Remedy Single Sign-On authentication

Remedy Single Sign-On (Remedy SSO) is an authentication system for a multi-software environment that eliminates the need for logging in multiple times. When you integrate TrueSight Server Automation - Data Warehouse with Remedy Single Sign-On, you can log in to the Remedy Single Sign-On only once. The same session credentials are used later while logging in to TrueSight Server Automation - Data Warehouse.

Currently, TrueSight Server Automation - Data Warehouse supports the following Remedy SSO authentication mechanisms: Local, Lightweight Active Directory Protocol (LDAP), and SAML.

To use the Remedy Single Sign-On authentication, do the following:

  1. Complete the prerequisite tasks.
  2. Configure TrueSight Server Automation - Data Warehouse to use Remedy SSO authentication.

Prerequisites 

Before using the Remedy Single Sign-On authentication, make sure that the following prerequisites are met:

  • Make sure that Remedy Single Sign-On is configured to use the HTTPS protocol.

    Do the following:
    1. Log in to the host where the Tomcat server for Remedy Single Sign-On is installed.

    2. Create a new keystore.

      keytool -genkey -alias tomcat -keyalg RSA -sigalg SHA256withRSA -keysize
      2048 -keystore rsso.keystore -storepass changeit -storetype JKS -providername SUN

    3. When you are prompted, enter the following details:

      Answer the questions:
      What is your first and last name?
      [Unknown]: <FQDN of the Remedy Single-Sign On Server>. The name must include the domain. Example, test.bmc.com
      What is the name of your organizational unit?
      [Unknown]: <organizational unit>
      What is the name of your organization?
      [Unknown]: <company>
      What is the name of your City or Locality?
      [Unknown]: <city>
      What is the name of your State or Province?
      [Unknown]: <state>
      What is the two-letter country code for this unit?
      [Unknown]: <country code>
      Is CN=<FQDN of Remedy SSO>, OU=<organizational unit>, O=<company>, L=<city>, ST=<state>, C=<country code> correct?
      [no]: yes
      Enter key password for <>
      (RETURN if same as keystore password): <ENTER>
    4. Navigate to the following path:
      <tomcat install directory>/conf/server.xml

    5. In a text editor, open server.xml and add the HTTPS-specific connector details.
      Example:

      <Connector
      protocol="org.apache.coyote.http11.Http11NioProtocol"
      port="9090" maxThreads="200"
      scheme="https" secure="true" SSLEnabled="true"
      keystoreFile="<Keystore location path>" keystorePass="<keystore password>"
      clientAuth="false" sslProtocol="TLS" sslEnabledProtocols="TLSv1.2, TLSv1.1, SSLv2Hello"/>
    6. Save the changes, and restart the Tomcat service.
    7. To verify that Remedy Single Sign-On is switched to the HTTPS protocol, launch the Remedy Single Sign-On URL using HTTPS. For example, https://localhost:9090
  • The version of TrueSight Server Automation is 20.02.01 or later.
  • The version of Remedy Single Sign-On is 20.02.

  • For local authentication, users that are configured in TrueSight Server Automation for the Remedy Single Sign-On authentication are also created in Remedy Single Sign-On. For more information, see Configuring authentication.

  • For LDAP authentication, users are synchronized with the LDAP server in TrueSight Server Automation. For details, see Synchronizing users with LDAP servers.

  • To establish communication between TrueSight Server Automation - Data Warehouse and Remedy Single Sign-On:

    Do the following:
    1. Log in to the Remedy Single Sign-On with the admin credentials.
      URL example: test.bmc.com:<port_number>/rsso
    2. Click Realm. The list of available realms is displayed.
    3. Click the ID of the realm that you want to use for TrueSight Server Automation - Data Warehouse. Currently, only * realm is supported.
    4. On the Edit Realm page, navigate to the Application Domains field on the General tab.
    5. Add the domain name of the TrueSight Server Automation - Data Warehouse computer. For example, test.bmc.com
    6. Save the changes.

  • Import the Remedy Single Sign-On certificate into the TrueSight Server Automation - Data Warehouse keystore:

    Do the following:
    1. Copy the keystore that you generated to configure the Remedy SSO to the TrueSight Server Automation - Data Warehouse host.

    2. Run the following command to export the Remedy Single Sign-On certificate from the Remedy Single Sign-On keystore.

      .\keytool -export -alias tomcat -keystore <KeystorePath> -rfc -file rsso.cert

      This command creates the rsso.cert file in the same directory where the keytool was run.

    3. Copy rsso.cert to the TrueSight Server Automation - Data Warehouse host.

    4. Run the following command to import the rsso.cert file into the TrueSight Server Automation - Data Warehouse keystore.

      .\keytool -import -v -trustcacerts -alias rsso -file <rsso.certExportedPath>\
      rsso.cert -keystore <tssadw_installation_directory>\jre\lib\security\cacerts -keypass
      changeit -storepass changeit

In addition to these prerequisites, we also recommend using separate Tomcat Servers for TrueSight Server Automation - Data Warehouse and Remedy Single Sign-On.

Configuring TrueSight Server Automation - Data Warehouse for the Remedy Single Sign-On authentication

Do the following:

  1. Log in to the TrueSight Server Automation - Data Warehouse console as a DWAdmin user.
  2. On the Configuration tab, select Remedy SSO Configuration.
  3. Click Add/Modify Remedy SSO Configuration.

  4. Specify values for the following fields:

    rsso_configurations.png

  5. Do one of the following:
    • Click Save to save the changes. The specified values are validated and the appropriate message is displayed. If you encounter any issues, do the following:
      1. On the Last Task Details page, click Run Again. The configured values are again validated.
      2. If you still face any issue, check the bds-ui log file at the following path: <TSSA-DW Home>/logs
    • Click Reset to clear the specified values.
    • Click Cancel to cancel the Remedy SSO configuration.
  6. Restart the following services:
    • TrueSight Server Automation - Data Warehouse
    • Authentication Service

What's next

Log in to the TrueSight Server Automation - Data Warehouse from the Remedy Single Sign-On login page. For details, see Launching-TrueSight-Smart-Reporting-Platform-as-a-reporting-user.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*