Installing BMC Defender Active Directory Federation Services (ADFS) plug-in

The BMC Defender ADFS plug-in is usually delivered as a self-extracting WinZip file. The installation requires minimal installation steps.

Installation requirements

You can install the ADFS plug-in on any system with BMC Defender installed. The following items are required:

Existing BMC Defender Server installation—Before installing the ADFS plug-in, the
BMC AMI Command Center for Security
system must be installed on a Windows platform.
BMC Defender Apache TLS installation—Before installing the ADFS plug-in, the BMC Defender Apache TLS package must be installed at the site and a certificate created for the site. For more information, see BMC-Defender-Apache-TLS-adapter-deprecated.
Disk space requirements—The ADFS plug-in requires no significant disk space beyond the normal footprint of the
BMC AMI Command Center for Security
.
CPU requirements—The ADFS plug-in requires very little extra CPU. A single persistent process starts the BMC Defender Windows platform.

Basic installation procedure

The basic installation steps are as follows:

Access the ADFS Server and configure it. You can obtain the BMC Defender ADFS plug-in in the self-extracting WinZip format and executes the self-extracting WinZip file as the administrator. This unzips the plug-in into the existing BMC Defender Windows distribution, including all configuration data and executables.
Select the Alerts > Users tab and configure user alerts for for all users, consisting of match patterns and thresholds.
(Optional) Test the plug-in by using the Post New Message hyperlink found on the Messages > Search window to verify system operation and configuration of user alerts.

For information user alert parameter configuration, see one of the following topics:

(
BMC AMI Command Center for Security
) Using a BMC Defender Server user alert
(
BMC Defender SIEM Correlation Server
) Using a BMC Defender Server user alert

Administrative logins are required in order to install this plug-in.

Windows installation procedure

Perform the following procedure to install the ADFS plug-in on a Windows platform:

Obtain the plug-in package and execute the package to extract the plug-in components to the BMC Defender installation. You do not need to stop or restart BMC Defender.
Log in to the
BMC AMI Command Center for Security
Windows platform using an administrator-type login.
Obtain and execute the BMC-Defender-ADFS-Plugin-version.build.exe package extracting files to the directory location where BMC Defender is installed. The version and build change depending on their values, such as BMC-Defender-ADFS-Plugin-5.9.02.2950.exe. The default directory is C:\Program Files\BMC Software\BMC Defender.
Note
Do not extract files to a directory other than the existing BMC Defender installation. Ensure that you correctly specify the location of the BMC AMI Command Center for Security (for example, ensure that you specify the correct disk drive).
After extracting files, log in to the BMC Defender web interface by using a BMC Defender admin-type login and access the Alerts window by selecting the Logins > Users > ADFS tab.
Note
This tab is added to the system during this installation procedure. If the tab does not exist, you probably extracted the files to the wrong directory. For more information, see Using-BMC-Defender-Active-Directory-Federation-Services-ADFS-plug-in.

Verifying installation

To perform a preliminary configuration and verify that the installation is correct, perform the following procedure:

Select System > Logins > ADFS profiles window. At the bottom of the window, click Test. Verify that no errors are detected.
Note
Test tests the URLs to the ADFS and BMC AMI Command Center for Security. If any errors are reported, click Edit and verify that the ADFS Server URL and BMC AMI Command Center for Security URL values are correctly configured.
At the upper right corner of the window, click the Logout and verify that the BMC Defender logon screen is displayed. Verify that the following new links exist at the top of the window:
- Sign On using Active Directory Federation Services
- Sign Out of ADFS
Note
These links are displayed only if ADFS Logon Functions = Enabled and BMC Defender logon screen Type = Normal. If these links are not displayed, check these settings on the ADFS window.
In the BMC Defender logon window, click Sign On Via Active Directory Federated Services link and verify that the logon page of the ADFS Server is displayed.
An ADFS error message might be displayed for one of the following reasons:
- The redirected URL is incorrectly configured at ADFS or BMC Defender, or both.
- The ADFS Server Logon Endpoint value is incorrect.
If the ADFS error message is displayed, make adjustments and repeat the test.
To see detailed error indications logged by ADFS when displaying the error message, enable ADFS Trace Debug in the Windows Event Log Viewer .
The proper credentials to the BMC AMI Command Center for Security are displayed in the ADFS logon window. Verify that the BMC AMI Command Center for Security grants access based on the correct Active Directory credentials that you entered.
Notes
- If, after entering proper credentials, you are presented with an error message, the Client ID or Client Secret values are probably incorrect. Read the error message and make corrections accordingly. If necessary, contact BMC Support.
- If the You Are Not Registered window is displayed, the ADFS logon is successful but the user name entered (without any domain name) is not found in the System > Logins > Users window. To view any BMC Defender Server window, your user name must exist in the System > Logins > Users window and you must have access to the system. To add the user name used in the ADFS logon to the list of BMC Defender users, select System > Logins > Users.