Classification: UNCLASSIFIED Caveats: NONE Norm:
For now, users will still receive a login prompt. However, they can enter their username once and create an account on the client. Following that they can select the username from the dropdown and click OK - no password. My workflow picks up from there. Thank you, Christopher Michaud Remedy System Administrator/Developer US Army Medical Information Technology Center (USAMITC) Core Technology Division - Systems Engineering Branch Office: 210.295.3589 DSN: 421-3589 -----Original Message----- From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Kaiser Norm E CIV USAF 96 CS/SCCE Sent: Tuesday, September 02, 2008 10:23 AM To: arslist@ARSLIST.ORG Subject: Re: Integrate Remedy User Tool with CAC card (UNCLASSIFIED) Chris: If you're doing CAC authentication via workflow, how do you overcome the Remedy User tool's need for username and password? That is, one must first be logged onto the client before one can begin executing workflow. Your approach sounds very interesting to me...the username/password challenge is what throws me. Norm -----Original Message----- From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Michaud, Christopher W Mr CTR USA MEDCOM Sent: Tuesday, September 02, 2008 10:02 AM To: arslist@ARSLIST.ORG Subject: Re: Integrate Remedy User Tool with CAC card (UNCLASSIFIED) Classification: UNCLASSIFIED Caveats: NONE We chose a phased CAC implementation. The first phase was to CAC enable the Mid-Tier via the IIS server. From there I control the users access to Remedy and the Mid-Tier application through a process that performs the CAC validation and then passes the validated CAC user to the correct Mid-Tier starting point based on criteria we determine. This required closing a couple holes in the Mid-Tier product to prevent users from trying to circumvent the validation and directly accessing forms via URLs. In some cases we populate the login id, lock it and require a password to be entered based on Remedy permission level. In other cases, I pass the users directly to specific Mid-Tier forms. This is not true SSO but it does perform the required application access validation via CAC card quite well. Next I'm planning on implementing CAC validation for both the Mid-Tier and the User Tool using simple Remedy-based workflow I've developed. This code does not rely on the DLL hooks to function, but again it performs CAC validation and control - not true SSO. The upside to this is that because it's almost entirely Remedy workflow, it's easy to maintain and customize as needed and it does not need to be updated and recompiled each time your ARS release changes. The last phase will be to work out the SSO capability. Thank you, Christopher Michaud Remedy System Administrator/Developer US Army Medical Information Technology Center (USAMITC) Core Technology Division - Systems Engineering Branch Office: 210.295.3589 DSN: 421-3589 -----Original Message----- From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Steve Michadick Sent: Friday, August 29, 2008 7:13 AM To: arslist@ARSLIST.ORG Subject: Re: Integrate Remedy User Tool with CAC card (UNCLASSIFIED) You can add the US Marine Corps to that list. We, too, are upgrading to ARS 7.1 ITSM 7.0 and have to use CAC login. We have our BMC professional services "team" working on a solution. I'll have them take a look at the USAF's solution and see if it can work for us. Steve Michadick Remedy Engineer Marine Corps Network Operations and Security Center (MCNOSC) Phone: 703-432-6726 -----Original Message----- From: Easter, David [mailto:[EMAIL PROTECTED] Sent: Thursday, August 28, 2008 4:42 PM Subject: Re: Integrate Remedy User Tool with CAC card (UNCLASSIFIED) I can try to help a little, although I'm somewhat bound by confidentiality, so I apologize that I can't go into detail beyond what I'll say here. When the "Single Sign-On (SSO) and Other Client-Side Login Intercept Technologies" interface was created, it was BMC's expectation that customers or partners would take this interface and create point-to-point integrations with solutions in the marketplace. At this time, there are no short term plans for BMC to productize such integrations. If this remains a "gap" in the marketplace, that decision may be revisited - but I would encourage the development community to share work done in this area among other community members or for an enterprising partner or solution provider to create a marketable solution for such point-to-point integrations to popular SSO environments. Also, There is a Department of Defense Instruction NUMBER 8520.2 (http://www.dtic.mil/whs/directives/corres/html/852002.htm). This Instruction applies to: "2.4. All DoD unclassified and classified information systems including networks (e.g., Non-secure Internet Protocol Router Network , Secret Internet Protocol Router Network, web servers, and e-mail systems. E3.4.1.3. Other Information Systems. For information systems requiring authentication other than network login or web servers, the system owner shall perform a business case analysis to determine if PK-Enabling is warranted. The business case analysis shall be submitted to the DoD Component CIO for review and approval. If warranted, the information system shall be PK-Enabled." This has influenced several U.S. military bases to pursue integrating the CAC with their Remedy systems. Because this request affects multiple branches of the U.S. Armed Services, one would expect that work done at one base could be shared with other bases - although I certainly understand that there may be bureaucratic or other barriers to such sharing. However, if there are any shared DoD resources, you may wish to reach out internally to other bases that have Remedy based solutions. My understanding is that the military has, for the most part, chosen a single vendor for CAC - so work done once should be applicable in most other environments. Of the branches that I'm aware of, I believe the Air Force is currently the farthest along with the Army also making requests for the CAC integration. In addition, if this cannot be solved at a community or partner level, I believe there is some work being done by BMC Professional Services to assist in the use of CAC and SSO with the predominant SSO vendor solution chosen by the Air Force. Customers may wish to individually contact BMC Professional Services for assistance in creating such integrations. Hope this helps... -David J. Easter Sr. Product Manager, Solution Strategy and Development BMC Software, Inc. The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. -----Original Message----- From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Abdullah Baytops Sent: Wednesday, August 27, 2008 10:37 AM To: arslist@ARSLIST.ORG Subject: Re: Integrate Remedy User Tool with CAC card (UNCLASSIFIED) I would be interested as well for our Army organization just gave us this requirement as well this week. I was hoping someone else has done it as well. V/R Abdul Baytops Director of Business Operations Digital Foundation Corporation Web: www.thedigitalcorp.com Toll Free: 888-754-0341 Phone: 240-346-4628 (Direct Mobile) Fax: 301-710-5368 Email: [EMAIL PROTECTED] (Service Disabled Veteran Owned Small Business ) -----Original Message----- From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Begosh, Kevin Sent: Wednesday, August 27, 2008 12:40 PM To: arslist@ARSLIST.ORG Subject: Re: Integrate Remedy User Tool with CAC card (UNCLASSIFIED) That is a good question, I know some military customers that I have worked with that wanted this too. From what I know I have never seen it. I know I asked BMC about it a couple of years ago and they did not have anything for it. I would be interested in this information as well. Kevin Begosh, RSP External Initiatives System Design & Integration 301-791-3540 Phone 410-422-3623 Cell [EMAIL PROTECTED] -----Original Message----- From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Nguyen, AnhThien Mr CTR NG NGB ARNG Sent: Wednesday, August 27, 2008 10:22 AM To: arslist@ARSLIST.ORG Subject: Integrate Remedy User Tool with CAC card (UNCLASSIFIED) Classification: UNCLASSIFIED Caveats: NONE Hi List, Currently ARS 6.3, SQL 2000. Planning to upgrade to ARS 7.1 & SQL 2005. ITSM v7 down the road but not right now. >From the documentation, Remedy User Tool 7.x includes a hook that allows one >to specify a DLL that will be called instead of the login page at startup. This DLL can do whatever work you want-interact with other systems, open windows, perform calculations, and so on. However, we do not have a solution in place yet. I was hoping to see if anyone has implemented CAC card with Remedy User Tool. Any information you can provide will be greatly appreciated. Thanks, Thien Classification: UNCLASSIFIED Caveats: NONE ________________________________________________________________________ _______ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are" ____________________________________________________________________________ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are" _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are" _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are" _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are" Classification: UNCLASSIFIED Caveats: NONE _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are" _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are" Classification: UNCLASSIFIED Caveats: NONE _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"