DWP Advanced-How to Integrate DWP Advanced with RSSO?

Version 117
    Share This:

    This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.


    BMC Digital Workplace Advanced


    MyIT Service Broker


    BMC Digital Workplace Advanced Catalog, DWP Mobile, DWP Advanced, RSSO. Meant for DWP 19.02 and beyond


    What are the best practices to configure RSSO with DWP Advanced and with other Applications?



     DWP Configuration Steps 


           From DWP 20.08 and beyond, installer will ask you if you want to enable RSSO and RSSO Server details.
           For now follow below steps:

    • Create rsso-agent.properties with the RSSO details. See KA 000159409

    • Enable RSSO on DWP Database









    • Login as Demo or equivalent (dwpadmin) onto BMC Digital Workplace Catalog AR Server using Midtier/User Tool,]

    • Go to Common Server Configuration-> Centralized Configuration -> arsys.server.shared→shared and update CrossRef value to T and save.

    • You must have run the configure rsso script which is under </dwpcatalog>/sb/configure_rsso



    • Example of the details you should've provided 


               Click on the image to enlarge


    User-added image

    • Restart DWP Catalog Service








    Run  ITSM user sync utility


    Run user_group_sync.sh to sync ITSM with DWP Catalog and create a cronjob for this, too.





    Consider the following when integrating DWP Catalog/DWP A with RSSO


    1. Enable Chaining Mode for each and every Realm defined in the RSSO Admin Console, and make sure that you have AR Authentication Type for all of them. Enable AR authentication for bypass, too.


    Please, note that AR Authentication Type goes last, this means, that SAML, AD, LDAP, Kerberos Authentication methods should always go in front of AR Authentication, when using Chaining Mode only.


    2. User ID Transformation must be the same for each and every Authentication Type defined for every single Realm.


    NOTE:  If you have LDAP, Kerberos, AD, SAML with upper case loginID's, then use the attached jar file: uidtransformDomainaLowercase.jar, to get an additional User ID Transformation Method > RemoveDomainandlowercase. -- This is not officialy supported--




    If you need any other specific User ID Transformation method, like Upper Case Transformation you need to build jar. Make sure the loginID record matches across DWP C and ITSM.




    User-added image


     IMPORTANT! This file needs to be place under <TomcatInstallDirectory>/webapps/rsso/WEB-INF/lib/ and requires a Tomcat restart




    3. Make sure that  hannah_admin record exists on both ends: DWP Catalog and ITSM, on CTM People and User form, with the exact same password. This user needs Admin, MyIT Admin, MyIT Super Admin permissions. You will have to add this under ITSM User form.


    IMPORTANT! Please, note that the loginID should not  have the domain on it, i.e. hannah_admin@domain.com




    4. For DWP Catalog only: Edit the User record of those users which are going to Administer the DWP Catalog, this is under the DWP Catalog User Form. You can do this either via Midtier or Remedy User Tool.


    In the Group List field, put: Administrator, sbe-catalog-admins, first and remove sbe-myit-users from these user’s Group List. You can have more Group List defined, but have to make sure those two go first and in that specific order.







    • If you have 2 DWP servers (or more),  then you will have to point them to a single database (basically as a cluster); some DWP server(s) will be externally facing and the rest will be internally facing.
    • Subsequently, there would be 2 RSSO servers (one external, one internal) with a single database.
    • You can also use a single RSSO server, having two aliases (internal and external) and configure loadbalancer/dns rules to redirect traffic as desired.
    • With the RSSO configuration, you  should have a single realm with authentication chaining. In this case, there won’t be a need to point to multiple DWPC urls under the Enhanced Catalog Admin. 
    •  On this example, The first one is Kerberos and the fall back will be SAML. So when users access the internal DWP server, they would use Kerberos, while external users would authenticate via SAML.
    • If you have different domains (urls) for DMZ and Intranet, then make sure the servers can talk to each other, and that DWP server in Domain A can be resolved by  DWP Server in Domain B and viceversa.
    • NOTE: Most of MSP and oAuth issues have been resolved on 19.11 and beyond versions. 


                      Setup a F5 redirection so that the DWP Catalog server authenticates against the external RSSO, that way the external URL authentication will work.




    Integrating RSSO with Other Applications




    1. Please, go to this section BMC Remedy SSO for other BMC applications under the following document:




    And make sure that you perform all the steps for every application listed.




     Integrating RSSO with DWP Mobile apps.






    1.- Create new DNS entries for DWP for Mobile Applications, one for DWP A and one for DWP C. Your Network Team should be able to assist you.
    2.- Create a new Realm for DWP Mobile and follow the below steps.


    I. Enable Realm Configuration


     In the left navigation panel of the Add Realm or Edit Realm page, click Authentication.

    1. In the Authentication Type field, click SAML.

    3. Select the Enable AR authentication for bypass check box to enable bypass URL to authenticate against AR. For more information about enabling BMC Remedy AR System authentication for bypass, see Enabling AR System authentication for bypass.

    5. Enter the SAML details. 

    7. Click Test to verify the settings.

    9. Remember that AR Authentication should go last in the Chain and that the UserID Transformation should match across all the Authentication Methods defined for the Realm.

    11. Click Save.




    NOTE: If you face any issues, collect AR Java Plugin / RSSO Server-Client/Tomcat/Jetty/DWP logging and submit a case with BMC Support, against the product that is failing .




    Additional help
    000183979 - DWP Catalog - RSSO Troubleshooting / Changing RSSO Default logging directory for more details



    Article Number:


    Article Type:


      Looking for additional information?    Search BMC Support  or  Browse Knowledge Articles