Out of support This documentation supports the 8.1 version of BMC Atrium Single Sign-On, which is in "End of Version Support." However, the documentation is available for your convenience. You will not be able to leave comments.Click here to view the documentation for a supported version of Remedy Single Sign-On.

Manually configuring mid tier for BMC Atrium Single Sign-On user authentication

For the mid tier to communicate with the BMC Atrium Single Sign-On server for user authentication, follow the steps below to manually configure the mid tier.

Note

  • If you do not select the Configuration of Atrium Single Sign-On option during the AR System server installation or during the stand-alone installation of mid tier, only then perform the steps in this section.
  • BMC recommends, you do not install BMC Atrium Single Sign-on and BMC Remedy Mid-Tier on the same computer. BMC Atrium Single Sign-on and BMC Remedy Mid-Tier must use different Tomcat because if the mid-tier computer needs to be restarted, all the other applications will be unavailable because BMC Atrium Single Sign on will be down during the restart.

To manually configure the Mid Tier for BMC Atrium Single Sign-On user authentication

  1. Go to the computer where you installed the Mid Tier.
  2. Stop the mid tier service, if it is already running.
  3. Copy all the jar files from the <MidtierInstallDir>\webagent\dist\jee\WEB-INF\lib directory to the <MidtierInstallDir>\WEB-INF\lib directory.
     For example, copy all the jar files from C:\Program Files\BMC Software\ARSystem\midtier\webagent\dist\jee\WEB-INF\lib to C:\Program Files\BMC Software\ARSystem\midtier\WEB-INF\lib.
  4. Go to the <MidtierInstallDir>\Web-Inf directory and open the web.xml file in an editor.

  5. Uncomment the <filter> and <filter-mapping> tags for the Atrium Single Sign-On filter.
    These tags should look like the following:

    <!--Atrium SSO webagent filter. Un-comment when needed-->
    <filter>
    <filter-name>Agent</filter-name>
    <filter-class>com.bmc.atrium.sso.agents.web.SSOFilter</filter-class>
    </filter>
    <!--Atrium SSO webagent filter. Un-comment when needed-->
    <filter-mapping>
    <filter-name>Agent</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>REQUEST</dispatcher>
    <dispatcher>INCLUDE</dispatcher>
    <dispatcher>FORWARD</dispatcher>
    <dispatcher>ERROR</dispatcher>
    </filter-mapping>

     

    Make sure that you save your changes to the web.xml file.

  6. Go to the <MidtierInstallDir>\Web-Inf\classes directory (for example, C:\Program Files\BMC Software\ARSystem\midtier\WEB-INF\classes) and open the config.properties file in an editor.
  7. Add an attribute in the config.properties file.
     For this, comment the DefaultAuthenticator line (arsystem.authenticator=com.remedy.arsys. session.DefaultAuthenticator) and add the following line for the Atrium Single Sign-On Authenticator:
    arsystem.authenticator=com.remedy.arsys.sso.AtriumSSOAuthenticator
     Make sure that you save your changes to the config.properties file.
  8. Go to the computer where you installed the AR System serve and open the ar.cfg (Microsoft Windows) or ar.conf (UNIX or Linux) file in an editor.
     The default location for Windows is C:\Program Files\BMC Software\ARSystem\Conf.
  9. Add the following SSO AREA plug-in entries to the ar.cfgfile:
    • (Unix) Plugin — areaatriumsso.so
    • (Windows) Plugin — areaatriumsso.dll
       For example:
      Plugin: areaatriumsso.dll

    • Server Plugin Alias — ARSYS.AREA.ATRIUMSSO ARSYS.AREA.ATRIUMSSOFQDN of AR System server name:PluginPort
       For example:
      Server-Plugin-Alias: ARSYS.AREA.ATRIUMSSO ARSYS.AREA.ATRIUMSSO arSystemServer.bmc.com:9999
      Make sure that the SSO entries are listed first; otherwise they will not be used by the AR System server.

       

      Plugin: areaatriumsso.dll
      Plugin: ardbcconf.dll
      Plugin: reportplugin.dll
      Plugin: ServerAdmin.dll
      Server-Plugin-Alias: ARSYS.AREA.ATRIUMSSO ARSYS.AREA.ATRIUMSSO xyz-abc-x28-vm1.dsl.bmc.com:9999
      Server-Plugin-Alias: ARSYS.ARF.REGISTRY ARSYS.ARF.REGISTRY xyz-abc-x28-vm1.dsl.bmc.com:9999
      Server-Plugin-Alias: ARSYS.ARDBC.REGISTRY ARSYS.ARDBC.REGISTRY xyz-abc-x28-vm1.dsl.bmc.com:9999
      Server-Plugin-Alias: ARSYS.ARDBC.ARREPORTENGINE ARSYS.ARDBC.ARREPORTENGINE xyz-abc-x28-vm1.dsl.bmc.com:9999
      Server-Plugin-Alias: ARSYS.ARF.QUERYPARSER ARSYS.ARF.QUERYPARSER xyz-abc-x28-vm1.dsl.bmc.com:9999
      Server-Plugin-Alias: ARSYS.ALRT.WEBSERVICE ARSYS.ALRT.WEBSERVICE xyz-abc-x28-vm1.dsl.bmc.com:9999
      Server-Plugin-Alias: ARSYS.ARF.PARSEPARAMETERS ARSYS.ARF.PARSEPARAMETERS xyz-abc-x28-vm1.dsl.bmc.com:9999
      Server-Plugin-Alias: ARSYS.ARF.PUBLISHREPORT ARSYS.ARF.PUBLISHREPORT xyz-abc-x28-vm1.dsl.bmc.com:9999
      Server-Plugin-Alias: ARSYS.ARF.REPORTSCHEDULER ARSYS.ARF.REPORTSCHEDULER xyz-abc-x28-vm1.dsl.bmc.com:9999
      Server-Plugin-Alias: ARSYS.ARF.RSAKEYPAIRGENERATOR ARSYS.ARF.RSAKEYPAIRGENERATOR xyz-abc-x28-vm1.dsl.bmc.com:9999
      Server-Plugin-Alias: ARSYS.ALRT.TWITTER ARSYS.ALRT.TWITTER xyz-abc-x28-vm1.dsl.bmc.com:9999
      Server-Plugin-Alias: ARSYS.ARF.TWITTER ARSYS.ARF.TWITTER xyz-abc-x28-vm1.dsl.bmc.com:9999
  10. Save your changes to the ar.cfg or ar.conf file.
  11. Go back to the computer where you installed the Mid Tier.
  12. Copy the cacerts file from the JDK installed location to the Tomcat conf folder.
     For example, copy cacerts from C:\Program Files\Java\jdk1.7.0_03\jre\lib\security to C:\Program Files\Apache Software Foundation\Tomcat6.0\conf.

  13. If your Mid Tier installation does not already include the not-enforced.txt file, save the attached file to the Mid Tier folder.
     For example, right-click the link, and then select Save link as to the C:\Program Files\BMC Software\ARSystem\midtier folder.
     A typical not-enforced.txt file contains the URIs listed in the code snippet below. URIs listed in this file are not protected by the agent. Their contents are uploaded into the BMC Atrium Single Sign-On server to become part of the Agent configuration.
     When you later finish integration, this file is no longer used or needed. If you must update the agent configuration, access Agent Details on the BMC Atrium SSO Admin Console to modify the Not Enforced URI Processing values.

     

    /arsys/services/*
    /arsys/WSDL/*
    /arsys/shared/config/*
    /arsys/shared/doc/*
    /arsys/shared/images/*
    /arsys/shared/timer/*
    /arsys/shared/ar_url_encoder.jsp
    /arsys/shared/error.jsp
    /arsys/shared/file_not_found.jsp
    /arsys/shared/HTTPPost.class
    /arsys/shared/login.jsp
    /arsys/shared/login_common.jsp
    /arsys/shared/view_form.jsp
    /arsys/shared/logout.jsp
    /arsys/shared/wait.jsp
    /arsys/servlet/ConfigServlet
    /arsys/servlet/GoatConfigServlet
    /arsys/plugins/*

  14. Execute the deployer script to deploy the WebAgent.
    For this, run the following script through command line interface under the deployer directory (webagent\deployer):

    java -jar deployer.jar --install --container-type -TOMCATversion --atrium-sso-url AtriumSSOURL<FQDNofAtriumSSOServer>:<port>/atriumsso --web-app-url MidtierSSOURL<FQDNofMidtierServer>:<port>/arsys --container-base-dir AppServerHome --admin-name AtriumServerAdminUsername --admin-pwd AtriumServerAdminPassword --jvm-truststore "JavaHome \jre\lib\security\cacerts" --jvm-truststore-password TruststorePassword --truststore "AppServerHome\conf\cacerts" --truststore-password TruststorePassword --not-enforced-uri-file "midTierPath\not-enforced.txt" --web-app-logout-uri /shared/loggedout.jsp

    For example,

    java -jar deployer.jar --install --container-type tomcatv6 --atrium-sso-url https://ssoServer.bmc.com:8443/atriumsso --web-app-url http://midTierServer:8080/arsys --container-base-dir "c:\Program Files\Apache Software Foundation\Tomcat6.0" --admin-name amadmin --admin-pwd Let$in09 --jvm-truststore "c:\Program Files\Java\jdk1.7.0_03\jre\lib\security\cacerts" --jvm-truststore-password changeit --truststore "c:\Program Files\Apache Software Foundation\Tomcat6.0\conf\cacerts" --truststore-password changeit --not-enforced-uri-file "C:\Program Files\BMC Software\ARSystem\midtier\not-enforced.txt" --web-app-logout-uri /shared/loggedout.jsp

  15. Make sure that the deployer script successfully finishes execution and is completed.
    DeployerScriptExecutes.gif

    Tip

    If the deployer script fails:

    1. Delete the <containerBaseDir>/atssoAgents folder (for example, C:\Program Files\Apache Software Foundation\Tomcat6.0\atssoAgents).
    2. Delete the agent if it exists in Agent Details on the BMC Atrium SSO Admin Console.
    3. Re-run the deployer script after you fixed the problem (for example, added additional parameters).

  16. Start the mid tier service.

 

By default, this plug-in is configured to work with the native plug-in server (C plug-in). You can also use this plug-in directly with the Java plug-in server. For more information on the configuration settings, see Using-the-Java-plug-in-server-for-dynamic-plug-in-loading in the BMC Remedy AR System 8.1 online documentation.

 

Note

  • If the container is not using HTTPS, the truststore and truststore-password parameters can be ignored. For example:

    java -jar deployer.jar --install --container-type tomcatv6 --atrium-sso-url https://ssoServer.bmc.com:8443/atriumsso --web-app-url http://midTierServer:8080/arsys --container-base-dir "C:\Program Files\Apache Software Foundation\Tomcat6.0" --admin-name amAdmin --admin-pwd bmcAdm1n --jvm-truststore "C:\Program Files\Java\jre6\lib\security\cacerts" --jvm-truststore-password changeit --not-enforced-uri-file "C:\Program Files\BMC Software\ARSystem\midtier\not-enforced.txt" --web-app-logout-uri /shared/loggedout.jsp
  • If the --web-app-logout-uri parameter is not specified, you can specify the parameter value in Agent Details on the BMC Atrium SSO Admin Console:
    1. On the BMC Atrium SSO Admin Console, click Agent Details.
    2. Select the agent and click Edit.
    3. In the Logout Processing section, replace the default value with /arsys/shared/loggedout.jsp.

  • When you are using a load balancer or reverse proxy, you must add the --web-app-url and --notify-url URLs. In this case, the --web-app-url URL must be the load balancer URL and the --notify-url must be the mid tier URL. For example:

    java -jar deployer.jar --install --container-type tomcatv6 --atrium-sso-url https://ssoServer.bmc.com:8443/atriumsso --web-app-url http://loadbalancerURL:8080/arsys -----container-base-dir "C:\Program Files\Apache Software Foundation\Tomcat6.0" --admin-name amAdmin --admin-pwd bmcAdm1n --jvm-truststore "C:\Program Files\Java\jre6\lib\security\cacerts" --jvm-truststore-password changeit --not-enforced-uri-file "C:\Program Files\BMC Software\ARSystem\midtier\not-enforced.txt" --web-app-logout-uri /shared/loggedout.jsp

 For more information about containers, agents, and deployer commands, see:

Where to go from here

Configuring-the-BMC-Atrium-Single-Sign-On-server-for-AR-System-integration

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*