Out of support This documentation supports the 8.0 version of BMC Atrium Single Sign-On, which is in "End of Version Support." However, the documentation is available for your convenience. You will not be able to leave comments.Click here to view the documentation for a supported version of Remedy Single Sign-On.

Modifying BmcRealm and JEE agents

As part of configuring BMC Atrium Single Sign-On to host a SP, the BmcRealm and the J2EE agents must be modified.

Note

Each time a BMC product is integrated with the BMC Atrium Single Sign-On SP, the configuration must be modified so the integrating product can function in the Federated SSO.

To modify the BmcRealm configuration

  1. Navigate to Access Control > BmcRealm link > Authentication
  2. Click All Core Settings.
  3. In the User Profile field, select Ignored.
  4. Click Save. After adjusting the User Profile settings of the BmcRealm, the agent configuration of all integrated BMC products must be adjusted to work with the SAMLv2 federation.

To modify agent configuration to work with SAMLv2 federation

  1. Navigate to Access Control > Top Level Realm link > Agents > J2EE > Agent link > OpenSSO Services

    In this case, Agent is the name of an agent associated with a BMC product integrated with this Atrium Single Sign-On server. For example, dashboards@sample.bmc.com:8443.
  2. Delete the URLs in the login URL field.
  3. Enter the Federated login URL.
  4. Delete the URLs in the logout URL field.
  5. Enter the Federated logout URL.
  6. Click Save.

Federated log in URL syntax

https://<host>:<port>/atriumsso/spssoinit?metaAlias=/BmcRealm/sp&idpEntityID=<entityId>

In this case:

  • host is the FQDN of the Atrium Single Sign-On server hosting the SP.
  • port is the port used for secure communication of the Atrium Single Sign-On server hosting the SP.
  • entityId is the name of the IdP to be used by this SP.

For example, https://example.bmc.om:8443/atriumsso/spssoinit?metaAlias=/BmcRealm/sp&idpEntityID=IDP.

Federated log out URL syntax

https://<host>:<port>/atriumsso/saml2/jsp/spSingleLogoutInit.jsp?idpEntityID=<entityId>&RelayState=<webappURL>

In this case:

  • host is the FQDN of the BMC Atrium Single Sign-On server hosting the SP
  • port is the port used for secure communication of the BMC Atrium Single Sign-On server hosting the SP
  • entityId is the name of the remote IdP to be used by this SP. You can find the name of the registered remote IdP on the Federation tab of the SSO Admin Console. For more information on Registering-a-remote-IdP
  • (Optional) RelayState parameter is optional and used if you want to provide a customized landing page after the user logs out of the application
  • webappURL is the URL for the webapp for this agent

For example, https://example.bmc.com:8443/atriumsso/saml2/jsp/spsSingleLogoutInit.jsp?idpEntityID=IDP&RelayState=http://www.bmc.com.

Where to go from here

In Administering, see managing users, user groups, and authentication modules.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*