Configuring BMC Helix Single Sign-on for BMC Helix Automation Console
You must configure TrueSight Server Automation to use Helix SSO, to allow you to log on to BMC Helix Automation Console using the Helix SSO credentials.
Currently, BMC Helix Automation Console supports Local, Lightweight Active Directory Protocol (LDAP), and SAML types of Helix SSO authentication only. For local and LDAP authentication, the session is discontinued when the user logs out.
Before using Helix SSO, ensure that the following prerequisite tasks are complete:
Prerequisites | Reference topics |
|---|---|
Helix SSO is implemented for TrueSight Server Automation | Implementing Remedy Single Sign-On authentication in TrueSight Server Automation documentation. |
Users configured in Helix SSO (for local, SAML, and LDAP authentication types) must also be created in TrueSight Server Automation | Configuring authentication in Helix SSO documentation. If using LDAP, synchronize users with the LDAP server in TrueSight Server Automation. For details, see Synchronizing users with LDAP servers. |
To enable HSSO integration in TrueSight Server Automation
- Login to the Automation Console with the Helix endpoint and navigate to the connector's page.
- Enable the TrueSight Server Automation connector with BMC Helix Single Sign-On and make sure it is re-downloaded.
Access the HSSO server URL provided with the tenant details.
- Download the server certificate in .crt format with the full Base64-encoded ASCII, certificate chain, and rename it to rsso.crt.
- Create a Java Keystore (JKS) using the certificate.
- Transfer the downloaded rsso.crt certificate to the TrueSight Server Automation machine.
- Open a command prompt and change the directory where the rsso.crt is saved.
- Run the following command:
keytool -importcert -file "rsso.crt" -keystore rsso.jks -alias "rsso" - Provide the keystore password when prompted (For example: changeit).
- (For Linux app server users) Assign ownership of bladmin:bladmin to the .jks file by using the following command:
chown bladmin:bladmin <.jksfile> - Configure TrueSight Server Automation with HSSO details. On the TSSA machine open the nsh prompt run the following commands to set mandatory HSSO parameters:
- blasadmin
- Set RemedySsoAuth IsEnabled true
- Set RemedySsoAuth RemedySsoServerUrl https://<hsso_url>/rsso
- Set RemedySsoAuth TruststorePathname <path to rsso.jks from step 4>
- Set RemedySsoAuth TruststorePassword changeit
- Set RemedySsoAuth TruststoreType jks
- Show RemedySsoAuth all
For more details, see Implementing Remedy Single Sign-On authentication.
- Restart the TrueSight Server Automation Application Server to apply the configuration changes.
Log in to the TrueSight Server Automation console as RBACAdmin, create a new user, and enable the Remedy Single Sign-On authentication.
You must make sure to create the user with the same name as created in BMC Helix portal. You must also assign appropriate roles to the user, for example, BLAdmins or ITManagers. For non-admin roles make sure the required role is already imported in BMC Helix Automation Console under Security groups. For more information, see Roles-and-permissions-for-BMC-Helix-Portal.- Verify the HSSO integration.
- Open an incognito window and access the BMC Helix Automation Console url.
- In the pop-up window select the TrueSight Server Automation endpoint.