Configuring BMC Helix Single Sign-on for BMC Helix Automation Console
According to your endpoint manager, you must configure TrueSight Network Automation or TrueSight Server Automation to use BMC Helix SSO, to allow you to log on to BMC Helix Automation Console using the BMC Helix SSO credentials.
Currently, BMC Helix Automation Console supports Local, Lightweight Active Directory Protocol (LDAP), and SAML types of BMC Helix SSO authentication only. For local and LDAP authentication, the session is discontinued when the user logs out.
Before using BMC Helix SSO, ensure that the following prerequisite tasks are complete:
Prerequisites | Reference topics |
---|---|
BMC Helix SSO is implemented for TrueSight Network Automation | Enabling BMC Helix SSO authentication in TrueSight Network Automation documentation. |
BMC Helix SSO is implemented for TrueSight Server Automation | Implementing Remedy Single Sign-On authentication in TrueSight Server Automation documentation. |
Users configured in BMC Helix SSO (for local, SAML, and LDAP authentication types) must also be created in TrueSight Server Automation
| Configuring authentication in BMC Helix SSO documentation. If using LDAP, synchronize users with the LDAP server in TrueSight Server Automation. For details, see Synchronizing users with LDAP servers. |
To enable HSSO integration in TrueSight Server Automation
- Login to the Automation Console with the Helix endpoint and navigate to the connector's page.
- Enable the TrueSight Server Automation connector with BMC Helix Single Sign-On and make sure it is re-downloaded.
Access the HSSO server URL provided with the tenant details.
- Download the server certificate in .crt format with the full Base64-encoded ASCII, certificate chain, and rename it to rsso.crt.
- Create a Java Keystore (JKS) using the certificate.
- Transfer the downloaded rsso.crt certificate to the TrueSight Server Automation machine.
- Open a command prompt and change the directory where the rsso.crt is saved.
- Run the following command:
keytool -importcert -file "rsso.crt" -keystore rsso.jks -alias "rsso" - Provide the keystore password when prompted (For example: changeit).
- (For Linux app server users) Assign ownership of bladmin:bladmin to the .jks file by using the following command:
chown bladmin:bladmin <.jksfile> - Configure TrueSight Server Automation with HSSO details. On the TSSA machine open the nsh prompt run the following commands to set mandatory HSSO parameters:
- blasadmin
- Set RemedySsoAuth IsEnabled true
- Set RemedySsoAuth RemedySsoServerUrl https://<hsso_url>/rsso
- Set RemedySsoAuth TruststorePathname <path to rsso.jks from step 4>
- Set RemedySsoAuth TruststorePassword changeit
- Set RemedySsoAuth TruststoreType jks
- Show RemedySsoAuth all
For more details, see Implementing Remedy Single Sign-On authentication.
- Restart the TrueSight Server Automation Application Server to apply the configuration changes.
Log in to the TrueSight Server Automation console as RBACAdmin, create a new user, and enable the Remedy Single Sign-On authentication.
You must make sure to create the user with the same name as created in BMC Helix portal. You must also assign appropriate roles to the user, for example, BLAdmins or ITManagers. For non-admin roles make sure the required role is already imported in BMC Helix Automation Console under Security groups. For more information, see Roles-and-permissions-for-the-BMC-Helix-Portal.- Verify the HSSO integration.
- Open an incognito window and access the BMC Helix Automation Console url.
- In the pop-up window select the TrueSight Server Automation endpoint.