Configuring general settings for a realm

Enter a realm name. The value that you enter must satisfy the following requirements:

• Must be a unique value
• Must not be more than 80 characters
• Must include only alphanumeric characters

• Can contain the following special symbols:

  • asterisk ( * )
  • dot ( . )
  • underscore ( _ )
  • dash ( - )

  Important: The realm ID stored in the BMC Helix SSO database is case-insensitive. So, for example, you cannot create a realm called "Cola" if a realm "cola" already exists.

Enter comma-separated domain names of applications integrated with BMC Helix SSO. Each value in the application domain is a host of an application URL of a tenant. For example, if the URL for the Mid Tier application is http://tenant1.midtier.company.com/arsys, the host will be tenant1.midtier.company.com.

Ensure that all applications of a tenant have a corresponding value in the application domain string. For example, consider that you created realm1 for a tenant that has two applications with the following URLs:

• Mid Tier URL as http://tenant1.midtier.company.com/arsys
• BMC Digital Workplace URL as http://tenant1.dwp.company.com/ux/dwpapp

In this scenario, for realm1, the application domain value will be a comma-separated string of tenant1.midtier.company.com and tenant1.dwp.company.com.

You can define the application domain by using one of the following patterns:

• Subdomain of an application
• Host name + subdomain of an application
• Host name

Example:

<hostname>.calbro.bmc.com is a fully qualified domain name.

calbro is a subdomain of bmc.com

bmc is a subdomain of com

com is the parent domain.

Important:

• You must not add a domain to more than one realm.
• The Application Domains field does not accept uppercase characters; every entry is automatically transformed into lowercase characters.

Enter the URL to which a user is redirected after the user logs out from BMC Helix SSO.

(Optional)

Single Log Out

Select this check box to enable the single logout option for end users.

When the single logout experience is enabled, if an end user clicks the logout URL in one application, the user is automatically logged out from the BMC Helix SSO server and, as a result, from all applications belonging to the user's realm.

When the single logout experience is disabled, if an end user clicks the logout URL in one application, the user is still logged in to BMC Helix SSO server if the user is simultaneously logged in to at least one application. 

The BMC Helix SSO agent maintains a cache. Therefore, for applications that are open in other browser tabs, single log out occurs after a short delay. 

For an enhanced single logout experience for users, see Configuring-BMC-Helix-SSO-to-support-immediate-logout-from-all-applications.

For security reasons, you might need to configure the number of active sessions or simultaneous logins for a particular realm. You can also decide whether to invalidate an older session or not allow the user to log in to a new session and display an error message.

In this field, you can enter the number of active sessions or simultaneous logins for a particular user.

Enter one of the following values:

• 0—Allow multiple simultaneous logins, that is, any number of logins are allowed.
  Important: This is the default value so that after an upgrade, there is no restriction on the number of simultaneous logins.
• 1—Only one login session is allowed for the user.
• Any other value other than 0 or 1—Only those number of session logins will be allowed for the user.

Important:

• If you select the Automatically invalidate oldest session on reaching quota check box, and if a user exceeds the number of logins, the user can log in but will get logged out from the oldest session. If you do not select this option, the user cannot log in to any session beyond the entered value, and the following error message is displayed: Exceeded session quota limit.
• Immediate logout applies to the session quota to avoid user session caching. Immediate logout must be enabled and the BMC Helix SSO server and agent (in rsso-agent.properties file) or Auth Proxy (in external.conf file) should be configured with a Redis server.
  
  For more information about the Redis server configuration, see Configuring-BMC-Helix-SSO-to-support-immediate-logout-from-all-applications.

AR API URL

Enter the URL of the Action Request System server (AR System server) API.

If you choose to add this configuration, you must populate all the AR Integration fields to enable the feature to fetch additional user information from the authenticated user from the AR System server and store it in the BMC Helix SSO database.