This documentation supports the 9.0 version of BMC Atrium Single Sign-On, which is in "End of Version Support." However, the documentation is available for your convenience. You will not be able to leave comments.Click here to view the documentation for a supported version of Remedy Single Sign-On.

Setting an HTTPS connection

Important

  • HTTPS connection is used to communicate securely with the browsers of end-users so as to protect their credentials, to communicate with LDAPS servers, and to simplify exchange of metadata and certificates with SAML Identity Providers (IdPs).
  • BMC Atrium Single Sign-On does not recommend using an HTTP connection.

 

To set up an HTTPS connection, the Tomcat server that hosts the BMC Atrium Single Sign-On server must be modified to define an HTTPS connection with an explicit TrustStore and an explicit KeyStore.

The default Tomcat server used by BMC Artium Single Sign-On uses a KeyStore and a TrustStore for secure (HTTPS, Transport Layer Security) communications. 

If the Tomcat server does not have a TrustStore and a KeyStore, you can generate new self-signed certificates. For more information, see Apache Tomcat 7 documentation.

The following XML code is an example of the HTTPS connection and is one of the configuration supported.

The example shows use of KeyStore and TrustStore of type PKCS#12, named keystore.p12 and cacerts.p12 along with password "keystore_password" and "truststore_password" respectively.

<Connector port="8443"
protocol="org.apache.coyote.http11.Http11Protocol"
SSLEnabled="true"
maxThreads="150"
scheme="https"
secure="true"
clientAuth="false"
sslProtocol="TLS"
ciphers="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"
keystoreFile="CATALINA_HOME/conf/keystore.p12"
keystorePass="keystore_password "
keystoreType="PKCS12"
keystoreProvider="JsafeJCE"
truststoreFile="CATALINA_HOME/conf/cacerts.p12"
truststorePass="truststore_password"
truststoreType="PKCS12"
truststoreProvider="JsafeJCE"/>

Note

Switch CATALINA_HOME to the full path in the Tomcat directory. The values provided to CATALINA_HOME needs to be adjusted according to the environment.

Related topics

Where to go from here

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*