This documentation supports the 22.2 version of BMC Helix Single Sign-On, which is available only to BMC Helix customers (SaaS). To view an earlier version, select the version from the Product version menu.

Enabling cross launch for applications integrated with different BMC Helix SSO servers

As a BMC Helix Single Sign-On administrator, you can use the cross launch functionality to enable single sign-on experience between applications that do not share the same BMC Helix SSO server and are deployed in different domains. The target application in this case is integrated with a BMC Helix SSO server, and the source application either can be a part of some third-party solution or can be integrated with another BMC Helix SSO server. For more information about these deployment use cases, see Deployment scenarios.


Related topics

Deployment-scenarios

Configuring-preauthentication

Before you begin

Before you can enable cross launch for applications not integrated with the same BMC Helix SSO server, verify that the following prerequisites are met:

  • If the source application is integrated with a BMC Helix SSO server, it must not be the same server as integrated with the target application.     
  • The source application must use an iframe to cross launch the target application. 
  • To cross launch a target application, the source application must be able to construct a URL in the following format:
    <protocol>:<target_rsso_host>:<target_rsso_port>/rsso/cross-sso?goto=<target_app_url>#jwt=<jwt>

  • The public certificate for Java Web Token (JWT) validation must be available to the target BMC Helix SSO server.

    Important

    BMC Helix SSO does not provide a mechanism for generating a JWT along with private and public signing keypair. 

To enable cross launch for applications that do not share the same BMC Helix SSO server

  1. Configure preauthentication for BMC Helix SSO which is integrated with the target application. For instructions, see Configuring-preauthentication.

  2. (Optional) If the source application is integrated with a BMC Helix SSO, configure any authentication for BMC Helix SSO. For information about how to do this, see Setting-up-end-user-authentication.

    Note

    BMC Helix SSO relies on cookies to enable your users to seamlessly access all integrated applications. As browsers implement changes to their default SameSite attributes, cross-site cookies will not be sent by default. As a result, your users will be prevented from accessing your applications. To continue using BMC Helix SSO with newer browser versions, you must enable the Use Cross Site Cookie option in the Advanced settings of the BMC Helix SSO server integrated with the target application. For more information about this setting, see Configuring-settings-for-the-BMC-Helix-SSO-server.

    You also need to enable this setting if you are using an earlier version of browsers that allow users to check the SameSite attributes.

To verify the single sign-on experience for a cross-launched application

  1. Log in to the source application, and click the link to the target application.
    The target application is displayed.
  2. If you encounter any errors, review Troubleshooting-authentication-issues.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*