Out of support This documentation supports the 8.1 version of BMC Atrium Single Sign-On, which is in "End of Version Support." However, the documentation is available for your convenience. You will not be able to leave comments.Click here to view the documentation for a supported version of Remedy Single Sign-On.

Installing the first node for an HA cluster on a new Tomcat server

The following provides information and instructions for installing the first node for an HA cluster on a new Tomcat.

Before you begin

  • Obtain the zipped BMC Atrium Single Sign-On files from the BMC product package via Electronic Product Download (EPD) or the BMC Atrium Single Sign-On DVD.
  • If there is already an installation of BMC Atrium Single Sign-On on the target computer, the installer will not allow another installation. Uninstall the existing version.
  • Prepare to run the installation program for your operating system.
     For example, you must update Terminal Services configuration options and configure the DEP feature if you are using Windows. For more information, see Configuring-Terminal-Services-and-DEP-parameters.
  • You must have a network load balancer configured for creating a HA cluster. 

Important

The BMC Atrium Single Sign-On Tomcat server cannot be shared with any product (for example, the AR System server or the BMC Remedy Mid Tier) that integrates with BMC Atrium Single Sign-On. BMC recommends that you install BMC Atrium Single Sign-On on a different computer than the computer where you plan to install a BMC product (for example, the AR System server or the BMC Remedy Mid Tier).

To install the first node for an HA cluster on a new Tomcat

  1. Run the installation program.
     The setup executable is located in the Disk1 directory of the extracted files.
    • (Microsoft Windows ) Run setup.cmd
    • (UNIX ) Run setup.sh
  2. In the lower right corner of the Welcome panel, click Next.
  3. Review the license agreement, click I agree to the terms of license agreement, and then click Next.
  4. Accept the default destination directory or browse to select a different directory, and then click Next.
  5. In the Host Name Information panel, verify that the hostname presented is the Fully Qualified Domain Name (FQDN) for the host, and then click Next.
     Provide the correct the value as needed.
  6. In the BMC Atrium SSO Server Cluster Options panel, perform the following actions:
    SSO_clustered.jpg
    1. Select Clustered BMC Atrium SSO Server.
    2. Select New Cluster Installation (First node).
    3. Click Next.

  7. Enter a file name and complete path for storing the cluster configuration information and click Next. Alternately, you can navigate to the directory and select a file.The file can have any extension but it is recommended that you use .cfg as the extension because the file is storing cluster configuration information.
    For example, C:\Program Files (x86)\BMC Software\AtriumSSO\clusterconfig.cfg.

    When you enter the file name and click Next, a config file with that name is automatically created on your computer at the specified location. If you are using Microsoft Windows, you must enter the complete path for the cluster configuration file.

    Important

    You must copy this file to the subsequent nodes before installing BMC Atrium SSO on those nodes. The file contains sensitive information that is used when installing subsequent nodes.

  8. Enter the LDAP port number (8091), LDAP replication port (8092), LDAP administration port (8093), and click Next.

  9. Enter the load balancer URL and click Next.
     For example:
    https://loadBalancerFQDN:port/atriumsso
    https://BMCLoadBalancer.bmc.com:8443/atriumsso

    As you are installing BMC Atrium SSO in a cluster environment, you must use the load balancer URL mentioned in this step for integration with other products. For example, when you are integrating BMC Atrium SSO with BMC Remedy Mid Tier, you must add the load balancer URL instead of the BMC Atrium SSO server URL. For more information, see Running-the-SSOMidtierIntegration-utility-on-the-Mid-Tier.

  10. Verify that Install New Tomcat is selected and click Next.

    Note

    The BMC Atrium Single Sign-On Tomcat server cannot be shared with any product that integrates with BMC Atrium Single Sign-On. BMC recommends that BMC Atrium Single Sign-On be the only application on the Tomcat server.

  11. Accept the default Tomcat server HTTP port number (8080), HTTPS port number (8443), and Shutdown port number (8005), or enter different port numbers, and click Next.
     If any of the port numbers are incorrect, a pop-up menu identifies the incorrect port number and allows you to modify the selection.

  12. Enter a cookie domain and click Next.
    The domain value of the cookie should be the network domain of BMC Atrium Single Sign-On or one of its parent domains.

    Important

    • The higher the level of the selected parent domain, the higher the risk of user impersonation.
    • You cannot use sibling domains or cross-domains with BMC Atrium Single Sign-On. For example, installing the BMC Atrium Single Sign-On server in the remedy.com domain and the AR System server in the bmc.com domain is not supported. You must move all your computers into the same domain.
  13. Enter a strong administrator password, confirm the password, and click Next.
     The default administrator name is amadmin.
  14. Review the installation summary and click Install.
     After the first node has been successfully installed, additional nodes can be added to the cluster by using the file created during the first installation.
  15. Verify that your BMC Atrium Single Sign-On installation was successful by accessing the BMC Atrium Single Sign-On URL.
    1. Navigate to Start > All Programs > BMC Software > BMC Atrium SSO > Administrator to launch the BMC Atrium SSO Admin Console .
       The URL to open the BMC Atrium SSO Admin Console is:
      https://<ssoServer>.<domain>:<port>/atriumsso
       For example:
      https://ssoServer.bmc.com:8443/atriumsso

    2. When you are prompted that you are connecting to an untrusted connection, add the exception and then continue.

      Note

      The browsers display this warning because you have not yet configured the SSO authentication as a trusted provider.

    3. Confirm that you can view the BMC Atrium Single Sign-On login panel.
    4. Log on with the SSO administrator name (for example, amadmin) and password.
       The BMC Atrium SSO Admin Console appears.
       (Click the image to expand it.)
      8100SSOAdminConsole.gif
  16. Verify that your BMC Atrium Single Sign-On installation was successful by accessing the SSO load balancer.
     For example:
    https://ssoloadbalancer.bmc.com:8443/atriumsso
     The BMC Atrium SSO login screen appears. After you log on, the SSO server appears in the HA Nodes List.
    81SSOLB1stSSOServer.gif
  17. (Optional) Create an administrative user account for BMC Products to perform search functions on the user store (for example, to list user names and emails).
    • If you are using the BMC Atrium Single Sign-On server's internal LDAP, assign the BMCSearchAdmins group to the new user account.
    • If you are using an external system for authentication (such as AR System, LDAP, or Active Directory), assign the BmcSearchAdmins group to either an already existing user account or a new user account.

Where to go from here

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*