new empty realm is created and all existing local users are moved into it. The administrator can remove local users from this realm and recreate them for the necessary realm if needed.
The Remedy SSO server provides support for using external Lightweight Directory Access Protocol (LDAP) servers for authentication. The Lightweight Directory Access Protocol (LDAP) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network.
Support for LDAP also includes using external Active Directory (AD) servers for authentication. The Active Directory authentication must be configured for the enterprise environment.
You can configure the Remedy Single Sign-On (Remedy SSO) server to authenticate users through SAMLv2 authentication. SAML V2.0 is implemented by forming a Circle of Trust that comprises a Service Provider (SP) and an Identity Provider (IdP).
The SP hosts and protects the services that the user accesses. Remedy SSO is configured as an SP for BMC products. The IdP authenticates users and provides details of the authentication information to the SP.
Kerberos is a trusted third-party authentication service that is used to provide authentication service for all client and server applications by using secret-key cryptography. The clients and servers are collectively referred to as principals. Kerberos uses a database that contains the private keys of clients and servers. The private keys are used to authenticate different clients and servers on a network. Kerberos also generates temporary session keys that are shared between a client and a server to communicate with each other. All communications between a client and server are then encrypted with the temporary session key.
Before configuring the Kerberos authentication, you must create a Service Account in Active Directory and Add an SPN mapping to authenticate the service. A given SPN can be registered on only one account.
Certificate-based authentication uses the Digital Certificate to identify the users or system resources before granting access. Ensure that the following conditions are met before configuring the certificate-based authentication:
- Client has a valid Public Key Certificate
- SSL support is configured for the server
- Client authentication is configured on the server
This section provides the following information for configuring authentication types in Remedy SSO: