Share This:

This month's blog is brief, but it covers an important topic of integrating Jetty server with Remedy SSO.  We have recently seen an increase in the number of support requests on this integration.  Below are the main topics of this blog:

 

[A]  Prior to Integrating Jetty server with Remedy SSO

[B] How to integrate Remedy SSO with Jetty server?  What components are involved (Prerequisites)?

[C] Steps to manually integrate Jetty server with Remedy SSO

           [C.1]  Running RSSO Installer

             [C.2] Copying 'rsso-agent.properties' file and making configuration changes in it

             [C.3]  Configuring AGENT-ID 

             [C.4] Configuring SSO Redirections

             [C.5]  WORKAROUND - Configuring memory-cache param

             [C.6]  Configuring RSSO AREA Plugin on AR Server

             [C.7]  Copy RSSO Agent file under DEPLOY folder

             [C.8]  Restart AR server service

 

 

There is a documentation in-place on this topic (link copied below).  This blog compliments to the doc link by adding some some screenshots and a crucial workaround of configuring 'use-in-memory-cache' parameter in order to make this integration working.

 

Documentation link:  Manually integrating Remedy Single Sign-On with Jetty server - Documentation for Remedy Action Request System 20.02 - BM…

 

Upon doing this integration, user won't be again prompted to login to Configuration Management Dashboard, which is the case now even after AR and MidTier  is integrated with Remedy SSO and, supposedly having an active active user session.

 

[A] Prior to Integrating Jetty server with Remedy SSO

 

Upon login to Remedy MidTier and access 'Configuration Manager Dashboard', you will be prompted with the login page like the one below:

 

login for CMDB UI.JPG

 

[B] How to integrate Remedy SSO with Jetty server?  What components are involved (Prerequisites)?

 

Components:

 

 

Installer:

 

BMC Remedy SSO installer, when run on AR server, by selecting an option 'Integrate with AR server', installs and configures all the files necessary for AR-RSSO integration.  The installer is also suppose to do multiple checks, like availability of Jetty server, Innovation Studio etc, and accordingly install additional files for those components, to integrate.  However, I'm sorry to inform here, at the time when installer performs files are not copied on many occasions, those pertaining to Jetty server integration.  Hence, manual integration comes into play.  Fortunately, the files are not too many to copy,  just a couple of them.  As a source of copying files, you'd need Remedy SSO Installer binaries on every AR server you're planning to integrate.

 

[C] Steps to manually integrate Jetty server with Remedy SSO

 

[C.1]  Running RSSO Installer

 

After RSSO installer is run successfully on AR server with an option 'integrate with AR server', ensure the MidTier is also integrated with RSSO and, user can authenticated via RSSO.  That is a prerequisite.  If user can't login using the combination of AR-MIDTIER-RSSO integration, authentication to Configuration Manager Dashboard won't work too.  Please refer to our following step-by-step guidelines to verify and correct AR-MidTier-RSSO integration pointers.  The below URL contains information for other components too besides just AR and Midtier, please only focus on the ones needed.

 

https://docs.bmc.com/docs/rsso/2002/manually-integrating-remedy-sso-with-bmc-applications-908954457.html

 

If user authentication works now after performing the above checks, please proceed to the next step.

 

[C.2] Copying 'RSSO-AGENT.PROPERTIES' file and making configuration changes in it

 

Stop the AR server service.  Copy 'rsso-agent.properties' file from <RSSO installer folder>/BMCRemedySSO/Disk1/files/rsso-agent/  to <ARSystem>\conf directory and, make the following changes

 

[C.3]  Configuring AGENT-ID 

 

NOTE:  <Agent-id> - Please don't keep the name of  AR Jetty RSSO agent-id same as MidTier RSSO Agent ID, or else upon logging out from Configuration Manager Dashboard, user session will be removed from MidTier too - details of the change below

 

agent-id=ARJetty_agent

# Application URL to trigger the RSSO logout process.

logout-urls=/api/rsso-logout

 

Agent ID.JPG

 

[C.4] Configuring SSO Redirections

 

# To support multiple RSSO servers, set the value to a comma separated string: each represents a 'domain to server url' mapping, with the format of <domain>:<url>, e.g. domain1:https://server1:8443/rsso,domain2:https://server2:8443/rsso

 

sso-external-url=http://remedysso.domain.com:8080/rsso

 

# RSSO webapp internal url for service calls.

# To support multiple RSSO servers, set the value to a comma separated string, each represents a 'domain to server url' mapping, with the format of <domain>:<url>, e.g. domain1:http://server1:8080/rsso,domain2:http://server2:8080/rsso

 

sso-service-url=http://remedysso.domain.com:8080/rsso

 

 

SSO redirections1.JPG

[C.5]  WORKAROUND - Configuring memory-cache param

 

  • Configure the following parameter in 'rsso-agent.properties' or else the redirection to Remedy SSO doesn't occur.  It is only a workaround to explicitly set this parameter to false, until the defect is fixed.  This parameter enables RSSO Agent to choose between HTTP session and in-memory cache, when performing SSO Token validation.  When this parameter is set to true, it can save a trip to RSSO server for token validation by validating against its memory-cache.

 

               use-in-memory-cache=false

 

[C.6]  Configuring RSSO AREA Plugin on AR Server

 

I'd also assume the following configuration already in-place in <ARSystem>\pluginsvr\pluginsvr-config.xml file

 

pluginsvr_config.JPG

 

 

[C.7]  Copy RSSO Agent file under DEPLOY folder

 

Copy the file 'rsso-agent-osgi.jar' from <RSSODistr>/BMCRemedySSO/Disk1/files/rsso-agent/   to  <AR_SERVER_HOME>/deploy

 

[C.8]  Restart AR server service

 

Upon a successful restart of AR server service, clear the browser cache and login to MidTier.  Launch 'Configuration Manager Dashboard' available under 'Atrium Core' sub-menu.   User should be authenticated to the new CMDB UI without having to ask for credentials.