Hi Daniel, The Remedy Authentication Alias is covered on page 76 of the ARS 7.6.4 configuration Guide.
Regards Jacques Andre | Senior Software Engineer - BMC Remedy Savvis, A CenturyLink Company -----Original Message----- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of pritch Sent: 05 June 2013 15:18 To: arslist@ARSLIST.ORG Subject: Re: Remedy SSO Login with CaC There are two reserved fields you would add to the user form. Depending on how you want to populate those fields, you can add a bit of workflow to however you add users to capture the data. ----- Original Message ----- From: "Daniel Pritchard" <daniel.b.pritch...@gmail.com> To: arslist@ARSLIST.ORG Sent: Wednesday, June 5, 2013 9:57:03 AM Subject: Re: Remedy SSO Login with CaC ** Rich, Where is the alias feature at in Remedy. I am not familiar with this. I agree with the EDIPI number, I do not want to change the Login ID's from firstname.lastname and would love a solution for this. Dan On Wed, Jun 5, 2013 at 9:50 AM, Rick Cook < remedyr...@gmail.com > wrote: ** Dan, one thing you should look into is using the authentication alias feature built into Remedy. Basically, you put the EDIPI in the alias field, and LDAP authenticates against it, which it reads from the CAC. If you put the EDIPI in the Login ID field, you're in for a host of problems. Rick On Jun 5, 2013 6:34 AM, "Dan" < daniel.b.pritch...@gmail.com > wrote: ** Unfortunately we do not have anyone with Java or API knowledge on staff. I was hoping that someone on the list could point me in the right direction or provide some help with the solution. Thanks for the reply though, at least now I know there is a fix out there and it just needs to be configured and applied. v/r Dan On Wednesday, June 5, 2013 9:10:56 AM UTC-4, Longwing, Lj wrote: ** Dan, I currently work with a customized community sso version that was modified to take what is given to it and cross reference it with the corporate id of the user gather the user id of that user from the person form, and then pass that to the Remedy server.....so I say a definitive 'yes' to your question...Java could easily parse the entire CAC String and then do the lookup for user id and then pass that into Remedy...it just takes someone with relatively basic Java skills (and some API knowledge maybe) to get it done... On Wed, Jun 5, 2013 at 6:53 AM, Dan < daniel.b....@gmail.com > wrote: ** Listers, Environment Remedy 7.6.04 SP2 Midtier 7.6.04 SP4 Windows 2008 R2 Servers SQL database I work within the DoD and we have been told to move over to CAC authentication. I have installed Atrium SSO, configured it and with the help of the Hotfix provided by Remedy, which allows to map SSO usernames to Remedy Usernames, have it basically working. Here is my problem. Atrium SSO uses the full Common Name off of the CAC, i.e. LASTNAME.FIRSTNAME.MI. EDIPINUMBER, when it creates its users and this is what it passes to Remedy when logging in users. I can store that in the mapping file that maps it to the users but we currently have around 10k users in our system. First off getting all 10k users to provide the CN from thier CAC's would be near impossible not to mention maintaining the mapping file. What I would like to know is have any of you created or come a cross a way to strip off the LASTNAME.FIRSTNAME.MI from the CN and just pass the EDIPI number to remedy. I can pull that from my Active Directory to update the mapping file if needed. The next question is have any of you created or come across a way to store the EDIPI number in the People form, like in the Corporate ID field, and have the mid-tier cross reference the EDIPI number or CN to that field and then log in the user with their username. Any help would be greatly appreciated. v/r Dan Pritchard _ARSlist: "Where the Answers Are" and have been for 20 years_ _ARSlist: "Where the Answers Are" and have been for 20 years_ _ARSlist: "Where the Answers Are" and have been for 20 years_ _ARSlist: "Where the Answers Are" and have been for 20 years_ _ARSlist: "Where the Answers Are" and have been for 20 years_ _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years" This message contains information which may be confidential and/or privileged. Unless you are the intended recipient (or authorized to receive for the intended recipient), you may not read, use, copy or disclose to anyone the message or any information contained in the message. If you have received the message in error, please advise the sender by reply e-mail and delete the message and any attachment(s) thereto without retaining any copies. _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
