Unsupported content This version of the product is in limited support. However, the documentation is available for your convenience. You will not be able to leave comments.

Enabling cross launch for applications integrated with different Remedy SSO servers

You can enable single sign-on during cross launch to an application integrated with a Remedy Single Sign-On server from another application integrated with a different Remedy SSO server. Both applications must be deployed on two different Remedy SSO servers in two different domains.

Related topic

Troubleshooting-authentication-issues

Single Sign-on cross launch overview

The following table describes the cross launch components and their role:

Component

Role

Originating application

The application that performs the target application cross launch.

Originating domain

The domain where the originating application is deployed.

Originating Remedy SSO server

The Remedy SSO server integrated with the originating application.

Target application

The application that is cross launched by the originating application.

Target domain

The domain where the target application is deployed.

Target Remedy SSO

The Remedy SSO server integrated with the target application.

A trust relationship is required between the originating and target Remedy SSO servers to support single sign-on between the two applications that are integrated with two different Remedy SSO servers as shown in the following image. 

Cross launch architecture.jpg

The target server relies on the JWT public certificate to validate the incoming cross launch request from the originating application. 

Before you begin

Ensure that the following component prerequisites are met:

Components

Prerequisites

Originating application

  • Must be located in a different domain than the target application
  • Must be able to construct a URL in the following format to cross launch:
    <protocol>:<target_rsso_host>:<target_rsso_port>/rsso/cross-sso?goto=<target_app_url>#jwt=<jwt>
  • Iframe must be available to allow the originating application to open the target application

Originating Remedy SSO server

The originating Remedy SSO server on which an originating application is deployed must be configured for any of the supported authentication mechanisms:

  • AR
  • SAML 2.0
  • LDAP
  • Kerberos 
  • Certificate-based 
  • Local
  • OpenID Connect
  • Pre-authentication

Target application

Must be located in a domain that is different from the domain of the originating application.

Target Remedy SSO server

  • Must be configured only for the PREAUTH authentication type
  • The public certificate must be applicable to the target Remedy SSO server
    Note: This public certificate must be configured manually.

Process for enabling single sign-on for cross launching

The following table explains the process of enabling single sign-on for cross launch.

Task

Reference

Configuring an application on the originating Remedy SSO server.

Configuring an application on the target Remedy SSO server.

Test cross launching to the application on the target Remedy SSO server

To access a target application, click on a link in an originating application. You will be redirected to the target application without a request to log in to the target server.  

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*