Skip to Content
Information
This documentation supports the 25.3 and consecutive patch versions of BMC Helix Single Sign-On. To view an earlier version, select the version from the Product version menu.

 

25.3 enhancements and patches

Review the BMC Helix SSO 25.3 enhancements and patches for features that will benefit your organization and to understand changes that might impact your users.

Related topic

Release notes and notices

Version

SaaS

On premises

Fixed issues

Updates and enhancements

25.3.02✅️ Known and corrected issues25.3.02
25.3.01✅️ NA25.3.01

25.3.00

✅️

 

For a list of recent updates and enhancements across multiple versions, see Release notes and notices.

BMC Helix applies upgrades as described in the BMC Helix Upgrade policy. BMC Helix applies upgrades and patches during Maintenance windows.

25.3.02

Enable login-audit decoupling for uninterrupted login

As an administrator, you can enable the login-audit decoupling configuration option to make sure users and administrators can log in even if audit event creation fails due to database exceptions. With this capability, you can improve system reliability and prevent downtime caused by audit-related errors. For more details, see Setting up tenants.

Login-audit decoupling.png

Identify realms by an IP address

Remedy SSO has extended the Multiple Service Provider (MSP) functionality to support realm identification based on a user's IP address. This feature streamlines login by eliminating MSP page redirects. Administrators can configure IP address rules for realm identification with the #clientIPRange.include(...) keyword. For more details, see Configuring realm identification for multiple service providers.

The following figure shows an example of the rule defining the IP address range for users who will get access to the integrated BMC Helix application:

IP address pattern.png

Configure the JWKS size limit for OpenID Connect authentication and preuthentication

As an administrator, set up a JSON Web Key Set (JWKS) size limit for OpenID Connect authentication and preuthentication for specific tenants and realms to align with the expected payload size of the JWKS URI from the identity provider. This enhancement provides greater control over payload sizes, ensuring efficient and secure authentication processes. For more details, see Configuring OpenID Connect authentication and Configuring preauthentication.

      OpenID Connect JWKS Size Limit.png

      Preauth JWKS Size Limit.png

25.3.01

Support for Azerbaijani and Georgian languages

BMC Helix SSO has added support for the Azerbaijani and Georgian languages to enhance accessibility and improve the user experience across more regions. For the details about localization in BMC Helix SSO, see Supported languages and locals.

The following images show the login page examples in each language:

  • Azerbaijani

     Login page_az.jpg

  • Georgian

     Login page_ge.jpg

25.3.00

Customize the webhook payload for the user data extracted from OpenID Connect

Administrators can extend the webhook payload for the user data retrieved from the OpenID Connect identity provider. Use this capability to enrich the authentication data sent to external systems and gain more control over logging activities. To configure custom attributes, go to the User attributes from ID Token section in the realm's OpenID Connect settings. For detailed steps, see Notifying an external service about user authentication by using a webhook

The following image shows the customization fields for a realm configured to authenticate users through OpenID Connect:

OpenID Connect webhooks.png

Improved audit logging to resolve login issues

Leverage extended audit of failed user logins for AR, Local, and LDAP authentication types. When a login fails and the audit record indicates USER_LOGIN_FAILED, an administrator can see specific reasons for the failure, such as an unreachable LDAP server or a disabled Local user. This enhancement helps expedite the troubleshooting and reduce SLA resolution times. To understand the logic of audit logging in BMC Helix SSO, see Reviewing audit records.

The following image shows an example of the audit record details for a failed login event:​​​​​

Extended audit.png

What else changed in this release

The following table lists the changes in the product behavior:

UpdateProduct behavior in versions earlier than 25.3Product behavior in version 25.3 and later versions
Confirmation dialog to notify administrators about changes to critical settings.

When administrators updated critical settings in the BMC Helix SSO Admin Console, they were not notified about potential disruptions in the authentication flow.

When a change is made to critical settings in the BMC Helix SSO Admin Console, a warning message is displayed to the administrator. This enhancement helps prevent unintentional misconfigurations. Examples of critical settings are Cookie Domain, Cookie Name, and External URL.
Revised copyright statement.The copyright statement referred to BMC Software.

The copyright statement reflects the new company name—BMC Helix, Inc.

 

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC Helix Single Sign-On 25.3