Unsupported content This version of the product is in limited support. However, the documentation is available for your convenience. You will not be able to leave comments.

Configuring Remedy SSO for applications hosted on different domains

You configure multiple domain support so Remedy SSO can provide authentication for applications hosted on different domains. For example, your application is hosted in your company data center and the Remedy SSO server is hosted in another data center, such as a BMC data center. In this scenario, the Remedy SSO agent and server must act as an OpenID Client and OpenID provider respectively.

Related topics

Deployment-scenarios

Configuring-OAuth-2-0

Note

The following Remedy SSO features are not supported for the applications for which Remedy SSO agent and server act as an OpenID client and OpenID provider respectively:

  • Bypass SAML authentication for reauthentication requests
  • Multi-Service Provider (MSP)

To allow applications hosted on different domains to use the same Remedy SSO server for authentication

  1. In Remedy SSO Admin Console, register an application as an OAuth2 client. For information about how to configure the OAuth2 client, see Configuring-OAuth-2-0
  2. Select the openid (Scope used for OpenID connect) check box to enable the OpenID scope for this client.
  3. Configure the token timeout for the OAuth client as follows:
    1. Set the OpenID Issuer URL. The value must correspond to the sso-external-url configured in the rsso-agent.properties file.
    2. Configure the Access Token Timeout value for managing the user session time.
  4. Generate the JWK Id for OAuth flow.
  5. Copy the Client ID and Client Secret generated after registering the client as OAuth2 and save them.

  6. On a server with Remedy SSO agent, configure the rsso-agent.properties file as follows: 

    multi-domain-support=true
    oauth-client-id=<Client ID>
    oauth-client-secret=<Client Secret>

  7. Save the rsso-agent.properties file. 

    Remedy SSO is now configured for using OpenID connect.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*