SSO LDAP Integration

This document explains how to integrate the BMC Remedy Mid Tier and BMC Remedy AR System server with the BMC Web Access Manager (WAM) or the Oracle Application Server (OracleAS) Single Sign-On (SSO). It applies to AR System 7.0.1. WAM 5.3, and OracleAS 10g (9.0.4). Consult the WAM or OracleAS documentation for details about their installation and procedures.

The following SSO LDAP files are in the <AR System server install dir>/plug-ins/ssoldap directory

* The plug-in: ssoldap.dll (for Windows) or ssoldap.so (for UNIX)

* The “SSO LDAP Configuration” form and its workflow: ssoldap.def

* The file: README.TXT

PREREQUISITES

To integrate the BMC Remedy Mid Tier and BMC Remedy AR System server with your (Single Sign On) SSO solution, you must be familiar with all components and know how to configure them. This includes:

* LDAP directory server

* Web server

* Web application server (servlet container)

* SSO solution

* AR System server and mid tier

Use this knowledge to determine the correct values for configuration attributes that are not specified in this document.

Before you begin to integrate your SSO solution, you must make sure:

For BMC WAM

1. A WAM-supported application server is installed, configured, and running correctly on a platform that is supported for both the BMC Remedy Mid Tier and WAM.

2. A WAM-supported LDAP directory server is installed, configured, and running correctly.

3. BMC WAM is installed, configured, and running correctly.

4. The BMC Remedy Mid Tier is installed, configured, and running correctly on the application server.

For ORACLE SSO

1. The OracleAS is installed, configured, and running correctly on a platform BMC supports for BMC Remedy Mid Tier.

2. The Oracle Internet Directory server is installed, configured, and running correctly.

3. The OracleAS SSO is installed, configured, and running correctly.

4. The BMC Remedy Mid Tier is installed, configured, and running correctly on the OracleAS.

CONFIGURATION

To integrate your SSO solution, you must configure the SSO solution, the BMC Remedy Mid Tier, and the AR System server.

Configuring BMC WAM

1. Using the WAM Configuration Manager, click System, then click Domain and make    sure the domain for the BMC Remedy Mid Tier is configured as follows:

Post to Login?: No

Build Credentials for Web Service Request: Yes

Treat Web Service Logins as True Logins: Yes

2. Using the WAM Policy Manager, create a resource for the BMC Remedy Mid Tier    with the following attributes:

Resource Type: Web Application

Protocol: http://

and add an attribute with:

Source: Enforcement Agent

Attribute Label: User Login ID

Header Name: BMC_WAM_AUTHENTICATED_USER

3. Deploy the new resource in WAM to give users access.

Configuring OracleAS SSO

Add the BMC Remedy Mid Tier to Oracle SSO as an external application as described in the Oracle Application Server Single Sign-On Administrator’s Guide.

Configuring the BMC Remedy Mid Tier

1. If you intend to change the encryption key used by the BMC Remedy Mid Tier and SSO LDAP plug-in:

a. Choose a clear text key of exactly 8 letters or digits.

b. In the <mid tier install dir>/WEB-INF/lib directory, run java -classpath MidTier.jar com.remedy.arsys.sso.EncodeKey <cleartext key>

c. Record the cleartext key and the encrypted key output.

2. In <web app install dir>/WEB-INF/classes, edit config.properties.

a. Replace:

arsystem.authenticator=com.remedy.arsys.session.DefaultAuthenticator

with:

arsystem.authenticator=com.remedy.arsys.sso.BMCWAMAuthenticator

(for BMC WAM)

arsystem.authenticator=com.remedy.arsys.sso.OracleAuthenticator

(for OracleAS SSO)

b. If required, replace the value of the arsystem.authenticator.sso.enckey entry with the encrypted key you created in step 1.

For example:

arsystem.authenticator.sso.enckey=105269288E76C311410B6595D6E52791

3. Stop and restart the servlet container running the BMC Remedy Mid Tier.

Configuring the SSO LDAP Plug-In

1. Copy the ssoldap.dll or ssoldap.so AREA plug-in file to the AR System server install directory.

2. Edit AR System configuration file (ar.conf or ar.cfg), and add

Plugin: ssoldap.dll (for Windows) or

Plugin: ssoldap.so (for UNIX)

or, if you are using the AREA hub, add

AREA-Hub-Plugin: ssoldap.dll (for Windows) or

AREA-Hub-Plugin: ssoldap.so (for UNIX)

3. Using the Remedy Administrator

a. Import ssoldap.def.

b. Make sure you have set up the mapping of LDAP groups to AR System groups

on the External Authentication tab of the Server Information dialog box.

4. Stop and restart the AR System server so that the plug-in server loads the plug-ins.

5. Using BMC Remedy User or the mid tier, log in to the AR System server as a user in the Administrator group, open the SSO LDAP Configuration form, and complete it as follows:

Encryption Key: arsystem (or the cleartext key you chose when you created

the encrypted key value for arsystem.authenticator.sso.enckey)

SSO Vendor: (Select your SSO solution.)

Group Membership: None

Roles List: (Name the LDAP attribute that lists the user roles. For example, the roledn attribute contains role definitions for some LDAP systems. Add any default roles in the Default Value field.)

other fields: (Same as those for the AREA LDAP Configuration form. See the section on “Configuring the AREA LDAP plug-in” in the Integrating with Plug-ins and Third-Party Products guide.)

6. Stop and restart the BMC Remedy AR System server.

Source and Credits: BMC Sofware Inc.

Explanation on SSO – Read it here

Java Plug in Solution (commercial)

Namaste

Venkat