Setting up OpenID authentication in Remedy SSO


You can configure the Remedy Single Sign-On (Remedy SSO) server to authenticate TrueSight Presentation Server users using an OpenID authentication mechanism.

The following topics help you to perform the OpenID configuration tasks in Remedy SSO and create an authorization profile in the TrueSight console :


Related topics

Configuring tenants in Remedy SSO

To enable multi-tenancy in Presentation Server

Managing authorization profiles

Role-based access

OpenID Authentication

  • This authentication is supported only with TrueSight Presentation Server version 11.3.02 and later.
  • The TrueSight REST API calls are not supported for OAuth users.

Before you begin

  • You must have installed and configured the Remedy SSO to work with the Presentation Server and its component products. For details, see  Planning to deploy Remedy SSO   and   Installing Remedy Single Sign-On.
  • (Applicable only to Presentation Server versions configured with Atrium SSO)  You must migrate the internal user data from Atrium SSO to Remedy SSO. For details, see  Migrating internal user data from Atrium SSO to Remedy SSO.
  • You must have configured tenants to be used with the Presentation Server. For details, see  Configuring tenants for the Presentation Server in Remedy SSO.
  • You must have set the Remedy SSO general settings. For details, see  Set up the Remedy SSO server.
  • Configure a realm for the authentication. For more information on realm configuration, see  Adding and configuring realms in Remedy SSO.
  • Ensure that you have procured the details of your OAuth provider. To know how to configure an OAuth provider, see the example Configuring an OAuth provider using Google OAuth.

Configuring OpenID in Remedy SSO

  1. (Optional) Click Enable Chaining Mode and perform the following steps to enable authentication chaining. For more information about the authentications that you can chain with OIDC, see  Authentication fallback  and  Enabling authentication chaining mode.
    1. Click Add Authentication.
    2. Select the required authentication type and enter the authentication details.
    3. Repeat steps a through b to add more authentications for the realm.
  2. Click Add Authentication.
  3. In the Authentication Type field, click LOCAL.
  4. Enter the LOCAL details. For more information on parameters, see LOCAL authentication parameters.
  5. Create users and user groups for the LOCAL authentication. 
    The users in LOCAL should be exactly same as the OAuth users.
  6. Associate users to the user groups.


Important Information

Add the LOCAL authentication entry below the OIDC authentication entry, and do not promote or move the LOCAL entry above the OIDC entry.


Configuring an OAuth provider using Google OAuth

Do the following:

  1. Log in to Google project, go to Credentials > Create Credentials > OAuth Client ID.


  2. Select Web Application application type, and click Create.

  3. Save the Client ID and Secret information of the credentials in a notepad. You will need these details later.
  4. Provide the name for your OAuth 2.0 client.

  5. Provide the URIs for the Authorised JavaScript origins, and Authorised redirect URIs as shown in the following example: 

    • Authorised JavaScript origins: https://<rsso_host_FQDN>:<rsso_port>

    • Authorised redirect URIs: https://<rsso_host_FQDN>:<rsso_port>/rsso/redirect

  6. Select the OAuth consent screen tab to view the scope and branding information. 

    In this step, you can decide whether to grant your application the requested access. The consent window that shows the name of your application and the Google API services that it is requesting permission to access with the authorization credentials and a summary of the scopes of access to be granted. You can consent to grant access to one or more scopes requested by your application or refuse the request.

  7. Log in to the Remedy Single Sign-On server using the Admin user, select the Realm tab.

  8. Create a new realm or edit the existing one. 

  9. Under the Authentication tab, select OIDC, and click on Import to get the OIDC provider information. 

  10. Open the following URL: 

    https://accounts.google.com/.well-known/openid-configuration

    The page will have the pre-populated URL information. For the remaining fields, set the values as explained below:

    • Scope: Provide the email

    • Client ID & secret information: Use the information saved from Step 3.

    • User ID field name: sub

    • Prompt: Retain the default value

    • User ID transformation: None

  11. Click Save.

  12. For the successful TrueSight Operations Management authorization login, you will need OIDC user group information. 

  13. If you have created new realm and not using default (*) realm, create authorization profile for new realm with appropriate user group and roles mapping.

  14. Log in to TrueSight console using the Google ID and validate. 
Was this page helpful? Yes No Submitting... Thank you

Comments