23.2 enhancements and patches

Review the BMC Helix Single Sign-On 23.2 enhancements and patches for features that will benefit your organization and to understand changes that might impact your users.

Version	SaaS	On premises	Fixed issues	Updates and enhancements
23.2.02	✅️	✅️	None	23.2.02
23.2.01	✅️		Known-and-corrected-issues	23.2.01
23.2.00	✅️		Known-and-corrected-issues	23.2

For a list of recent updates and enhancements across multiple versions, see Release-notes-and-notices.

BMC applies upgrades as described in the BMC Helix Upgrade policy. BMC applies upgrades and patches during Maintenance windows.

(On premises only) Downloading and installing the patch

Downloading from EPD	Downloading the deployment manager and container images
Patch installation	Deploying BMC Helix IT Operations Management

23.2.02

Support for SHA-1 signing algorithm restricted with upgrade to Java 17

BMC Helix SSO server containers have moved to Java 17, which does not support SHA-1 signing algorithm for SAML IdP authentication as it is no longer considered secure.

To continue using the SHA-1 signing algorithm temporarily, until you move to a more secure algorithm see settings for Signing Algorithm in Importing-configuration-from-an-identity-provider-and-configuring-SAML.

23.2.01

Configure the BMC Helix SSO agent to support immediate logout from all applications

Configure the BMC Helix SSO agent with a Redis server to immediately log out users from all applications with the single logout option.

The Redis server configuration enables the BMC Helix SSO agent to immediately invalidate all cached token validation results in the same browser session.

When a user logged in to multiple BMC Helix applications by using BMC Helix SSO logout from all other applications in the same browser session is performed immediately, without any delays.

The enhanced single log out experience reduces the risk of unauthorized access after a user logs out.

For more information, see Configuring-BMC-Helix-SSO-to-support-immediate-logout-from-all-applications.

Immediate logout infographic.png

Audit record details pop-up.png

View details of the remote client IP address of the source in the audit records

BMC Helix SSO administrators can view the client IP address for administrator and end-user based requests in the audit records. In addition, you can view the remote IP address (remoteAddr attribute) of the HTTP request in the Audit record details window. Consumers of the audit record can verify the client's source IP address and avoid any misinterpretation of the value.

For more information about viewing the client IP address for an audit record, see Reviewing-audit-records.

View statistics for administrator user activities

BMC Helix SSO administrators can enable the option to record administrator user activities in the BMC Helix SSO Admin Console by enabling the Interactive Gainsight setting in the server configuration. Gainsight statistics provide overall view of administrator activities.

For more information, see Configuring-settings-for-BMC-Helix-SSO-administrators.

Gainsight checkbox.png

23.2

Configure realm identification for multiple service providers

Configure the Multiple Service Provider (MSP) functionality in BMC Helix SSO server to enable users to access multiple domains in an application by using the same credentials. The MSP functionality on the Domain Entry page provides a successful login for multiple-domain application users.
The login is conditioned by mapping values of a username-pattern that correspond to the realm.
For more information, see Configuring-realm-identification-for-multiple-service-providers.

MSP Server-Side05.JPG

Enhancement 2 UI user info.png

Enable access to additional user information for external services or integrated applications from the BMC Helix SSO server

Select the Fetch AR user info option in the tenant configuration and add Action Request System (AR System) API endpoint details in the realms configuration to retrieve and store additional user information on the BMC Helix SSO server.
When BMC Helix SSO authenticates a user, it retrieves additional information such as the user's first and last name and corporate email ID from the Action Request System server (AR System server). This information in the BMC Helix SSO database, and is available to all external services and integrated applications.
This eliminates the need to individually configure external services or integrated applications to fetch the additional user data from the AR System server, as the data is available on the BMC Helix SSO server.
For more information, see Fetch AR user info.

What else changed in this release 23.2

In this release, note the following significant changes in the product behavior:

Update	Product behavior in versions earlier than 23.2	Product behavior in version 23.2 and later
When a session timeout occurs, BMC Helix SSO distinguishes between backchannel requests and the requests from the user application forums. BMC Helix SSO responds to the user with the appropriate error codes based on the request type.	When a session timeout occurs, BMC Helix SSO did not distinguish between the backchannel requests and requests from the user application forums. Depending on the redirect-mode settings, BMC Helix SSO agent responded with a 302 Redirect code.	BMC Helix SSO distinguishes between backchannel requests and the requests from the user application forums. When a session timeout occurs, BMC Helix SSO agent responds to the user with an appropriate error code. To enable the functionality of responding with the appropriate error based on the source of the request, configure properties in the BMC Helix SSO agent settings. For more information, see ajax-requests-support.