BMC Remedy Single Sign On (SSO) LDAP Integration

August 31st, 2009 by Venkat
SSO LDAP Integration
====================
This document explains how to integrate the BMC Remedy Mid Tier and BMC Remedy
AR System server with the BMC Web Access Manager (WAM) or the Oracle Application
Server (OracleAS) Single Sign-On (SSO). It applies to AR System 7.0.1. WAM 5.3,
and OracleAS 10g (9.0.4). Consult the WAM or OracleAS documentation for details
about their installation and procedures.
The following SSO LDAP files are in the
<AR System server install dir>/plug-ins/ssoldap directory
* The plug-in: ssoldap.dll (for Windows) or ssoldap.so (for UNIX)
* The “SSO LDAP Configuration” form and its workflow: ssoldap.def
* This file: README.TXT
PREREQUISITES
=============
To integrate the BMC Remedy Mid Tier and BMC Remedy AR System server with your
SSO solution, you must be familiar with all components and know how to
configure them. This includes:
* LDAP directory server
* Web server
* Web application server (servlet container)
* SSO solution
* AR System server and mid tier
Use this knowledge to determine the correct values for configuration attributes
that are not specified in this document.
Before you begin to integrate your SSO solution, you must make sure:
For BMC WAM
———–
1. A WAM-supported application server is installed, configured, and running
correctly on a platform that is supported for both the BMC Remedy Mid Tier
and WAM.
2. A WAM-supported LDAP directory server is installed, configured, and running
correctly.
3. BMC WAM is installed, configured, and running correctly.
4. The BMC Remedy Mid Tier is installed, configured, and running correctly on
the application server.
For ORACLE SSO
————–
1. The OracleAS is installed, configured, and running correctly on a platform
BMC supports for BMC Remedy Mid Tier.
2. The Oracle Internet Directory server is installed, configured, and running
correctly.
3. The OracleAS SSO is installed, configured, and running correctly.
4. The BMC Remedy Mid Tier is installed, configured, and running correctly on
the OracleAS.
CONFIGURATION
=============
To integrate your SSO solution, you must configure the SSO solution, the BMC
Remedy Mid Tier, and the AR System server.
Configuring BMC WAM
——————-
1. Using the WAM Configuration Manager, click System, then click Domain and make
sure the domain for the BMC Remedy Mid Tier is configured as follows:
Post to Login?: No
Build Credentials for Web Service Request: Yes
Treat Web Service Logins as True Logins: Yes
2. Using the WAM Policy Manager, create a resource for the BMC Remedy Mid Tier
with the following attributes:
Resource Type: Web Application
Protocol: http://
and add an attribute with:
Source: Enforcement Agent
Attribute Label: User Login ID
Header Name: BMC_WAM_AUTHENTICATED_USER
3. Deploy the new resource in WAM to give users access.
Configuring OracleAS SSO
————————
Add the BMC Remedy Mid Tier to Oracle SSO as an external application as
described in the Oracle Application Server Single Sign-On Administrator’s Guide.
Configuring the BMC Remedy Mid Tier
———————————–
1. If you intend to change the encryption key used by the BMC Remedy Mid Tier
and SSO LDAP plug-in:
a. Choose a clear text key of exactly 8 letters or digits.
b. In the <mid tier install dir>/WEB-INF/lib directory, run
java -classpath MidTier.jar com.remedy.arsys.sso.EncodeKey <cleartext key>
c. Record the cleartext key and the encrypted key output.
2. In <web app install dir>/WEB-INF/classes, edit config.properties.
a. Replace:
arsystem.authenticator=com.remedy.arsys.session.DefaultAuthenticator
with:
arsystem.authenticator=com.remedy.arsys.sso.BMCWAMAuthenticator
(for BMC WAM)
arsystem.authenticator=com.remedy.arsys.sso.OracleAuthenticator
(for OracleAS SSO)
b. If required, replace the value of the arsystem.authenticator.sso.enckey
entry with the encrypted key you created in step 1. For example:
arsystem.authenticator.sso.enckey=105269288E76C311410B6595D6E52791
3. Stop and restart the servlet container running the BMC Remedy Mid Tier.
Configuring the SSO LDAP Plug-In
——————————–
1. Copy the ssoldap.dll or ssoldap.so AREA plug-in file to the AR System server
install directory.
2. Edit AR System configuration file (ar.conf or ar.cfg), and add
Plugin: ssoldap.dll (for Windows) or
Plugin: ssoldap.so (for UNIX)
or, if you are using the AREA hub, add
AREA-Hub-Plugin: ssoldap.dll (for Windows) or
AREA-Hub-Plugin: ssoldap.so (for UNIX)
3. Using the Remedy Administrator
a. Import ssoldap.def.
b. Make sure you have set up the mapping of LDAP groups to AR System groups
on the External Authentication tab of the Server Information dialog box.
4. Stop and restart the AR System server so that the plug-in server loads the
plug-ins.
5. Using BMC Remedy User or the mid tier, log in to the AR System server as a
user in the Administrator group, open the SSO LDAP Configuration form, and
complete it as follows:
Encryption Key: arsystem (or the cleartext key you chose when you created
the encrypted key value for arsystem.authenticator.sso.enckey)
SSO Vendor: (Select your SSO solution.)
Group Membership: None
Roles List: (Name the LDAP attribute that lists the user roles. For
example, the roledn attribute contains role definitions for some LDAP
systems. Add any default roles in the Default Value field.)
other fields: (Same as those for the AREA LDAP Configuration form. See
the section on “Configuring the AREA LDAP plug-in” in the Integrating
with Plug-ins and Third-Party Products guide.)
6. Stop and restart the BMC Remedy AR System server.

SSO LDAP Integration

This document explains how to integrate the BMC Remedy Mid Tier and BMC Remedy AR System server with the BMC Web Access Manager (WAM) or the Oracle Application Server (OracleAS) Single Sign-On (SSO). It applies to AR System 7.0.1. WAM 5.3, and OracleAS 10g (9.0.4). Consult the WAM or OracleAS documentation for details about their installation and procedures.

The following SSO LDAP files are in the <AR System server install dir>/plug-ins/ssoldap directory

* The plug-in: ssoldap.dll (for Windows) or ssoldap.so (for UNIX)

* The “SSO LDAP Configuration” form and its workflow: ssoldap.def

* The file: README.TXT

PREREQUISITES

To integrate the BMC Remedy Mid Tier and BMC Remedy AR System server with your (Single Sign On) SSO solution, you must be familiar with all components and know how to configure them. This includes:

* LDAP directory server

* Web server

* Web application server (servlet container)

* SSO solution

* AR System server and mid tier

Use this knowledge to determine the correct values for configuration attributes that are not specified in this document.

Before you begin to integrate your SSO solution, you must make sure:

For BMC WAM

1. A WAM-supported application server is installed, configured, and running correctly on a platform that is supported for both the BMC Remedy Mid Tier and WAM.

2. A WAM-supported LDAP directory server is installed, configured, and running correctly.

3. BMC WAM is installed, configured, and running correctly.

4. The BMC Remedy Mid Tier is installed, configured, and running correctly on the application server.

For ORACLE SSO

1. The OracleAS is installed, configured, and running correctly on a platform BMC supports for BMC Remedy Mid Tier.

2. The Oracle Internet Directory server is installed, configured, and running correctly.

3. The OracleAS SSO is installed, configured, and running correctly.

4. The BMC Remedy Mid Tier is installed, configured, and running correctly on the OracleAS.

CONFIGURATION

To integrate your SSO solution, you must configure the SSO solution, the BMC Remedy Mid Tier, and the AR System server.

Configuring BMC WAM

1. Using the WAM Configuration Manager, click System, then click Domain and make    sure the domain for the BMC Remedy Mid Tier is configured as follows:

Post to Login?: No

Build Credentials for Web Service Request: Yes

Treat Web Service Logins as True Logins: Yes

2. Using the WAM Policy Manager, create a resource for the BMC Remedy Mid Tier    with the following attributes:

Resource Type: Web Application

Protocol: http://

and add an attribute with:

Source: Enforcement Agent

Attribute Label: User Login ID

Header Name: BMC_WAM_AUTHENTICATED_USER

3. Deploy the new resource in WAM to give users access.

Configuring OracleAS SSO

Add the BMC Remedy Mid Tier to Oracle SSO as an external application as described in the Oracle Application Server Single Sign-On Administrator’s Guide.

Configuring the BMC Remedy Mid Tier

1. If you intend to change the encryption key used by the BMC Remedy Mid Tier and SSO LDAP plug-in:

a. Choose a clear text key of exactly 8 letters or digits.

b. In the <mid tier install dir>/WEB-INF/lib directory, run java -classpath MidTier.jar com.remedy.arsys.sso.EncodeKey <cleartext key>

c. Record the cleartext key and the encrypted key output.

2. In <web app install dir>/WEB-INF/classes, edit config.properties.

a. Replace:

arsystem.authenticator=com.remedy.arsys.session.DefaultAuthenticator

with:

arsystem.authenticator=com.remedy.arsys.sso.BMCWAMAuthenticator

(for BMC WAM)

arsystem.authenticator=com.remedy.arsys.sso.OracleAuthenticator

(for OracleAS SSO)

b. If required, replace the value of the arsystem.authenticator.sso.enckey entry with the encrypted key you created in step 1.

For example:

arsystem.authenticator.sso.enckey=105269288E76C311410B6595D6E52791

3. Stop and restart the servlet container running the BMC Remedy Mid Tier.

Configuring the SSO LDAP Plug-In

1. Copy the ssoldap.dll or ssoldap.so AREA plug-in file to the AR System server install directory.

2. Edit AR System configuration file (ar.conf or ar.cfg), and add

Plugin: ssoldap.dll (for Windows) or

Plugin: ssoldap.so (for UNIX)

or, if you are using the AREA hub, add

AREA-Hub-Plugin: ssoldap.dll (for Windows) or

AREA-Hub-Plugin: ssoldap.so (for UNIX)

3. Using the Remedy Administrator

a. Import ssoldap.def.

b. Make sure you have set up the mapping of LDAP groups to AR System groups

on the External Authentication tab of the Server Information dialog box.

4. Stop and restart the AR System server so that the plug-in server loads the plug-ins.

5. Using BMC Remedy User or the mid tier, log in to the AR System server as a user in the Administrator group, open the SSO LDAP Configuration form, and complete it as follows:

Encryption Key: arsystem (or the cleartext key you chose when you created

the encrypted key value for arsystem.authenticator.sso.enckey)

SSO Vendor: (Select your SSO solution.)

Group Membership: None

Roles List: (Name the LDAP attribute that lists the user roles. For example, the roledn attribute contains role definitions for some LDAP systems. Add any default roles in the Default Value field.)

other fields: (Same as those for the AREA LDAP Configuration form. See the section on “Configuring the AREA LDAP plug-in” in the Integrating with Plug-ins and Third-Party Products guide.)

6. Stop and restart the BMC Remedy AR System server.

Source and Credits: BMC Sofware Inc.

Explanation on SSO – Read it here

Java Plug in Solution (commercial)

Namaste

Venkat

Advertisement

9 comments

  1. Paul Crugman says:

    Thanks for sharing this valuable info, I havent yet implemented SSO, my client is pushing towards it very forcefully. I am trying to list all the problems that may be faced and problems with it.

    Will let you know when it is done.

    Paul

  2. Sonia says:

    can we get some examples for this?

  3. John Baker says:

    Venkat,

    Thanks for this super article, and thank you for providing users with the opportunity of reviewing our product. You may also want to look at:

    http://www.javasystemsolutions.com/movies/SSOforMidtierAndWUT/

    If you’d like to see the solution in action, and also see an WUT SSO integration too.

    Thanks again,

    John Baker

    • Venkat says:

      Thanks John for pointing me to the video, it will be a nice thing for folks who wants to see the SSO in action.

      I have heard something about someone tried to ripoff JSS, what is it all about?

      • Rohini says:

        Venkat,

        I’m trying to implement sso for BMC Dashboards. Do you have idea on how to do that ?

        I do not see any detailed information in the install document.

        Thanks for your reply.
        Rohini

      • John Baker says:

        Venkat,

        You are correct – an employee of a BMC partner company ripped off our product and is attempting to sell it. There’s still only one true implementation of the BMC AR System SSO whitepaper – the JSS SSO Plugin.

        Venkat, have you seen the SSO Plugin integration with the BMC RKM product? You can view it in this movie:

        http://www.javasystemsolutions.com/jss/ssoplugin

  4. Rohini says:

    Have you implemented sso for BMC Dashboards? Is it similar to this ?

%d bloggers like this: