Did you read through the documentation:
Basic process is as follows:
-Create Database for Remedy SSO
-Install Remedy SSO application on a server
-Configure Remedy SSO SAML authentication with AD Federated Services
-Create java keystore containing the self-signed cert
-Generate a server cert request
-Import the issued server cert and CA certificate chain into your keystore
-Configure tomcat to utilize SSL / HTTPS
-Configure Remedy SSO Realm
-Update the SP metadata at the Identity Provider
-Create the relying trust (AD team usually does this)
-Deploy SSO agents on AR System and Mid Tier
I think the most difficult part to get right is the configuration of the realm, SP metadata, and stuff on the A/D side. It took us several attempts to get this all working.
Thanks Ryan for your kind response.
If possible please could you elaborate on points 3-7.
Please could you provide detail for the below points:-
-Configure Remedy SSO SAML authentication with AD Federated Services......?
-Create java keystore containing the self-signed cert.?
-Generate a server cert request?
-Import the issued server cert and CA certificate chain into your keystore?
-Configure tomcat to utilize SSL / HTTPS?
Which operating system is running ARS? Because the settings on *nix and windows for AD are a bit different
To elaborate on what Ryan was talking about.
-After Remedy SSO install, you must establish SSL configuration for tomcat
The link above will help you create a java keystore and a certificate request. The certificate request is used to get a trusted cert. This is necessary to establish a link with AD FS. keep in mind when creating the keystore and certificate that you use FQDN and match case. The server name must be consistent in the cert, java keystore, and URL entries.
-Create the Realm and select SAML authentication type
-Import the IdP (AD FS) login URL, will be supplied by an AD FS admin or Active Directory admin. it should auto fill most of the entries for SAML.
-Get metadata URL to import into AD FS/IdP. The AD FS server will only except if the SSL configured correctly on your RSSO server.
-You will have to create a relying trust which is covered in this article https://docs.bmc.com/docs/display/rsso1802/Integrating+IdP+with+Remedy+SSO+for+SAML+IdP+initiated+login
-you will also need to import your trusted cert from your RSSO server on the AD FS server
-export the AD FS certs (do not export the private key) then import those certs into the same java keystore
UPDATE: Sorry gave you the wrong link for Apache tomcat SSL configuration. http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html
I will go through the steps provided & will keep all posted.
I am exploring other options as well like LDAP authentication for RSSO but having some queries:-
1. Using the LDAP authentication can we directly navigate to ITSM home page or we have to provide the credentials in RSSO login page?
2. If we want to directly navigate to ITSM , is it possible please suggest?
Early response will be highly appreciated.
I am almost certain that LDAP requires credentials. According to BMC, "a realm is configured for an authentication method such as AR, LDAP, or Local, Which prompts users to provide their login name and password." https://docs.bmc.com/docs/x/Elh7Jw Kerberos and SAML are your options for direct authentication.
Thanks for your prompt response.
Also I am going through the Kerberos authentication method & bit stuck with below points:-
Machine name of the Key Distribution Center.
Kerberos realm created for Remedy SSO on Key Distribution Center.
Service account name for Remedy SSO.
Service account password if SPN credential type is to be used.
Keytab file if keytab credential type is to be used.
Please could anyone suggest on it.
on your server or your machine on the network open up command prompt and type klist. maybe that will give you a clue of what the KDC realm is.
Can anyone suggest which one is easy to implement & more robust:-
SAML or Kerberos as an authentication method for the RSSO.