This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.
Remedy Single Sign On
Remedy Single Sign On
RSSO 9.1x and above
We have changed the DB password of the RSSO database user; how can we encrypt the password and modify the RSSO configuration so this new password is used?
The following doc was supplied to them but they didn't want to determine a new encryption key.
You must change the encryption key after upgrading BMC Remedy SSO and use it to encrypt the database password again. Perform the following steps to change the encrypt key and re-encrypt the password.
Determine the new encryption key.
Run the following command to obtain a new password for the database user.
java -jar rsso-ds-<RSSO_version>
.jar <password> <
* <password>: Is the unencrypted password of the database user.
-key>: Is the
.jar: Can be found in the <tomcat>/webapps/rsso/WEB-INF/lib folder.
For each BMC Remedy SSO server in the cluster, perform the following steps:
Modify the rsso.key file in the <tomcat>/webapps/rsso/WEB-INF/classes folder.
Change existing line key=<old-key> to key.old=<old-key>, where <old-key> is the current key in rsso.key file.
Add a new line key=<new-key>, where <new-key> is the new key to be applied.
Modify the context.xml file in <tomcat>/webapps/rsso/META-INF folder.
Update the password field as password="AES:<encrypted-password>", where <encrypted-password> is the encrypted password obtained in Step 2.
Log in to the Admin console of BMC Remedy SSO.
On the General tab, click Save without making any change.
Click the Realm tab.
Edit each realm and click Save without making any change.
For each BMC Remedy SSO server, remove the old encryption key from the rsso.key file in the <tomcat>/webapps/rsso/WEB-INF/classes folder.
Note that there is no need to restart the BMC Remedy SSO server after you change the encryption key.
When RSSO is installed where the installation creates the RSSO DB and user a file name rsso.key gets created under <tomcat>/webapps/rsso/WEB-INF/classes
However as the customer installed RSSO with a pre-created DB and user this file didn't get created.
The key in this file is the same for all OOTB RSSO 9.1 installations and is this value: !esrevinUehTssorcA
This key can be used if the customer doesn't want to determine a new encryption key.
Once the new password has been encrypted follow the docs to add this to the configuration for RSSO.
RSSO should now be able to connect to the database successfully.
Note: using Linux OS you may need to add single quotes around the new password and encryption key for the command to run successfully:
java -jar rsso-ds-<version>.jar 'newpassword' 'encryptionstring'