I have just set up RSSO for Kerberos authentication according to the BMC document, Jean Christophe's Blog and John McKnight's accompanying YouTube video found here. In the RSSO admin console, under Realm, in addition to the default (*) realm, I created a new Realm with Kerberos authentication (AR bypass also enabled). I confirmed these KDC/SPN settings are correct by clicking the 'Test' button and it says "Kerberos Connection Successful" in green . I then checked my browser settings (in Group Policy) per the BMC document linked above. All of these settings appear to be correct, however when I close the browser, run gpupdate and reopen the browser to my Remedy logon page, it just shows the default Remedy logon page. with User Name, Password and Authentication instead of passing it on to RSSO with Kerberos. Obviously I was missing something. Since I installed RSSO on the Mid Tier, I ran the integration with the Mid Tier, per this BMC document. The installation was successful, but - after rebooting the Mid Tier server (and thus Tomcat as well) - it still only displays the default logon page.
[Side-note - I had previously started configuring an RSSO realm for Certificate-based authentication, and had set the clientAuth attribute in server.xml to want. When I switched to Kerberos authentication, I also changed the clientAuth value back to its original setting of false.]
My last thought was that the missing piece was the RSSO Agent. While I thought these settings were configured during the RSSO Integration with Mid Tier, maybe there was something I had to manually configure. During the integration installation, for both the public and service RSSO URL I had put https://midtierservername.domain.com:443/rsso. However, looking at the last paragraph of this BMC document, I am not sure this was correct. It says in a scenario where "Remedy SSO is deployed in the same Tomcat with Mid Tier.... Then, in the rsso-agent.properties file, the property sso-service-url must not be configured with URL using the specific hostname." Rather it should use localhost instead of the server name.
However, I am having trouble locating the rsso-agent.properties file to make this change. Any other tips or suggestions on troubleshooting this problem is much appreciated. The end goal is to have people open the URL for Remedy (https://midtierserver.domain.com/arsys/shared/login.jsp) and be automatically logged-in to Remedy using Kerberos and the same credentials they logged into the computer with.