Unsupported content This version of the product is in limited support. However, the documentation is available for your convenience. You will not be able to leave comments.

19.08 enhancements


Remedy Single Sign-On enhancements

The following sections provide information about the enhancements in the 19.08 release.

Launchpad enhancements

The launchpad functionality has been updated for end users and Remedy SSO administrators.

End user experience on the Digital Service Management page

In earlier versions of Remedy SSO, only applications that belonged to the end users' realm were displayed on the Digital Service Management page. With this release, in addition to the previous behavior, launchpad applications associated with tenants can be displayed on this page. Thus, applications from different realms or even external applications can be displayed on the Digital Service Management page. For more information about this feature, see Start-page.

Remedy SSO administrator experience on the LaunchPad page

In earlier versions of Remedy SSO, to add applications protected by Remedy SSO, in the Application URL field an administrator needed to enter only those URLs that were allowed from the domain of a realm. Applications that did not belong to end users' realm were not displayed to them, but the administrator could add any URL. Now, the administrator can enter any URL in this field if the tenant is specified. 

The Tenant field is available in the application registration form on the LaunchPad page in Remedy SSO Admin Console. The value that you enter in this field must be mapped to value of the Tenant field available in General settings of a realm. You can associate only one launchpad application with one tenant. For details about how to add applications on the LaunchPad page, see Adding-applications-to-the-Digital-Service-Management-page.

In addition to this, The LaunchPad page has been enhanced with the new filtering and search options:

RSSO LaunchPad page.png

Upgrade behavior

The Tenant field, by default, is empty after upgrade. Hence, all launchpad applications available to the end user on the Digital Service Management page prior to the 19.08 upgrade remain available after upgrade, if the Tenant field was not specified in the associated realm.

If the Tenant field was specified for some of the realms, then you must set this field for all applications associated with the realms. See Configuring-the-Remedy-SSO-server-after-upgrade for more details.

MSP page new look

The MSP page, displayed to end users in cases when Remedy SSO server does not know to which realm an end user belongs to, has been updated to the BMC style look and feel:

MSP page.jpg

OAuth 2 support for native clients

OAuth 2.0 authorization framework for third-party applications has been enhanced to support OAuth 2.0 for Native Apps. Oauth 2.0 for Native Apps provides a unified, modern, and secure way to use Remedy SSO for authenticating all types of native apps.The Remedy SSO toolkit for native apps reuses one of the existing libraries that supports OAuth 2.0 for Native Apps and embeds all the dependencies in one JAR file.

The Remedy SSO toolkit for native apps creates the authorization URL and opens in a default browser that redirects the user to this URL. The Remedy SSO toolkit provides an easy and fast way of obtaining the OAuth token required for authentication flow.

To use OAuth2 for native apps, a Remedy SSO administrator must register a public OAuth2 client by using the new Native (Public) client setting on the OAuth2 tab in Remedy SSO Admin Console. 

Native apps setting.png

For information about how to register a native OAuth2 client, see To register a native OAuth2 client.

Simplification of allowing Remedy SSO to authenticate applications in iframes

In earlier versions, to configure Remedy SSO to open RSSO login page in an iframe, you had to start Remedy SSO server with the following JAVA option: com.bmc.rsso.show.advanced.option.ui=true. The Allow-From Domain(s) option did not display by default. With version 19.08, the Allow-From Domain(s) option is by default available for all authentication types, and you need not start Remedy SSO server with this option. 

System accessibility

Section 508 has been implemented for the following Remedy SSO end user facing pages:

  • Login page
  • Digital Service Management page
  • Multi-Service Provider page
  • Consent page (the page where an end user confirms that the client application can act on behalf of this user)
  • Change password page

End users with limited physical opportunities can complete tasks on the Remedy SSO end user facing pages in the following way:

  • Complete tasks without using a mouse
  • Complete tasks by using a screen reader application
  • Complete tasks without using speakers.

System supportability

Remedy SSO has been enhanced to support the following system requirements:

Software

New versions supported

Operating systems

  • RHEL 8
  • Windows Server 2019

Databases

  • PostgreSQL 10
  • Amazon Aurora

Java

  • OpenJDK 12

What else changed in this release

In this release, note the following significant changes in the product behavior:

Update

Product behavior in versions earlier than 19.08

Product behavior in version 19.08

Remedy SSO agent and Remedy SSO server compatibility is limited.

Remedy SSO agent was compatible with any version or Remedy SSO server.

You must upgrade Remedy SSO server to a version later than 18.05 if you have Remedy SSO agent upgraded to 19.08.

logback.xml has been updated to replace calalina.home with catalina.base

On a server that had several Tomcat web servers installed, log files were recorded in the home directory calalina.home. It was difficult to analyze logs of different Tomcat servers.

On a server that has several Tomcat web servers installed, log files are recorded in the catalina.base directories of the corresponding Tomcat server.