Archive for the ‘Plug-ins & Interfaces’ category

BMC Remedy – Action Request Exteranl Authentications – AREA Hub

September 7th, 2009
*********************************************************
AREA HUB
*********************************************************
The AREA Hub is an AREA plug-in that enables you to add multiple AREA plug-ins to the plug-in server.
The plug-in server directly supports only one AREA plug-in. But sometimes more than one AREA plug-ins might be needed. The AREA Hub allows this. The AREA plug-in itself is the single AREA plug-in to be added to the plug-in server. The rest of the plug-ins can be added as sub plug-ins to the Hub.
How to use it:
==============
1. Create an entry in the ar.cfg/ar.conf file for the AREA HUb as shown here:
Plugin: areahub.dll
Make sure this is the only AREA plug-in being added.
2. Create entries for the rest of the plug-ins in the same file as shown below:
AREA-Hub-Plugin: my_area_plug-in.dll
3. If you are adding multiple entries to this plug-in, create an entry for each plug-in, as shown in the following example:
AREA-Hub-Plugin: my_area_plug-in_1.dll
AREA-Hub-Plugin: my_area_plug-in_2.dll
AREA-Hub-Plugin: my_area_plug-in_3.dll
4. Stop and start the AR System plug-in Server. (This generally requires restarting the AR System server).
These are all the action you needs to do to use the AREA Hub.
How the AREA Hub works.
=======================
Note: The plug-ins added to the AREA Hub are referred to as Hub-plug-ins
1. The AREA Hub loads the Hub-plug-ins in the order in which they appear in the ar.cfg/ar.conf file. So the first entry the AREA Hub finds will be the first plug-in loaded, the second entry the second, and so on.
2. The job of the AREA Hub is to propagate the calls it receives from the plug-in server to each hub-plug-in, as required.
3. When the AREA Hub receives the ARplug-inIdentify call, starting from the top of the Hub-plug-in list , the Hub will make this call to each hub-plug-in, until one of them returns a successful login, or all of them return login failures.
The status returned by the Hub to the plug-in server is as follows:
–  If any of the Hub-plug-ins returns AREA_LOGIN_SUCCESS, the Hub stops chaining and returns this response.
–  If none of the Hub-plug-ins returns AREA_LOGIN_SUCCESS, but at least one of them returned AREA_LOGIN_FAILED, then the Hub returns AREA_LOGIN_FAILED.
–  If none of the Hub-plug-ins returns AREA_LOGIN_SUCCESS or AREA_LOGIN_FAILED, then the Hub returns the highest error code that was returned.
The section below gives more details about how the Hub handles each API received by it.
———————-
ARplug-inIdentify
———————-
–  The Hub identifies itself as an AREA plug-in.
–  AREA plug-ins not yet loaded.
———————-
ARplug-inSetProperties
———————-
– Load all the sub-plug-ins. During loading each sub-plug-in, ARplug-inIdentify is called on each on them.
– Propagate ARplug-inSetProperties call to each sub-plug-in
———————-
ARplug-inInitialization
———————-
– This call is propagated to each sub-plug-in.
———————-
ARplug-inCreateInstance
———————-
– Propagate call to each sub-plug-in.
– The instance objects returned by each plug-in are held by the Hub itself.
———————-
ARplug-inTermination
———————-
– Propagate call to each sub-plug-in.
———————-
ARplug-inDeleteInstance
———————-
– Propagate call to each sub-plug-in
———————-
ARplug-inEvent
———————-
– Propagate call to each sub-plug-in
———————-
AREAVerifyLoginCallback
———————-
– Starting from the top of the sub-plug-in list, the Hub will make this call to each sub-plug-in, until one of them returns a successful login, or all of them return login failures.
– Immediately after making this call to each plug-in, the Hub will make a copy of the returned response, and make a call to the sub-plug-in’s AREAFreeCallback with the response object.
– The chaining will continue until one of the sub-plug-ins returns success, or all of them return something other than success.
– The status returned by the Hub to the plug-in server is as follows:
If any of the sub-plug-ins returns AREA_LOGIN_SUCCESS, the Hub stops chaining and returns this response.
If none of the sub-plug-ins returns AREA_LOGIN_SUCCESS, but at least one of them returned AREA_LOGIN_FAILED, then the Hub returns AREA_LOGIN_FAILED.
If none of the sub-plug-ins returns AREA_LOGIN_SUCCESS or AREA_LOGIN_FAILED, then the Hub returns the highest error code that was returned.
———————-
AREANeedToSyncCallback
———————-
– Starting from the top of the list of plug-ins, the Hub will make this call to each sub-plug-in.
– If any one of them returns a non-zero value, the Hub will stop chaining and return this non-zero value.
– If all the sub-plug-ins return zero, the Hub returns the same.
———————-
AREAFreeCallback
———————-
– On receiving this call, the Hub will free the memory allocated for the returned response object.
– It does not need to propagate this call to the sub-plug-ins because the response that each of them returned was already freedimmediately after the AREAVerifyLogi

The AREA Hub is an AREA plug-in that enables you to add multiple AREA plug-ins to the plug-in server.

The plug-in server directly supports only one AREA plug-in. But sometimes more than one AREA plug-ins might be needed. The AREA Hub allows this. The AREA plug-in itself is the single AREA plug-in to be added to the plug-in server. The rest of the plug-ins can be added as sub plug-ins to the Hub.

How to use it:

==============

1. Create an entry in the ar.cfg/ar.conf file for the AREA HUb as shown here:

Plugin: areahub.dll

Make sure this is the only AREA plug-in being added.

2. Create entries for the rest of the plug-ins in the same file as shown below:

AREA-Hub-Plugin: my_area_plug-in.dll

3. If you are adding multiple entries to this plug-in, create an entry for each plug-in, as shown in the following example:

AREA-Hub-Plugin: my_area_plug-in_1.dll

AREA-Hub-Plugin: my_area_plug-in_2.dll

AREA-Hub-Plugin: my_area_plug-in_3.dll

4. Stop and start the AR System plug-in Server. (This generally requires restarting the AR System server).

These are all the action you needs to do to use the AREA Hub.

How the AREA Hub works.

=======================

Note: The plug-ins added to the AREA Hub are referred to as Hub-plug-ins

1. The AREA Hub loads the Hub-plug-ins in the order in which they appear in the ar.cfg/ar.conf file. So the first entry the AREA Hub finds will be the first plug-in loaded, the second entry the second, and so on.

2. The job of the AREA Hub is to propagate the calls it receives from the plug-in server to each hub-plug-in, as required.

3. When the AREA Hub receives the ARplug-inIdentify call, starting from the top of the Hub-plug-in list , the Hub will make this call to each hub-plug-in, until one of them returns a successful login, or all of them return login failures.

The status returned by the Hub to the plug-in server is as follows:

–  If any of the Hub-plug-ins returns AREA_LOGIN_SUCCESS, the Hub stops chaining and returns this response.

–  If none of the Hub-plug-ins returns AREA_LOGIN_SUCCESS, but at least one of them returned AREA_LOGIN_FAILED, then the Hub returns AREA_LOGIN_FAILED.

–  If none of the Hub-plug-ins returns AREA_LOGIN_SUCCESS or AREA_LOGIN_FAILED, then the Hub returns the highest error code that was returned.

The section below gives more details about how the Hub handles each API received by it.

———————-

ARplug-inIdentify

———————-

–  The Hub identifies itself as an AREA plug-in.

–  AREA plug-ins not yet loaded.

———————-

ARplug-inSetProperties

———————-

– Load all the sub-plug-ins. During loading each sub-plug-in, ARplug-inIdentify is called on each on them.

– Propagate ARplug-inSetProperties call to each sub-plug-in

———————-

ARplug-inInitialization

———————-

– This call is propagated to each sub-plug-in.

———————-

ARplug-inCreateInstance

———————-

– Propagate call to each sub-plug-in.

– The instance objects returned by each plug-in are held by the Hub itself.

———————-

ARplug-inTermination

———————-

– Propagate call to each sub-plug-in.

———————-

ARplug-inDeleteInstance

———————-

– Propagate call to each sub-plug-in

———————-

ARplug-inEvent

———————-

– Propagate call to each sub-plug-in

———————-

AREAVerifyLoginCallback

———————-

– Starting from the top of the sub-plug-in list, the Hub will make this call to each sub-plug-in, until one of them returns a successful login, or all of them return login failures.

– Immediately after making this call to each plug-in, the Hub will make a copy of the returned response, and make a call to the sub-plug-in’s AREAFreeCallback with the response object.

– The chaining will continue until one of the sub-plug-ins returns success, or all of them return something other than success.

– The status returned by the Hub to the plug-in server is as follows:

If any of the sub-plug-ins returns AREA_LOGIN_SUCCESS, the Hub stops chaining and returns this response.

If none of the sub-plug-ins returns AREA_LOGIN_SUCCESS, but at least one of them returned AREA_LOGIN_FAILED, then the Hub returns AREA_LOGIN_FAILED.

If none of the sub-plug-ins returns AREA_LOGIN_SUCCESS or AREA_LOGIN_FAILED, then the Hub returns the highest error code that was returned.

———————-

AREANeedToSyncCallback

———————-

– Starting from the top of the list of plug-ins, the Hub will make this call to each sub-plug-in.

– If any one of them returns a non-zero value, the Hub will stop chaining and return this non-zero value.

– If all the sub-plug-ins return zero, the Hub returns the same.

———————-

AREAFreeCallback

———————-

– On receiving this call, the Hub will free the memory allocated for the returned response object.

– It does not need to propagate this call to the sub-plug-ins because the response that each of them returned was already freed immediately after the AREAVerifyLoginCallback call to them.

Source and Credit: BMC Software Inc.

BMC Remedy Single Sign On (SSO) LDAP Integration

August 31st, 2009
SSO LDAP Integration
====================
This document explains how to integrate the BMC Remedy Mid Tier and BMC Remedy
AR System server with the BMC Web Access Manager (WAM) or the Oracle Application
Server (OracleAS) Single Sign-On (SSO). It applies to AR System 7.0.1. WAM 5.3,
and OracleAS 10g (9.0.4). Consult the WAM or OracleAS documentation for details
about their installation and procedures.
The following SSO LDAP files are in the
<AR System server install dir>/plug-ins/ssoldap directory
* The plug-in: ssoldap.dll (for Windows) or ssoldap.so (for UNIX)
* The “SSO LDAP Configuration” form and its workflow: ssoldap.def
* This file: README.TXT
PREREQUISITES
=============
To integrate the BMC Remedy Mid Tier and BMC Remedy AR System server with your
SSO solution, you must be familiar with all components and know how to
configure them. This includes:
* LDAP directory server
* Web server
* Web application server (servlet container)
* SSO solution
* AR System server and mid tier
Use this knowledge to determine the correct values for configuration attributes
that are not specified in this document.
Before you begin to integrate your SSO solution, you must make sure:
For BMC WAM
———–
1. A WAM-supported application server is installed, configured, and running
correctly on a platform that is supported for both the BMC Remedy Mid Tier
and WAM.
2. A WAM-supported LDAP directory server is installed, configured, and running
correctly.
3. BMC WAM is installed, configured, and running correctly.
4. The BMC Remedy Mid Tier is installed, configured, and running correctly on
the application server.
For ORACLE SSO
————–
1. The OracleAS is installed, configured, and running correctly on a platform
BMC supports for BMC Remedy Mid Tier.
2. The Oracle Internet Directory server is installed, configured, and running
correctly.
3. The OracleAS SSO is installed, configured, and running correctly.
4. The BMC Remedy Mid Tier is installed, configured, and running correctly on
the OracleAS.
CONFIGURATION
=============
To integrate your SSO solution, you must configure the SSO solution, the BMC
Remedy Mid Tier, and the AR System server.
Configuring BMC WAM
——————-
1. Using the WAM Configuration Manager, click System, then click Domain and make
sure the domain for the BMC Remedy Mid Tier is configured as follows:
Post to Login?: No
Build Credentials for Web Service Request: Yes
Treat Web Service Logins as True Logins: Yes
2. Using the WAM Policy Manager, create a resource for the BMC Remedy Mid Tier
with the following attributes:
Resource Type: Web Application
Protocol: http://
and add an attribute with:
Source: Enforcement Agent
Attribute Label: User Login ID
Header Name: BMC_WAM_AUTHENTICATED_USER
3. Deploy the new resource in WAM to give users access.
Configuring OracleAS SSO
————————
Add the BMC Remedy Mid Tier to Oracle SSO as an external application as
described in the Oracle Application Server Single Sign-On Administrator’s Guide.
Configuring the BMC Remedy Mid Tier
———————————–
1. If you intend to change the encryption key used by the BMC Remedy Mid Tier
and SSO LDAP plug-in:
a. Choose a clear text key of exactly 8 letters or digits.
b. In the <mid tier install dir>/WEB-INF/lib directory, run
java -classpath MidTier.jar com.remedy.arsys.sso.EncodeKey <cleartext key>
c. Record the cleartext key and the encrypted key output.
2. In <web app install dir>/WEB-INF/classes, edit config.properties.
a. Replace:
arsystem.authenticator=com.remedy.arsys.session.DefaultAuthenticator
with:
arsystem.authenticator=com.remedy.arsys.sso.BMCWAMAuthenticator
(for BMC WAM)
arsystem.authenticator=com.remedy.arsys.sso.OracleAuthenticator
(for OracleAS SSO)
b. If required, replace the value of the arsystem.authenticator.sso.enckey
entry with the encrypted key you created in step 1. For example:
arsystem.authenticator.sso.enckey=105269288E76C311410B6595D6E52791
3. Stop and restart the servlet container running the BMC Remedy Mid Tier.
Configuring the SSO LDAP Plug-In
——————————–
1. Copy the ssoldap.dll or ssoldap.so AREA plug-in file to the AR System server
install directory.
2. Edit AR System configuration file (ar.conf or ar.cfg), and add
Plugin: ssoldap.dll (for Windows) or
Plugin: ssoldap.so (for UNIX)
or, if you are using the AREA hub, add
AREA-Hub-Plugin: ssoldap.dll (for Windows) or
AREA-Hub-Plugin: ssoldap.so (for UNIX)
3. Using the Remedy Administrator
a. Import ssoldap.def.
b. Make sure you have set up the mapping of LDAP groups to AR System groups
on the External Authentication tab of the Server Information dialog box.
4. Stop and restart the AR System server so that the plug-in server loads the
plug-ins.
5. Using BMC Remedy User or the mid tier, log in to the AR System server as a
user in the Administrator group, open the SSO LDAP Configuration form, and
complete it as follows:
Encryption Key: arsystem (or the cleartext key you chose when you created
the encrypted key value for arsystem.authenticator.sso.enckey)
SSO Vendor: (Select your SSO solution.)
Group Membership: None
Roles List: (Name the LDAP attribute that lists the user roles. For
example, the roledn attribute contains role definitions for some LDAP
systems. Add any default roles in the Default Value field.)
other fields: (Same as those for the AREA LDAP Configuration form. See
the section on “Configuring the AREA LDAP plug-in” in the Integrating
with Plug-ins and Third-Party Products guide.)
6. Stop and restart the BMC Remedy AR System server.

SSO LDAP Integration

This document explains how to integrate the BMC Remedy Mid Tier and BMC Remedy AR System server with the BMC Web Access Manager (WAM) or the Oracle Application Server (OracleAS) Single Sign-On (SSO). It applies to AR System 7.0.1. WAM 5.3, and OracleAS 10g (9.0.4). Consult the WAM or OracleAS documentation for details about their installation and procedures.

The following SSO LDAP files are in the <AR System server install dir>/plug-ins/ssoldap directory

* The plug-in: ssoldap.dll (for Windows) or ssoldap.so (for UNIX)

* The “SSO LDAP Configuration” form and its workflow: ssoldap.def

* The file: README.TXT

PREREQUISITES

To integrate the BMC Remedy Mid Tier and BMC Remedy AR System server with your (Single Sign On) SSO solution, you must be familiar with all components and know how to configure them. This includes:

* LDAP directory server

* Web server

* Web application server (servlet container)

* SSO solution

* AR System server and mid tier

Use this knowledge to determine the correct values for configuration attributes that are not specified in this document.

Before you begin to integrate your SSO solution, you must make sure:

For BMC WAM

1. A WAM-supported application server is installed, configured, and running correctly on a platform that is supported for both the BMC Remedy Mid Tier and WAM.

2. A WAM-supported LDAP directory server is installed, configured, and running correctly.

3. BMC WAM is installed, configured, and running correctly.

4. The BMC Remedy Mid Tier is installed, configured, and running correctly on the application server.

For ORACLE SSO

1. The OracleAS is installed, configured, and running correctly on a platform BMC supports for BMC Remedy Mid Tier.

2. The Oracle Internet Directory server is installed, configured, and running correctly.

3. The OracleAS SSO is installed, configured, and running correctly.

4. The BMC Remedy Mid Tier is installed, configured, and running correctly on the OracleAS.

CONFIGURATION

To integrate your SSO solution, you must configure the SSO solution, the BMC Remedy Mid Tier, and the AR System server.

Configuring BMC WAM

1. Using the WAM Configuration Manager, click System, then click Domain and make    sure the domain for the BMC Remedy Mid Tier is configured as follows:

Post to Login?: No

Build Credentials for Web Service Request: Yes

Treat Web Service Logins as True Logins: Yes

2. Using the WAM Policy Manager, create a resource for the BMC Remedy Mid Tier    with the following attributes:

Resource Type: Web Application

Protocol: http://

and add an attribute with:

Source: Enforcement Agent

Attribute Label: User Login ID

Header Name: BMC_WAM_AUTHENTICATED_USER

3. Deploy the new resource in WAM to give users access.

Configuring OracleAS SSO

Add the BMC Remedy Mid Tier to Oracle SSO as an external application as described in the Oracle Application Server Single Sign-On Administrator’s Guide.

Configuring the BMC Remedy Mid Tier

1. If you intend to change the encryption key used by the BMC Remedy Mid Tier and SSO LDAP plug-in:

a. Choose a clear text key of exactly 8 letters or digits.

b. In the <mid tier install dir>/WEB-INF/lib directory, run java -classpath MidTier.jar com.remedy.arsys.sso.EncodeKey <cleartext key>

c. Record the cleartext key and the encrypted key output.

2. In <web app install dir>/WEB-INF/classes, edit config.properties.

a. Replace:

arsystem.authenticator=com.remedy.arsys.session.DefaultAuthenticator

with:

arsystem.authenticator=com.remedy.arsys.sso.BMCWAMAuthenticator

(for BMC WAM)

arsystem.authenticator=com.remedy.arsys.sso.OracleAuthenticator

(for OracleAS SSO)

b. If required, replace the value of the arsystem.authenticator.sso.enckey entry with the encrypted key you created in step 1.

For example:

arsystem.authenticator.sso.enckey=105269288E76C311410B6595D6E52791

3. Stop and restart the servlet container running the BMC Remedy Mid Tier.

Configuring the SSO LDAP Plug-In

1. Copy the ssoldap.dll or ssoldap.so AREA plug-in file to the AR System server install directory.

2. Edit AR System configuration file (ar.conf or ar.cfg), and add

Plugin: ssoldap.dll (for Windows) or

Plugin: ssoldap.so (for UNIX)

or, if you are using the AREA hub, add

AREA-Hub-Plugin: ssoldap.dll (for Windows) or

AREA-Hub-Plugin: ssoldap.so (for UNIX)

3. Using the Remedy Administrator

a. Import ssoldap.def.

b. Make sure you have set up the mapping of LDAP groups to AR System groups

on the External Authentication tab of the Server Information dialog box.

4. Stop and restart the AR System server so that the plug-in server loads the plug-ins.

5. Using BMC Remedy User or the mid tier, log in to the AR System server as a user in the Administrator group, open the SSO LDAP Configuration form, and complete it as follows:

Encryption Key: arsystem (or the cleartext key you chose when you created

the encrypted key value for arsystem.authenticator.sso.enckey)

SSO Vendor: (Select your SSO solution.)

Group Membership: None

Roles List: (Name the LDAP attribute that lists the user roles. For example, the roledn attribute contains role definitions for some LDAP systems. Add any default roles in the Default Value field.)

other fields: (Same as those for the AREA LDAP Configuration form. See the section on “Configuring the AREA LDAP plug-in” in the Integrating with Plug-ins and Third-Party Products guide.)

6. Stop and restart the BMC Remedy AR System server.

Source and Credits: BMC Sofware Inc.

Explanation on SSO – Read it here

Java Plug in Solution (commercial)

Namaste

Venkat

%d bloggers like this: