21.05 enhancements
BMC Helix Single Sign-On enhancements
Enhanced single logout (Version 21.05 and later)
You can enable single logout so that when end users log out of one BMC application, they are automatically logged out of all other applications in the Remedy SSO server. Learn how to configure the Redis server to enable single logout in Configuring-general-settings-for-a-realm.
Ability to lock a local user account after unsuccessful login (Version 21.02 and later)
You can enable account lockout if a local user enters incorrect credentials. You can also configure the lockout threshold and lockout interval of the user account. The locked user's account can be unlocked by the BMC Helix SSO administrator or automatically by the system. For more information, see Managing-local-users-and-passwords.
Ability to force local users to reset password (Version 21.02 and later)
You can force local users to reset their password after they successfully log in to the BMC application integrated with BMC Helix SSO. For more information, see Managing-local-users-and-passwords.
What else changed in this release
This section also includes the significant changes in the product behavior in version 21.02:
Update | Product behavior in versions earlier than 21.05 | Product behavior in version 21.05 and later |
|---|---|---|
Support for refresh tokens for OpenID Connect clients. | Long-lived sessions for refresh tokens were not supported due to security concerns. | BMC Helix SSO supports long-lived sessions for refresh tokens. This option is available for the Local authentication only. For details, see Configuring-OAuth-2-0. |
Support for the Polish language in BMC Helix SSO. | BMC Helix SSO did not support the Polish language. | The Polish language is supported in BMC Helix SSO for Helix ITSM users. For details, see Supported-languages-and-locales. |
Ability to select a client authentication method for the token request. | By default, a client_secret_post method is selected during client registration. | New client authentication methods are available during client registration: client_secret_jwt and client_secret_basic. For details, see Configuring-OpenID-Connect-authentication. |
Update | Product behavior in versions earlier than 21.02 | Product behavior in version 21.02 and later |
|---|---|---|
Enhanced security for the BMC Helix SSO server. | Secure cookie was disabled by default. | Secure cookie is enabled by default. For more information, see Configuring-settings-for-the-BMC-Helix-SSO-server. |
A configurable option to allow a SAML session to finish simultaneously with the BMC Helix SSO session. | For the SAML authentication type, the session remained active even after the BMC Helix SSO session was over. | Option to end a SAML and BMC Helix SSO sessions simultaneously is enabled by default. For details, see |
Description field is available for the Pre-authentication value of the Authentication type. | No Description field was present for the Preauthentication value of the Authentication type. | Description field is displayed on the Preauthentication form by default. For more information, see Configuring-preauthentication. |
Ability to set custom timeout values for tokens. | Token timeout values were set according to Auth global access by default. | Timeout values for tokens is configurable. For more information, see Configuring-OAuth-2-0. |
Ability to perform authenticated sessions between applications in different security domains. | Usage of several applications was restricted to those that have one common domain. | Authentication is available in several applications that have different domains. |
Deprecation of support for Microsoft Internet Explorer 11. | BMC Helix SSO supported Microsoft Internet Explorer 11. | As announced, support for Microsoft Internet Explorer version 11 is now deprecated. We encourage you to switch to other fully supported browsers listed for BMC Helix SSO in theBMC Solution and Product Availability and Compatibility utility. For a complete list of BMC products that no longer support Internet Explorer 11, see theBMC Customer Support Communities page. |