Re: Single Sign On (SSO) with CAS

[Serouche Rahimpour]

Excellent thanks!


-Original Message-
From: Action Request System discussion list(ARSList) 
[mailto:arslist@ARSLIST.ORG] On Behalf Of Alex Agle
Sent: Thursday, May 28, 2015 10:37 PM
To: arslist@ARSLIST.ORG
Subject: Re: Single Sign On (SSO) with CAS

I went ahead and wrote a 10 page guide on implementing SSO with CAS.

I hope it is helpful.  If anyone has any corrections, please feel free to send 
them my way.

Thanks,
Alex

On Tue, May 26, 2015 at 04:20:18PM -0600, LJ LongWing wrote:
 Alex,
 Anybody that is willing to provide help to the community is 
 appreciatedso, while I don't currently have any use for that 
 information, I never quite know where I'm going to be next month/year, 
 and I might find the information useful, so, if you don't mind, 
 please, post :)
 
 On Tue, May 26, 2015 at 4:16 PM, Alex Agle alex.a...@oit.gatech.edu wrote:
 
  Hi everyone,
 
  I haven't posted in years, because I was spending most of my time 
  working with a different BMC product.  Now I'm circling back to the 
  BMC Remedy Action Request System.  We're on 6.3 (on Solaris), moving 
  to 8.1.2p1 on Linux next month.
 
  I documented the upgrade of our test environment.  It didn't go the 
  most smoothly, and I couldn't have completed it without BMC Support's help.
  We had to manually update some of the table structures.  Perhaps 
  this is because we totally skipped 7.0, 7.1, 7.5, 7.6, and 8.0.  We 
  also had a duplicate index on one table, according to the data 
  dictionary, so we had to delete it.
 
  In any case, my last technical challenge was to get single sign on 
  working.  I never tried to get it working before, and I thought it 
  would be a bonus if I could get it working as part of this upgrade.
 
  I did a lot of google searching, and I saw a few other posts where 
  other people were trying to accomplish what I wanted to do.  Either 
  nobody responded, or some people gave some general pointers, or 
  javasystemsolutions.com chimed in to tout their product.
 
  In any case, after a long 14 hour day, I finally got it working.
  We have the following environment:
  Linux RHEL 6.6 / Apache 2.2 / Tomcat 7.0 / mod_ssl /
mod_auth_cas 1.0.9 / areasso 7.0
 
  If there is any interest, I will write up a guide on how to 
  implement SSO with CAS and share it with the list.
 
  Thanks,
  Alex
  --
  O--O--O-O
  |   Alex Agle   \/ Lead Application Developer   |
  O---/\  Georgia Institute of Technology |
  |(404)894-6165 //\\  EIS - Applications Support |
  | Atlanta, GA //\/\\  alex.agle(@)oit.gatech.edu|
  OO-\/\/-O---O
 
 
  
  ___ UNSUBSCRIBE or access ARSlist Archives at 
  www.arslist.org Where the Answers Are, and have been for 20 years
 
 
 __
 _ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org 
 Where the Answers Are, and have been for 20 years

--
O--O--O-O
|   Alex Agle   \/ Lead Application Developer   |
O---/\  Georgia Institute of Technology |
|(404)894-6165 //\\  EIS - Applications Support |
| Atlanta, GA //\/\\  alex.agle(@)oit.gatech.edu|
OO-\/\/-O---O

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers 
Are, and have been for 20 years

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Where the Answers Are, and have been for 20 years

Re: Single Sign On (SSO) with CAS

[Rick Phillips]

Very nice!

Thanks,

rp

On 5/28/2015 1:36 PM, Alex Agle wrote:

I went ahead and wrote a 10 page guide on implementing SSO with CAS.

I hope it is helpful.  If anyone has any corrections, please feel
free to send them my way.

Thanks,
Alex

On Tue, May 26, 2015 at 04:20:18PM -0600, LJ LongWing wrote:

Alex,
Anybody that is willing to provide help to the community is
appreciatedso, while I don't currently have any use for that
information, I never quite know where I'm going to be next month/year, and
I might find the information useful, so, if you don't mind, please, post :)

On Tue, May 26, 2015 at 4:16 PM, Alex Agle alex.a...@oit.gatech.edu wrote:


Hi everyone,

I haven't posted in years, because I was spending most of my time working
with a different BMC product.  Now I'm circling back to the BMC Remedy
Action Request System.  We're on 6.3 (on Solaris), moving to 8.1.2p1
on Linux next month.

I documented the upgrade of our test environment.  It didn't go the most
smoothly, and I couldn't have completed it without BMC Support's help.
We had to manually update some of the table structures.  Perhaps this
is because we totally skipped 7.0, 7.1, 7.5, 7.6, and 8.0.  We also
had a duplicate index on one table, according to the data dictionary,
so we had to delete it.

In any case, my last technical challenge was to get single sign on
working.  I never tried to get it working before, and I thought it
would be a bonus if I could get it working as part of this upgrade.

I did a lot of google searching, and I saw a few other posts where
other people were trying to accomplish what I wanted to do.  Either
nobody responded, or some people gave some general pointers, or
javasystemsolutions.com chimed in to tout their product.

In any case, after a long 14 hour day, I finally got it working.
We have the following environment:
Linux RHEL 6.6 / Apache 2.2 / Tomcat 7.0 / mod_ssl /
   mod_auth_cas 1.0.9 / areasso 7.0

If there is any interest, I will write up a guide on how to implement
SSO with CAS and share it with the list.

Thanks,
Alex
--
O--O--O-O
|   Alex Agle   \/ Lead Application Developer   |
O---/\  Georgia Institute of Technology |
|(404)894-6165 //\\  EIS - Applications Support |
| Atlanta, GA //\/\\  alex.agle(@)oit.gatech.edu|
OO-\/\/-O---O


___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Where the Answers Are, and have been for 20 years


___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Where the Answers Are, and have been for 20 years


___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Where the Answers Are, and have been for 20 years

Re: Single Sign On (SSO) with CAS

[Serouche Rahimpour]

Hi,

Yes please do post the info.
I’ve implemented the SSO with CAS and have the same environment you described 
except instead of Linux we still have an old “SunOS Generic_147440-09 sun4v 
sparc sun4v”
We shall move to Linux in a couple of months. So your info could be very much 
appreciated.
Best



From: Action Request System discussion list(ARSList) 
[mailto:arslist@ARSLIST.ORG] On Behalf Of LJ LongWing
Sent: Wednesday, May 27, 2015 12:20 AM
To: arslist@ARSLIST.ORG
Subject: Re: Single Sign On (SSO) with CAS

**
Alex,
Anybody that is willing to provide help to the community is appreciatedso, 
while I don't currently have any use for that information, I never quite know 
where I'm going to be next month/year, and I might find the information useful, 
so, if you don't mind, please, post :)

On Tue, May 26, 2015 at 4:16 PM, Alex Agle 
alex.a...@oit.gatech.edumailto:alex.a...@oit.gatech.edu wrote:
Hi everyone,

I haven't posted in years, because I was spending most of my time working
with a different BMC product.  Now I'm circling back to the BMC Remedy
Action Request System.  We're on 6.3 (on Solaris), moving to 8.1.2p1
on Linux next month.

I documented the upgrade of our test environment.  It didn't go the most
smoothly, and I couldn't have completed it without BMC Support's help.
We had to manually update some of the table structures.  Perhaps this
is because we totally skipped 7.0, 7.1, 7.5, 7.6, and 8.0.  We also
had a duplicate index on one table, according to the data dictionary,
so we had to delete it.

In any case, my last technical challenge was to get single sign on
working.  I never tried to get it working before, and I thought it
would be a bonus if I could get it working as part of this upgrade.

I did a lot of google searching, and I saw a few other posts where
other people were trying to accomplish what I wanted to do.  Either
nobody responded, or some people gave some general pointers, or
javasystemsolutions.comhttp://javasystemsolutions.com chimed in to tout their 
product.

In any case, after a long 14 hour day, I finally got it working.
We have the following environment:
Linux RHEL 6.6 / Apache 2.2 / Tomcat 7.0 / mod_ssl /
  mod_auth_cas 1.0.9 / areasso 7.0

If there is any interest, I will write up a guide on how to implement
SSO with CAS and share it with the list.

Thanks,
Alex
--
O--O--O-O
|   Alex Agle   \/ Lead Application Developer   |
O---/\  Georgia Institute of Technology |
|(404)894-6165tel:%28404%29894-6165 //\\  EIS - Applications Support |
| Atlanta, GA //\/\\  alex.agle(@)oit.gatech.eduhttp://oit.gatech.edu|
OO-\/\/-O---O

___
UNSUBSCRIBE or access ARSlist Archives at 
www.arslist.orghttp://www.arslist.org
Where the Answers Are, and have been for 20 years

_ARSlist: Where the Answers Are and have been for 20 years_

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Where the Answers Are, and have been for 20 years

Re: Single Sign On (SSO) with CAS

[LJ LongWing]

Alex,
Anybody that is willing to provide help to the community is
appreciatedso, while I don't currently have any use for that
information, I never quite know where I'm going to be next month/year, and
I might find the information useful, so, if you don't mind, please, post :)

On Tue, May 26, 2015 at 4:16 PM, Alex Agle alex.a...@oit.gatech.edu wrote:

 Hi everyone,

 I haven't posted in years, because I was spending most of my time working
 with a different BMC product.  Now I'm circling back to the BMC Remedy
 Action Request System.  We're on 6.3 (on Solaris), moving to 8.1.2p1
 on Linux next month.

 I documented the upgrade of our test environment.  It didn't go the most
 smoothly, and I couldn't have completed it without BMC Support's help.
 We had to manually update some of the table structures.  Perhaps this
 is because we totally skipped 7.0, 7.1, 7.5, 7.6, and 8.0.  We also
 had a duplicate index on one table, according to the data dictionary,
 so we had to delete it.

 In any case, my last technical challenge was to get single sign on
 working.  I never tried to get it working before, and I thought it
 would be a bonus if I could get it working as part of this upgrade.

 I did a lot of google searching, and I saw a few other posts where
 other people were trying to accomplish what I wanted to do.  Either
 nobody responded, or some people gave some general pointers, or
 javasystemsolutions.com chimed in to tout their product.

 In any case, after a long 14 hour day, I finally got it working.
 We have the following environment:
 Linux RHEL 6.6 / Apache 2.2 / Tomcat 7.0 / mod_ssl /
   mod_auth_cas 1.0.9 / areasso 7.0

 If there is any interest, I will write up a guide on how to implement
 SSO with CAS and share it with the list.

 Thanks,
 Alex
 --
 O--O--O-O
 |   Alex Agle   \/ Lead Application Developer   |
 O---/\  Georgia Institute of Technology |
 |(404)894-6165 //\\  EIS - Applications Support |
 | Atlanta, GA //\/\\  alex.agle(@)oit.gatech.edu|
 OO-\/\/-O---O


 ___
 UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
 Where the Answers Are, and have been for 20 years


___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Where the Answers Are, and have been for 20 years

Re: Single Sign-On (SSO)

[Team Remedy]

John,
thanks alot for your suggest !

You say to use BMC community code, but where i can find this code ?
i would like to realize the solution myself without include other people (i.e. 
Column or similar).

can you help me to indicate the 'right street' ? 

i try to read 'Integrating BMC® Remedy®Action Request System®
with Single Sign-On (SSO) Authentication Systems and
Other Client-Side Login Intercept Technologies' 

but i understand just a little !

thx
Peter

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug12 www.wwrug12.com ARSList: Where the Answers Are

Re: Single Sign-On (SSO)

[Nathan Aker]

Yes, this can be done.  Column Technologies helped us set this up, they have a 
packaged custom plugin they've written to perform the pass-through SSO solution 
which basically gets applied to your Miditer server and intercepts traffic to 
the web server and authenticates to your Identity Mgt solution then passes you 
through into Remedy. 

The licensing does not change with an SSO solution, based on function the user 
would still need to the appropriate license for the functionality used.   If 
you are talking about the basic Requester Console, this interface does not 
require a license,  but if you are referring to the full Service Request 
Management module, that is a licensed component and they would require a 
license.

Hope this helps, contact Column Technologies (www.columnit.com) for info on 
their SSO solution, they were able to get us up and running in short order on 
it.   Thanks.  Nate.

Nathan Aker
ITSM Solution Architect
McAfee, Inc.

-Original Message-
From: Action Request System discussion list(ARSList) 
[mailto:arslist@ARSLIST.ORG] On Behalf Of Team Remedy
Sent: Thursday, May 31, 2012 4:31 AM
To: arslist@ARSLIST.ORG
Subject: Single Sign-On (SSO)

Hi all,
i would like to log to Requester Console bypassing the login page of Mid Tier. 

the User could access to the system using his Web portal and i try to interface 
the RQC by Single Sign-On (SSO) of BMC Remedy.
Is it possible ?

i don't understand if Single Sign-On (SSO) needs of regular license by BMC !
any Idea ?

can you help me to solve this requirement ?

thx
Peter

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 
www.wwrug12.com ARSList: Where the Answers Are

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug12 www.wwrug12.com ARSList: Where the Answers Are

Re: Single Sign On and Remedy

[Kelly Logan]

The classic doc on SSO is on the BMC support site.  Here's the link I turn up 
(this is valid for ARS 7.1):  
http://documents.bmc.com/supportu/documents/57/12/65712/65712.pdf

This directs you through the free option, which essentially is allowing the 
customer to use their domain password to login to Remedy.

If you want to have complete passthrough without any login, you'll need a 
customized solution.  There are a few out there, or the doc above will direct 
you how to develop your own.  (I see that Mr. Gill is presenting one of the 
vendor options now.  :^)

Kelly Logan
Office  :  763-764-2375
Mobile:  313-645-4552

From: Action Request System discussion list(ARSList) 
[mailto:arsl...@arslist.org] On Behalf Of Jase Brandon
Sent: Wednesday, May 26, 2010 2:33 PM
To: arslist@ARSLIST.ORG
Subject: Single Sign On and Remedy

** Hello All,
I have been tasked with coming up with a Single Sign On solution using Remedy 
as the source. I think the People form would be the obvious place to start.
I am curious to know if anyone else has done anything similar or if there is 
some Out of the Box solution available that integrates easily with Remedy.

Thanks in Advance,

Jase Brandon
Remedy Developer
Quality Technology Services

7.1 Patch 004
SQL Server
Windows 2003
_attend WWRUG10 www.wwrug.com ARSlist: Where the Answers Are_

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are

Re: Single sign-in

[Steven Iocco]

Hi Dawn.  Would you be able to share the documentation with me?  This is 
something a client of mine would like to do.

Thanks.

Steve
 


Date: Thu, 17 Dec 2009 06:01:13 -0500
From: dawn.brumb...@perdue.com
Subject: Single sign-in
To: arslist@ARSLIST.ORG

** 



We are looking into implementing single sign-in for our users (I have gotten 
the BMC documentation to review).  I was wondering if anyone else has 
implemented this and would be willing to share if you had any issues 
implementing or since implementation and also see if you could provide any 
pointers.
 
Any information would be greatly appreciated.
 
Thanks!_Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers 
Are_  
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are

Re: Single sign-in

[Pierson, Shawn]

Dawn,

We tried to implement BMC's solution, and while I got it working, it didn't 
work for everyone, and there was no good way to troubleshoot it.  We also tried 
another product from JSS that did work, but management decided not to proceed 
with purchasing it at this time.

Shawn Pierson

From: Action Request System discussion list(ARSList) 
[mailto:arsl...@arslist.org] On Behalf Of Brumbley, Dawn
Sent: Thursday, December 17, 2009 5:01 AM
To: arslist@ARSLIST.ORG
Subject: Single sign-in

**
We are looking into implementing single sign-in for our users (I have gotten 
the BMC documentation to review).  I was wondering if anyone else has 
implemented this and would be willing to share if you had any issues 
implementing or since implementation and also see if you could provide any 
pointers.

Any information would be greatly appreciated.

Thanks!
_Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers Are_

Private and confidential as detailed here: 
http://www.sug.com/disclaimers/default.htm#Mail . If you cannot access the 
link, please e-mail sender.

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are

Re: Single sign-in

[Easter, David]

Documentation is found here:

16-Oct-2006 Integrating BMC Remedy Action Request System with Single Sign-On 
(SSO) and Other Client-Side Login Intercept Technologies 
PDFhttp://documents.bmc.com/supportu/documents/57/12/65712/65712.pdf


-David J. Easter
Sr. Product Manager, Solution Strategy and Development
BMC Software, Inc.

The opinions, statements, and/or suggested courses of action expressed in this 
E-mail do not necessarily reflect those of BMC Software, Inc.  My voluntary 
participation in this forum is not intended to convey a role as a spokesperson, 
liaison or public relations representative for BMC Software, Inc.

From: Action Request System discussion list(ARSList) 
[mailto:arsl...@arslist.org] On Behalf Of Steven Iocco
Sent: Thursday, December 17, 2009 8:01 AM
To: arslist@ARSLIST.ORG
Subject: Re: Single sign-in

**
Hi Dawn.  Would you be able to share the documentation with me?  This is 
something a client of mine would like to do.
Thanks.
Steve


Date: Thu, 17 Dec 2009 06:01:13 -0500
From: dawn.brumb...@perdue.com
Subject: Single sign-in
To: arslist@ARSLIST.ORG

**
We are looking into implementing single sign-in for our users (I have gotten 
the BMC documentation to review).  I was wondering if anyone else has 
implemented this and would be willing to share if you had any issues 
implementing or since implementation and also see if you could provide any 
pointers.

Any information would be greatly appreciated.

Thanks!
_Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers Are_
_Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers Are_

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are

Re: Single sign-in

[patrick zandi]

you should use the Free one Devtechnology Group has
We have it working at DLA, Marines, and other locations.. It is
configurable..
Silly to pay money..



On Thu, Dec 17, 2009 at 1:17 PM, Pierson, Shawn shawn.pier...@sug.comwrote:

 **

 Dawn,



 We tried to implement BMC’s solution, and while I got it working, it didn’t
 work for everyone, and there was no good way to troubleshoot it.  We also
 tried another product from JSS that did work, but management decided not to
 proceed with purchasing it at this time.



 Shawn Pierson



 *From:* Action Request System discussion list(ARSList) [mailto:
 arsl...@arslist.org] *On Behalf Of *Brumbley, Dawn
 *Sent:* Thursday, December 17, 2009 5:01 AM
 *To:* arslist@ARSLIST.ORG
 *Subject:* Single sign-in



 **

 We are looking into implementing single sign-in for our users (I have
 gotten the BMC documentation to review).  I was wondering if anyone else has
 implemented this and would be willing to share if you had any issues
 implementing or since implementation and also see if you could provide any
 pointers.



 Any information would be greatly appreciated.



 Thanks!

 _Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers
 Are_
 Private and confidential as detailed 
 herehttp://www.sug.com/disclaimers/default.htm#Mail.
 If you cannot access hyperlink, please e-mail sender.
  _Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers
 Are_




-- 
Patrick Zandi

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are

Re: Single sign-in

[Tanner, Doug]

I like the sound of Free, where do I get it?
Thanks, Doug

From: Action Request System discussion list(ARSList) 
[mailto:arsl...@arslist.org] On Behalf Of patrick zandi
Sent: Thursday, December 17, 2009 2:37 PM
To: arslist@ARSLIST.ORG
Subject: Re: Single sign-in

**
you should use the Free one Devtechnology Group has
We have it working at DLA, Marines, and other locations.. It is configurable..
Silly to pay money..



On Thu, Dec 17, 2009 at 1:17 PM, Pierson, Shawn 
shawn.pier...@sug.commailto:shawn.pier...@sug.com wrote:
**
Dawn,

We tried to implement BMC's solution, and while I got it working, it didn't 
work for everyone, and there was no good way to troubleshoot it.  We also tried 
another product from JSS that did work, but management decided not to proceed 
with purchasing it at this time.

Shawn Pierson

From: Action Request System discussion list(ARSList) 
[mailto:arslist@ARSLIST.ORGmailto:arslist@ARSLIST.ORG] On Behalf Of Brumbley, 
Dawn
Sent: Thursday, December 17, 2009 5:01 AM
To: arslist@ARSLIST.ORGmailto:arslist@ARSLIST.ORG
Subject: Single sign-in

**
We are looking into implementing single sign-in for our users (I have gotten 
the BMC documentation to review).  I was wondering if anyone else has 
implemented this and would be willing to share if you had any issues 
implementing or since implementation and also see if you could provide any 
pointers.

Any information would be greatly appreciated.

Thanks!
_Platinum Sponsor: rmisoluti...@verizon.netmailto:rmisoluti...@verizon.net 
ARSlist: Where the Answers Are_
Private and confidential as detailed 
herehttp://www.sug.com/disclaimers/default.htm#Mail. If you cannot access 
hyperlink, please e-mail sender.
_Platinum Sponsor: rmisoluti...@verizon.netmailto:rmisoluti...@verizon.net 
ARSlist: Where the Answers Are_



--
Patrick Zandi
_Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers Are_


DISCLAIMER Important! This message is intended for the above named person(s) 
only and is CONFIDENTIAL AND PROPRIETARY. If you are not the intended recipient 
of this e-mail and have received it in error, please immediately notify the 
sender by return email and then delete it from your mailbox. This message may 
be protected by the attorney-client privilege and/or work product doctrine.  
Accessing, copying, disseminating or re-using any of the information contained 
in this e-mail by anyone other than the intended recipient is strictly 
prohibited. Finally, you should check this email and any attachments for the 
presence of viruses, as the sender accepts no liability for any damage caused 
by any virus transmitted by this email.  Thank you.


___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are

Re: Single sign-in

[Tony Worthington]

Do you have a link?

Tony Worthington | Sr. Technical Analyst | Kohl?s Department Stores
N56 W17000 Ridgewood Drive | Menomonee Falls, WI  53051 | office: (262) 
703-7763 | e-mail: tony.worthing...@kohls.com



From:
patrick zandi remedy...@gmail.com
To:
arslist@ARSLIST.ORG
Date:
12/17/2009 01:37 PM
Subject:
Re: Single sign-in
Sent by:
Action Request System discussion list(ARSList) arslist@ARSLIST.ORG



** 
you should use the Free one Devtechnology Group has
We have it working at DLA, Marines, and other locations.. It is 
configurable..
Silly to pay money.. 


 
On Thu, Dec 17, 2009 at 1:17 PM, Pierson, Shawn shawn.pier...@sug.com 
wrote:
** 
Dawn,
 
We tried to implement BMC?s solution, and while I got it working, it 
didn?t work for everyone, and there was no good way to troubleshoot it.  
We also tried another product from JSS that did work, but management 
decided not to proceed with purchasing it at this time.
 
Shawn Pierson
 
From: Action Request System discussion list(ARSList) [mailto:
arsl...@arslist.org] On Behalf Of Brumbley, Dawn
Sent: Thursday, December 17, 2009 5:01 AM
To: arslist@ARSLIST.ORG
Subject: Single sign-in
 
** 
We are looking into implementing single sign-in for our users (I have 
gotten the BMC documentation to review).  I was wondering if anyone else 
has implemented this and would be willing to share if you had any issues 
implementing or since implementation and also see if you could provide any 
pointers.
 
Any information would be greatly appreciated.
 
Thanks!
_Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers 
Are_ 
Private and confidential as detailed here. If you cannot access hyperlink, 
please e-mail sender. 
_Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers 
Are_ 



-- 
Patrick Zandi
_Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers 
Are_ 

**
CONFIDENTIALITY NOTICE: 
This is a transmission from Kohl's Department Stores, Inc.
and may contain information which is confidential and proprietary.
If you are not the addressee, any disclosure, copying or distribution or use of 
the contents of this message is expressly prohibited.
If you have received this transmission in error, please destroy it and notify 
us immediately at 262-703-7000.

CAUTION:
Internet and e-mail communications are Kohl's property and Kohl's reserves the 
right to retrieve and read any message created, sent and received.  Kohl's 
reserves the right to monitor messages by authorized Kohl's Associates at any 
time
without any further consent.

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are

Re: Single sign-in

[Pat Zandi]

michael.campb...@devtechnology.com

Sent from my iPhone

On Dec 17, 2009, at 4:01 PM, Tony Worthington tony.worthing...@kohls.com 
 wrote:



** Do you have a link?

Tony Worthington | Sr. Technical Analyst | Kohl’s Department Stores
N56 W17000 Ridgewood Drive | Menomonee Falls, WI  53051 | office: (262) 703-7763 
 | e-mail: tony.worthing...@kohls.com



From:   patrick zandi remedy...@gmail.com
To: arslist@ARSLIST.ORG
Date:   12/17/2009 01:37 PM
Subject:Re: Single sign-in
Sent by:	Action Request System discussion list(ARSList) arslist@ARSLIST.ORG 






**
you should use the Free one Devtechnology Group has
We have it working at DLA, Marines, and other locations.. It is  
configurable..

Silly to pay money..



On Thu, Dec 17, 2009 at 1:17 PM, Pierson, Shawn  
shawn.pier...@sug.com wrote:

**
Dawn,



We tried to implement BMC’s solution, and while I got it working, it 
 didn’t work for everyone, and there was no good way to troubleshoot 
 it.  We also tried another product from JSS that did work, but mana 
gement decided not to proceed with purchasing it at this time.




Shawn Pierson



From: Action Request System discussion list(ARSList)  
[mailto:arsl...@arslist.org] On Behalf Of Brumbley, Dawn

Sent: Thursday, December 17, 2009 5:01 AM
To: arslist@ARSLIST.ORG
Subject: Single sign-in



**

We are looking into implementing single sign-in for our users (I  
have gotten the BMC documentation to review).  I was wondering if  
anyone else has implemented this and would be willing to share if  
you had any issues implementing or since implementation and also see  
if you could provide any pointers.




Any information would be greatly appreciated.



Thanks!

_Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the  
Answers Are_


Private and confidential as detailed here. If you cannot access  
hyperlink, please e-mail sender.
_Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the  
Answers Are_




--
Patrick Zandi
_Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the  
Answers Are_

CONFIDENTIALITY NOTICE:
This is a transmission from Kohl's Department Stores, Inc.
and may contain information which is confidential and proprietary.
If you are not the addressee, any disclosure, copying or  
distribution or use of the contents of this message is expressly  
prohibited.
If you have received this transmission in error, please destroy it  
and notify us immediately at 262-703-7000.


CAUTION:
Internet and e-mail communications are Kohl's property and Kohl's  
reserves the right to retrieve and read any message created, sent  
and received. Kohl's reserves the right to monitor messages by  
authorized Kohl's Associates at any time

without any further consent.
_Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the  
Answers Are_


___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are

Re: Single sign-in

[Easter, David]

Michael has also graciously posted the Common Access Card (CAC) integration 
utilizing the SSO interface on the BMC Developer Network.  The integration is 
provided for the Remedy User client.  It can be found here:

http://communities.bmc.com/communities/docs/DOC-7066


-David J. Easter
Sr. Product Manager, Solution Strategy and Development
BMC Software, Inc.

The opinions, statements, and/or suggested courses of action expressed in this 
E-mail do not necessarily reflect those of BMC Software, Inc.  My voluntary 
participation in this forum is not intended to convey a role as a spokesperson, 
liaison or public relations representative for BMC Software, Inc.

From: Action Request System discussion list(ARSList) 
[mailto:arsl...@arslist.org] On Behalf Of Pat Zandi
Sent: Thursday, December 17, 2009 1:08 PM
To: arslist@ARSLIST.ORG
Subject: Re: Single sign-in

**

michael.campb...@devtechnology.commailto:michael.campb...@devtechnology.com

Sent from my iPhone

On Dec 17, 2009, at 4:01 PM, Tony Worthington 
tony.worthing...@kohls.commailto:tony.worthing...@kohls.com wrote:
** Do you have a link?

Tony Worthington | Sr. Technical Analyst | Kohl’s Department Stores
N56 W17000 Ridgewood Drive | Menomonee Falls, WI  53051 | office: (262) 
703-7763 | e-mail: tony.worthing...@kohls.commailto:tony.worthing...@kohls.com

From:

patrick zandi remedy...@gmail.commailto:remedy...@gmail.com

To:

arslist@ARSLIST.ORGmailto:arslist@ARSLIST.ORG

Date:

12/17/2009 01:37 PM

Subject:

Re: Single sign-in

Sent by:

Action Request System discussion list(ARSList) 
arslist@ARSLIST.ORGmailto:arslist@ARSLIST.ORG






**
you should use the Free one Devtechnology Group has
We have it working at DLA, Marines, and other locations.. It is configurable..
Silly to pay money..



On Thu, Dec 17, 2009 at 1:17 PM, Pierson, Shawn 
shawn.pier...@sug.commailto:shawn.pier...@sug.com wrote:
**

Dawn,



We tried to implement BMC’s solution, and while I got it working, it didn’t 
work for everyone, and there was no good way to troubleshoot it.  We also tried 
another product from JSS that did work, but management decided not to proceed 
with purchasing it at this time.



Shawn Pierson



From: Action Request System discussion list(ARSList) 
[mailto:arslist@ARSLIST.ORGmailto:arslist@ARSLIST.ORG] On Behalf Of Brumbley, 
Dawn
Sent: Thursday, December 17, 2009 5:01 AM
To: arslist@ARSLIST.ORGmailto:arslist@ARSLIST.ORG
Subject: Single sign-in



**

We are looking into implementing single sign-in for our users (I have gotten 
the BMC documentation to review).  I was wondering if anyone else has 
implemented this and would be willing to share if you had any issues 
implementing or since implementation and also see if you could provide any 
pointers.



Any information would be greatly appreciated.



Thanks!

_Platinum Sponsor: rmisoluti...@verizon.netmailto:rmisoluti...@verizon.net 
ARSlist: Where the Answers Are_

Private and confidential as detailed 
herehttp://www.sug.com/disclaimers/default.htm#Mail. If you cannot access 
hyperlink, please e-mail sender.
_Platinum Sponsor: rmisoluti...@verizon.netmailto:rmisoluti...@verizon.net 
ARSlist: Where the Answers Are_



--
Patrick Zandi
_Platinum Sponsor: rmisoluti...@verizon.netmailto:rmisoluti...@verizon.net 
ARSlist: Where the Answers Are_


CONFIDENTIALITY NOTICE:
This is a transmission from Kohl's Department Stores, Inc.
and may contain information which is confidential and proprietary.
If you are not the addressee, any disclosure, copying or distribution or use of 
the contents of this message is expressly prohibited.
If you have received this transmission in error, please destroy it and notify 
us immediately at 262-703-7000.

CAUTION:
Internet and e-mail communications are Kohl's property and Kohl's reserves the 
right to retrieve and read any message created, sent and received. Kohl's 
reserves the right to monitor messages by authorized Kohl's Associates at any 
time
without any further consent.
_Platinum Sponsor: rmisoluti...@verizon.netmailto:rmisoluti...@verizon.net 
ARSlist: Where the Answers Are_
_Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers Are_

Re: Single Sign-On (SiteMinder, Identity Manager)

[Rodriguez, Rafael J x23718]

Axton, after looking at the documentation this is exactly what I'm
looking for. The BMC white paper was extremely helpful.
 
I will give it a crack and let you know if I run into any issues.
 
Thanks again!
 
Rafael


From: Action Request System discussion list(ARSList)
[mailto:arsl...@arslist.org] On Behalf Of Axton
Sent: Wednesday, March 04, 2009 1:38 PM
To: arslist@ARSLIST.ORG
Subject: Re: Single Sign-On (SiteMinder, Identity Manager)
 
** With the approach I took, yes.  Are there other approaches?  Yes.
Will they require similar changes?  Probably.

Axton Grams

The opinions, statements, and/or suggested courses of action expressed
in this E-mail do not necessarily reflect those of BMC Software, Inc.
My voluntary participation in this forum is not intended to convey a
role as a spokesperson, liaison or public relations representative for
BMC Software, Inc.
On Wed, Mar 4, 2009 at 12:08 PM, Rodriguez, Rafael J x23718
rafael.rodrig...@broadridge.com wrote:
** 
Thanks Axton, I will take a look at the docs you provided. So are you
saying that in order to use SiteMinder you have to develop a custom AREA
plugin and make changes to login.jsp on Mid-Tier. Please bare with me as
this is my first exposure to SSO with Mid-tier. 
 


From: Action Request System discussion list(ARSList)
[mailto:arsl...@arslist.org] On Behalf Of Axton
Sent: Tuesday, March 03, 2009 3:44 PM

To: arslist@ARSLIST.ORG
Subject: Re: Single Sign-On (SiteMinder, Identity Manager)
 
** The Java System Solutions page on their sso plugin does the best job
I've found of illustrating how I've seen SSO implemented with the
mid-tier.


http://www.javasystemsolutions.com/jss/ssoplugin
http://www.javasystemsolutions.com/img/diagram/ssoplugin-midtier.png

Not endorsing the product, as I've never used it, but there is a good
write-up/illustrations on the page.

It involves writing a custom AREA plug-in as well as customizations to
login.jsp and custom servlets on the mid-tier server.  There are BMC
whitepapers on the subject as well, though I have not used them as we
developed the sso solution using a 6.0.1 mid-tier server which did not
have the Authenticator hooks the newer versions of mid-tier have.

We can keep the discussion on the list; other people may have things to
add and things to gain through visibility into the discussion.

Axton Grams

The opinions, statements, and/or suggested courses of action expressed
in this E-mail do not necessarily reflect those of BMC Software, Inc.
My voluntary participation in this forum is not intended to convey a
role as a spokesperson, liaison or public relations representative for
BMC Software, Inc.
On Tue, Mar 3, 2009 at 9:42 AM, Rodriguez, Rafael J x23718
rafael.rodrig...@broadridge.com wrote:
** 
Thanks Axton for the response. I'm aware that this would be a solution
just for Mid-Tier. Can you provide any documentation or direction on
this?
 
If you would be willing we can have a brief discussion outside of the
list?
 
Thanks
 
Rafael Rodriguez
Manager Midtier/Remedy Enterprise
Broadridge Financial Solutions Inc
201.714.3718
 
 


From: Action Request System discussion list(ARSList)
[mailto:arsl...@arslist.org] On Behalf Of Axton
Sent: Tuesday, March 03, 2009 10:07 AM
To: arslist@ARSLIST.ORG
Subject: Re: Single Sign-On (SiteMinder, Identity Manager)
** I have worked with SiteMinder sso integrations.  It was an sso
solution for the mid-tier; native clients still required a login.


Axton Grams

The opinions, statements, and/or suggested courses of action expressed
in this E-mail do not necessarily reflect those of BMC Software, Inc.
My voluntary participation in this forum is not intended to convey a
role as a spokesperson, liaison or public relations representative for
BMC Software, Inc.
On Tue, Mar 3, 2009 at 8:05 AM, Rodriguez, Rafael J x23718
rafael.rodrig...@broadridge.com wrote:
Hello,

Just wanted to find out if anyone has utilized SiteMinder or Identity
Manager to implement Single Sign-On in there environment?

Any ideas are welcome

Thanks

My environment is:
IIS 6
Tomcat Servlet for Mid-Tier.
ARS 7.0.1 Patch 6
SQL 2000
This message and any attachments are intended only for the use of the
addressee and
may contain information that is privileged and confidential. If the
reader of the
message is not the intended recipient or an authorized representative of
the
intended recipient, you are hereby notified that any dissemination of
this
communication is strictly prohibited. If you have received this
communication in
error, please notify us immediately by e-mail and delete the message and
any
attachments from your system.



___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are
 
__Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are
html___ 
This message

Re: Single Sign-On (SiteMinder, Identity Manager)

[Rodriguez, Rafael J x23718]

Thanks Axton, I will take a look at the docs you provided. So are you
saying that in order to use SiteMinder you have to develop a custom AREA
plugin and make changes to login.jsp on Mid-Tier. Please bare with me as
this is my first exposure to SSO with Mid-tier. 

 



From: Action Request System discussion list(ARSList)
[mailto:arsl...@arslist.org] On Behalf Of Axton
Sent: Tuesday, March 03, 2009 3:44 PM
To: arslist@ARSLIST.ORG
Subject: Re: Single Sign-On (SiteMinder, Identity Manager)

 

** The Java System Solutions page on their sso plugin does the best job
I've found of illustrating how I've seen SSO implemented with the
mid-tier.

http://www.javasystemsolutions.com/jss/ssoplugin
http://www.javasystemsolutions.com/img/diagram/ssoplugin-midtier.png

Not endorsing the product, as I've never used it, but there is a good
write-up/illustrations on the page.

It involves writing a custom AREA plug-in as well as customizations to
login.jsp and custom servlets on the mid-tier server.  There are BMC
whitepapers on the subject as well, though I have not used them as we
developed the sso solution using a 6.0.1 mid-tier server which did not
have the Authenticator hooks the newer versions of mid-tier have.

We can keep the discussion on the list; other people may have things to
add and things to gain through visibility into the discussion.

Axton Grams

The opinions, statements, and/or suggested courses of action expressed
in this E-mail do not necessarily reflect those of BMC Software, Inc.
My voluntary participation in this forum is not intended to convey a
role as a spokesperson, liaison or public relations representative for
BMC Software, Inc.

On Tue, Mar 3, 2009 at 9:42 AM, Rodriguez, Rafael J x23718
rafael.rodrig...@broadridge.com wrote:

** 

Thanks Axton for the response. I'm aware that this would be a solution
just for Mid-Tier. Can you provide any documentation or direction on
this?

 

If you would be willing we can have a brief discussion outside of the
list?

 

Thanks

 

Rafael Rodriguez

Manager Midtier/Remedy Enterprise

Broadridge Financial Solutions Inc

201.714.3718

 

 



From: Action Request System discussion list(ARSList)
[mailto:arsl...@arslist.org] On Behalf Of Axton
Sent: Tuesday, March 03, 2009 10:07 AM
To: arslist@ARSLIST.ORG
Subject: Re: Single Sign-On (SiteMinder, Identity Manager)

** I have worked with SiteMinder sso integrations.  It was an sso
solution for the mid-tier; native clients still required a login.



Axton Grams

The opinions, statements, and/or suggested courses of action expressed
in this E-mail do not necessarily reflect those of BMC Software, Inc.
My voluntary participation in this forum is not intended to convey a
role as a spokesperson, liaison or public relations representative for
BMC Software, Inc.

On Tue, Mar 3, 2009 at 8:05 AM, Rodriguez, Rafael J x23718
rafael.rodrig...@broadridge.com wrote:

Hello,

Just wanted to find out if anyone has utilized SiteMinder or Identity
Manager to implement Single Sign-On in there environment?

Any ideas are welcome

Thanks

My environment is:
IIS 6
Tomcat Servlet for Mid-Tier.
ARS 7.0.1 Patch 6
SQL 2000
This message and any attachments are intended only for the use of the
addressee and
may contain information that is privileged and confidential. If the
reader of the
message is not the intended recipient or an authorized representative of
the
intended recipient, you are hereby notified that any dissemination of
this
communication is strictly prohibited. If you have received this
communication in
error, please notify us immediately by e-mail and delete the message and
any
attachments from your system.



___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are

 

__Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are
html___ 

This message and any attachments are intended only for the use of the
addressee and
may contain information that is privileged and confidential. If the
reader of the 
message is not the intended recipient or an authorized representative of
the
intended recipient, you are hereby notified that any dissemination of
this
communication is strictly prohibited. If you have received this
communication in
error, please notify us immediately by e-mail and delete the message and
any
attachments from your system.
 
__Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are
html___


__Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are
html___ 


This message and any attachments are intended only for the use of the addressee 
and
may contain information that is privileged and confidential. If the reader of 
the 
message is not the intended recipient or an authorized representative of the
intended recipient, you are hereby notified that any dissemination of this
communication

Re: Single Sign-On (SiteMinder, Identity Manager)

[Axton]

With the approach I took, yes.  Are there other approaches?  Yes.  Will they
require similar changes?  Probably.

Axton Grams

The opinions, statements, and/or suggested courses of action expressed in
this E-mail do not necessarily reflect those of BMC Software, Inc.  My
voluntary participation in this forum is not intended to convey a role as a
spokesperson, liaison or public relations representative for BMC Software,
Inc.

On Wed, Mar 4, 2009 at 12:08 PM, Rodriguez, Rafael J x23718 
rafael.rodrig...@broadridge.com wrote:

 **

 Thanks Axton, I will take a look at the docs you provided. So are you
 saying that in order to use SiteMinder you have to develop a custom AREA
 plugin and make changes to login.jsp on Mid-Tier. Please bare with me as
 this is my first exposure to SSO with Mid-tier.


  --

 *From:* Action Request System discussion list(ARSList) [mailto:
 arsl...@arslist.org] *On Behalf Of *Axton
 *Sent:* Tuesday, March 03, 2009 3:44 PM
 *To:* arslist@ARSLIST.ORG
 *Subject:* Re: Single Sign-On (SiteMinder, Identity Manager)



 ** The Java System Solutions page on their sso plugin does the best job
 I've found of illustrating how I've seen SSO implemented with the mid-tier.


 http://www.javasystemsolutions.com/jss/ssoplugin
 http://www.javasystemsolutions.com/img/diagram/ssoplugin-midtier.png

 Not endorsing the product, as I've never used it, but there is a good
 write-up/illustrations on the page.

 It involves writing a custom AREA plug-in as well as customizations to
 login.jsp and custom servlets on the mid-tier server.  There are BMC
 whitepapers on the subject as well, though I have not used them as we
 developed the sso solution using a 6.0.1 mid-tier server which did not have
 the Authenticator hooks the newer versions of mid-tier have.

 We can keep the discussion on the list; other people may have things to add
 and things to gain through visibility into the discussion.

 Axton Grams

 The opinions, statements, and/or suggested courses of action expressed in
 this E-mail do not necessarily reflect those of BMC Software, Inc.  My
 voluntary participation in this forum is not intended to convey a role as a
 spokesperson, liaison or public relations representative for BMC Software,
 Inc.

 On Tue, Mar 3, 2009 at 9:42 AM, Rodriguez, Rafael J x23718 
 rafael.rodrig...@broadridge.com wrote:

 **

 Thanks Axton for the response. I'm aware that this would be a solution just
 for Mid-Tier. Can you provide any documentation or direction on this?



 If you would be willing we can have a brief discussion outside of the list?



 Thanks



 *Rafael Rodriguez***

 *Manager Midtier/Remedy Enterprise*

 *Broadridge Financial Solutions Inc*

 *201.714.3718*




  --

 *From:* Action Request System discussion list(ARSList) [mailto:
 arsl...@arslist.org] *On Behalf Of *Axton
 *Sent:* Tuesday, March 03, 2009 10:07 AM
 *To:* arslist@ARSLIST.ORG
 *Subject:* Re: Single Sign-On (SiteMinder, Identity Manager)

 ** I have worked with SiteMinder sso integrations.  It was an sso solution
 for the mid-tier; native clients still required a login.



 Axton Grams

 The opinions, statements, and/or suggested courses of action expressed in
 this E-mail do not necessarily reflect those of BMC Software, Inc.  My
 voluntary participation in this forum is not intended to convey a role as a
 spokesperson, liaison or public relations representative for BMC Software,
 Inc.

 On Tue, Mar 3, 2009 at 8:05 AM, Rodriguez, Rafael J x23718 
 rafael.rodrig...@broadridge.com wrote:

 Hello,

 Just wanted to find out if anyone has utilized SiteMinder or Identity
 Manager to implement Single Sign-On in there environment?

 Any ideas are welcome

 Thanks

 My environment is:
 IIS 6
 Tomcat Servlet for Mid-Tier.
 ARS 7.0.1 Patch 6
 SQL 2000
 This message and any attachments are intended only for the use of the
 addressee and
 may contain information that is privileged and confidential. If the reader
 of the
 message is not the intended recipient or an authorized representative of
 the
 intended recipient, you are hereby notified that any dissemination of this
 communication is strictly prohibited. If you have received this
 communication in
 error, please notify us immediately by e-mail and delete the message and
 any
 attachments from your system.



 ___
 UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
 Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are



 __Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are html___

 This message and any attachments are intended only for the use of the 
 addressee and

 may contain information that is privileged and confidential. If the reader of 
 the

 message is not the intended recipient or an authorized representative of the

 intended recipient, you are hereby notified that any dissemination of this

 communication is strictly

Re: Single Sign-On (SiteMinder, Identity Manager)

[Danny Kellett]

In any instance you will have to create your own AREA plugin

 

From: Action Request System discussion list(ARSList)
[mailto:arsl...@arslist.org] On Behalf Of Axton
Sent: 04 March 2009 18:38
To: arslist@ARSLIST.ORG
Subject: Re: Single Sign-On (SiteMinder, Identity Manager)

 

** With the approach I took, yes.  Are there other approaches?  Yes.  Will
they require similar changes?  Probably.

Axton Grams

The opinions, statements, and/or suggested courses of action expressed in
this E-mail do not necessarily reflect those of BMC Software, Inc.  My
voluntary participation in this forum is not intended to convey a role as a
spokesperson, liaison or public relations representative for BMC Software,
Inc.

On Wed, Mar 4, 2009 at 12:08 PM, Rodriguez, Rafael J x23718
rafael.rodrig...@broadridge.com wrote:

** 

Thanks Axton, I will take a look at the docs you provided. So are you saying
that in order to use SiteMinder you have to develop a custom AREA plugin and
make changes to login.jsp on Mid-Tier. Please bare with me as this is my
first exposure to SSO with Mid-tier. 

 

  _  

From: Action Request System discussion list(ARSList)
[mailto:arsl...@arslist.org] On Behalf Of Axton
Sent: Tuesday, March 03, 2009 3:44 PM


To: arslist@ARSLIST.ORG
Subject: Re: Single Sign-On (SiteMinder, Identity Manager)

 

** The Java System Solutions page on their sso plugin does the best job I've
found of illustrating how I've seen SSO implemented with the mid-tier.



http://www.javasystemsolutions.com/jss/ssoplugin
http://www.javasystemsolutions.com/img/diagram/ssoplugin-midtier.png

Not endorsing the product, as I've never used it, but there is a good
write-up/illustrations on the page.

It involves writing a custom AREA plug-in as well as customizations to
login.jsp and custom servlets on the mid-tier server.  There are BMC
whitepapers on the subject as well, though I have not used them as we
developed the sso solution using a 6.0.1 mid-tier server which did not have
the Authenticator hooks the newer versions of mid-tier have.

We can keep the discussion on the list; other people may have things to add
and things to gain through visibility into the discussion.

Axton Grams


The opinions, statements, and/or suggested courses of action expressed in
this E-mail do not necessarily reflect those of BMC Software, Inc.  My
voluntary participation in this forum is not intended to convey a role as a
spokesperson, liaison or public relations representative for BMC Software,
Inc.

On Tue, Mar 3, 2009 at 9:42 AM, Rodriguez, Rafael J x23718
rafael.rodrig...@broadridge.com wrote:

** 

Thanks Axton for the response. I'm aware that this would be a solution just
for Mid-Tier. Can you provide any documentation or direction on this?

 

If you would be willing we can have a brief discussion outside of the list?

 

Thanks

 

Rafael Rodriguez

Manager Midtier/Remedy Enterprise

Broadridge Financial Solutions Inc

201.714.3718

 

 

  _  

From: Action Request System discussion list(ARSList)
[mailto:arsl...@arslist.org] On Behalf Of Axton
Sent: Tuesday, March 03, 2009 10:07 AM
To: arslist@ARSLIST.ORG
Subject: Re: Single Sign-On (SiteMinder, Identity Manager)

** I have worked with SiteMinder sso integrations.  It was an sso solution
for the mid-tier; native clients still required a login.



Axton Grams

The opinions, statements, and/or suggested courses of action expressed in
this E-mail do not necessarily reflect those of BMC Software, Inc.  My
voluntary participation in this forum is not intended to convey a role as a
spokesperson, liaison or public relations representative for BMC Software,
Inc.

On Tue, Mar 3, 2009 at 8:05 AM, Rodriguez, Rafael J x23718
rafael.rodrig...@broadridge.com wrote:

Hello,

Just wanted to find out if anyone has utilized SiteMinder or Identity
Manager to implement Single Sign-On in there environment?

Any ideas are welcome

Thanks

My environment is:
IIS 6
Tomcat Servlet for Mid-Tier.
ARS 7.0.1 Patch 6
SQL 2000
This message and any attachments are intended only for the use of the
addressee and
may contain information that is privileged and confidential. If the reader
of the
message is not the intended recipient or an authorized representative of the
intended recipient, you are hereby notified that any dissemination of this
communication is strictly prohibited. If you have received this
communication in
error, please notify us immediately by e-mail and delete the message and any
attachments from your system.



___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are

 

__Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are html___ 

This message and any attachments are intended only for the use of the
addressee and
may contain information that is privileged and confidential. If the reader
of the 
message is not the intended recipient or an authorized

Re: Single Sign-On (SiteMinder, Identity Manager)

[Rodriguez, Rafael J x23718]

Thanks Axton for the response. I'm aware that this would be a solution
just for Mid-Tier. Can you provide any documentation or direction on
this?
 
If you would be willing we can have a brief discussion outside of the
list?
 
Thanks
 
Rafael Rodriguez

Manager Midtier/Remedy Enterprise

Broadridge Financial Solutions Inc

201.714.3718

 



From: Action Request System discussion list(ARSList)
[mailto:arsl...@arslist.org] On Behalf Of Axton
Sent: Tuesday, March 03, 2009 10:07 AM
To: arslist@ARSLIST.ORG
Subject: Re: Single Sign-On (SiteMinder, Identity Manager)


** I have worked with SiteMinder sso integrations.  It was an sso
solution for the mid-tier; native clients still required a login.

Axton Grams

The opinions, statements, and/or suggested courses of action expressed
in this E-mail do not necessarily reflect those of BMC Software, Inc.
My voluntary participation in this forum is not intended to convey a
role as a spokesperson, liaison or public relations representative for
BMC Software, Inc.


On Tue, Mar 3, 2009 at 8:05 AM, Rodriguez, Rafael J x23718
rafael.rodrig...@broadridge.com wrote:


Hello,

Just wanted to find out if anyone has utilized SiteMinder or
Identity
Manager to implement Single Sign-On in there environment?

Any ideas are welcome

Thanks

My environment is:
IIS 6
Tomcat Servlet for Mid-Tier.
ARS 7.0.1 Patch 6
SQL 2000
This message and any attachments are intended only for the use
of the addressee and
may contain information that is privileged and confidential. If
the reader of the
message is not the intended recipient or an authorized
representative of the
intended recipient, you are hereby notified that any
dissemination of this
communication is strictly prohibited. If you have received this
communication in
error, please notify us immediately by e-mail and delete the
message and any
attachments from your system.




___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are



__Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are
html___ 

This message and any attachments are intended only for the use of the addressee 
and
may contain information that is privileged and confidential. If the reader of 
the 
message is not the intended recipient or an authorized representative of the
intended recipient, you are hereby notified that any dissemination of this
communication is strictly prohibited. If you have received this communication in
error, please notify us immediately by e-mail and delete the message and any
attachments from your system.


___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are

Re: Single Sign-On (SiteMinder, Identity Manager)

[Axton]

The Java System Solutions page on their sso plugin does the best job I've
found of illustrating how I've seen SSO implemented with the mid-tier.

http://www.javasystemsolutions.com/jss/ssoplugin
http://www.javasystemsolutions.com/img/diagram/ssoplugin-midtier.png

Not endorsing the product, as I've never used it, but there is a good
write-up/illustrations on the page.

It involves writing a custom AREA plug-in as well as customizations to
login.jsp and custom servlets on the mid-tier server.  There are BMC
whitepapers on the subject as well, though I have not used them as we
developed the sso solution using a 6.0.1 mid-tier server which did not have
the Authenticator hooks the newer versions of mid-tier have.

We can keep the discussion on the list; other people may have things to add
and things to gain through visibility into the discussion.

Axton Grams

The opinions, statements, and/or suggested courses of action expressed in
this E-mail do not necessarily reflect those of BMC Software, Inc.  My
voluntary participation in this forum is not intended to convey a role as a
spokesperson, liaison or public relations representative for BMC Software,
Inc.

On Tue, Mar 3, 2009 at 9:42 AM, Rodriguez, Rafael J x23718 
rafael.rodrig...@broadridge.com wrote:

 ** Thanks Axton for the response. I'm aware that this would be a solution
 just for Mid-Tier. Can you provide any documentation or direction on this?

 If you would be willing we can have a brief discussion outside of the list?

 Thanks

 *

 Rafael Rodriguez

 Manager Midtier/Remedy Enterprise

 Broadridge Financial Solutions Inc

 201.714.3718
 *


  --
 *From:* Action Request System discussion list(ARSList) [mailto:
 arsl...@arslist.org] *On Behalf Of *Axton
 *Sent:* Tuesday, March 03, 2009 10:07 AM
 *To:* arslist@ARSLIST.ORG
 *Subject:* Re: Single Sign-On (SiteMinder, Identity Manager)

 ** I have worked with SiteMinder sso integrations.  It was an sso solution
 for the mid-tier; native clients still required a login.


 Axton Grams

 The opinions, statements, and/or suggested courses of action expressed in
 this E-mail do not necessarily reflect those of BMC Software, Inc.  My
 voluntary participation in this forum is not intended to convey a role as a
 spokesperson, liaison or public relations representative for BMC Software,
 Inc.

 On Tue, Mar 3, 2009 at 8:05 AM, Rodriguez, Rafael J x23718 
 rafael.rodrig...@broadridge.com wrote:

 Hello,

 Just wanted to find out if anyone has utilized SiteMinder or Identity
 Manager to implement Single Sign-On in there environment?

 Any ideas are welcome

 Thanks

 My environment is:
 IIS 6
 Tomcat Servlet for Mid-Tier.
 ARS 7.0.1 Patch 6
 SQL 2000
 This message and any attachments are intended only for the use of the
 addressee and
 may contain information that is privileged and confidential. If the reader
 of the
 message is not the intended recipient or an authorized representative of
 the
 intended recipient, you are hereby notified that any dissemination of this
 communication is strictly prohibited. If you have received this
 communication in
 error, please notify us immediately by e-mail and delete the message and
 any
 attachments from your system.



 ___
 UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
 Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are


 __Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are html___

 This message and any attachments are intended only for the use of the 
 addressee and
 may contain information that is privileged and confidential. If the reader of 
 the
 message is not the intended recipient or an authorized representative of the
 intended recipient, you are hereby notified that any dissemination of this
 communication is strictly prohibited. If you have received this communication 
 in
 error, please notify us immediately by e-mail and delete the message and any
 attachments from your system.

 __Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are html___



___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are

Re: Single Sign-on...

[Gidd]

David,

Consider the following scenario: A client implements an SSO integration and
naturally has to make various modifications to the out of the box sample
code. 

Question 1: Will BMC rubber stamp the SSO implementation as secure and fit
for purpose?

The solution is deployed in an enterprise with thousands of users and after
a while they discover that some users are being asked to provide Windows
login credentials when accessing the Midtier. A call is placed to BMC
support who can not diagnose the situation. 

Question 2. Can the user escalate the problem and get a priority resolution
from BMC?

Thanks !!

 

Regards...Gidd


  _  

From: Action Request System discussion list(ARSList)
[mailto:arsl...@arslist.org] On Behalf Of Easter, David
Sent: Wednesday, January 14, 2009 10:19 AM
To: arslist@ARSLIST.ORG
Subject: Re: Single Sign-on...


** 
Sample code is provided as is without warranty.  However, if an issue is
found with a supported portion of AR System (the AREA plug-in server,
Mid-Tier, DLL integration with Remedy User, etc.) while using the sample
code - and the issue can be isolated from the sample code or customer
generated code - then, of course, BMC Support would treat the issue as a
supported one.  As has been the tradition in Support, most Support
technicians will also attempt to provide best effort in answering questions
or helping customers with issues even if not officially supported.
 
 
-David J. Easter
Sr. Product Manager, Solution Strategy and Development
BMC Software, Inc.
 
The opinions, statements, and/or suggested courses of action expressed in
this E-mail do not necessarily reflect those of BMC Software, Inc.  My
voluntary participation in this forum is not intended to convey a role as a
spokesperson, liaison or public relations representative for BMC Software,
Inc.
 
  _  

From: Action Request System discussion list(ARSList)
[mailto:arsl...@arslist.org] On Behalf Of Danny Kellett
Sent: Wednesday, January 14, 2009 9:53 AM
To: arslist@ARSLIST.ORG
Subject: Re: Single Sign-on...


** 

David,

 

What is the BMC Support standpoint if a customer uses the sample code from
the support site and has issues with it? E.g. compiling, crashes the
arplugin server etc?

 

Thanks

Danny

 

From: Action Request System discussion list(ARSList)
[mailto:arsl...@arslist.org] On Behalf Of Easter, David
Sent: 14 January 2009 17:31
To: arslist@ARSLIST.ORG
Subject: Re: Single Sign-on...

 

** 

The ability to integrate with SSO through either the WUT or the Mid-Tier was
provided as part of AR System 7.0.01 back in 2006.  This capability is still
supported an the white paper provides additional information to individuals
wishing to take advantage of the interface.

 

I'm not sure what your question is asking, but the interface continues to be
supported.  No major changes have been made to the interfaces since AR
System 7.0.01.

 

 

-David J. Easter

Sr. Product Manager, Solution Strategy and Development

BMC Software, Inc.

 

The opinions, statements, and/or suggested courses of action expressed in
this E-mail do not necessarily reflect those of BMC Software, Inc.  My
voluntary participation in this forum is not intended to convey a role as a
spokesperson, liaison or public relations representative for BMC Software,
Inc.

 

  _  

From: Action Request System discussion list(ARSList)
[mailto:arsl...@arslist.org] On Behalf Of patrick zandi
Sent: Tuesday, January 13, 2009 5:38 PM
To: arslist@ARSLIST.ORG
Subject: Re: Single Sign-on...

** 

Dave, 

Are you saying BMC is starting to provide additional support for this
application? 

Are there any updates? to the code ?

On Tue, Jan 13, 2009 at 4:42 PM, Easter, David david_eas...@bmc.com wrote:

** 

There is also a white paper available on BMC Support Central on how to
integrate an SSO solution with AR System.

 


16-Oct-2006

Integrating BMC Remedy Action Request System with
Single Sign-On (SSO) and Other Client-Side Login Intercept Technologies

PDF
http://www.bmc.com/supportu/documents/57/12/65712/65712.pdf  

 

 

-David J. Easter

Sr. Product Manager, Solution Strategy and Development

BMC Software, Inc.

 

The opinions, statements, and/or suggested courses of action expressed in
this E-mail do not necessarily reflect those of BMC Software, Inc.  My
voluntary participation in this forum is not intended to convey a role as a
spokesperson, liaison or public relations representative for BMC Software,
Inc.

 

  _  

From: Action Request System discussion list(ARSList)
[mailto:arsl...@arslist.org] On Behalf Of Richard Copits
Sent: Tuesday, January 13, 2009 12:44 PM
To: arslist@ARSLIST.ORG
Subject: Single Sign-on...

** 

Has anyone implemented a single signon in a 7.1 system and XP clients? How
difficult is it? Any information on

how to proceed would be appreciated... Thanks!

 

 

 

The fact that someone owns a hammer and a saw doesn't make them a
carpenter 

 


Portions

Re: Single Sign-on...

[Richard Copits]

Thanks Dave!!

 

 

 

The fact that someone owns a hammer and a saw doesn't make them a
carpenter 

 

From: Action Request System discussion list(ARSList)
[mailto:arsl...@arslist.org] On Behalf Of Easter, David
Sent: Tuesday, January 13, 2009 4:43 PM
To: arslist@ARSLIST.ORG
Subject: Re: Single Sign-on...

 

** 

There is also a white paper available on BMC Support Central on how to
integrate an SSO solution with AR System.

 

16-Oct-2006 Integrating BMC Remedy Action Request System with Single
Sign-On (SSO) and Other Client-Side Login Intercept Technologies PDF
http://www.bmc.com/supportu/documents/57/12/65712/65712.pdf  

 

 

-David J. Easter

Sr. Product Manager, Solution Strategy and Development

BMC Software, Inc.

 

The opinions, statements, and/or suggested courses of action expressed
in this E-mail do not necessarily reflect those of BMC Software, Inc.
My voluntary participation in this forum is not intended to convey a
role as a spokesperson, liaison or public relations representative for
BMC Software, Inc.

 



From: Action Request System discussion list(ARSList)
[mailto:arsl...@arslist.org] On Behalf Of Richard Copits
Sent: Tuesday, January 13, 2009 12:44 PM
To: arslist@ARSLIST.ORG
Subject: Single Sign-on...

** 

Has anyone implemented a single signon in a 7.1 system and XP clients?
How difficult is it? Any information on

how to proceed would be appreciated... Thanks!

 

 

 

The fact that someone owns a hammer and a saw doesn't make them a
carpenter 

 


Portions of this message may be confidential under an exemption to
Ohio's public records law or under a legal privilege. If you have
received this message in error or due to an unauthorized transmission or
interception, please delete all copies from your system without
disclosing, copying, or transmitting this message. __Platinum Sponsor:
RMI Solutions ARSlist: Where the Answers Are html___ 

__Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are
html___ 


Portions of this message may be confidential under an exemption to Ohio's 
public records law or under a legal privilege. If you have received this 
message in error or due to an unauthorized transmission or interception, please 
delete all copies from your system without disclosing, copying, or transmitting 
this message.

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are

Re: Single Sign-on...

[Easter, David]

The ability to integrate with SSO through either the WUT or the Mid-Tier
was provided as part of AR System 7.0.01 back in 2006.  This capability
is still supported an the white paper provides additional information to
individuals wishing to take advantage of the interface.
 
I'm not sure what your question is asking, but the interface continues
to be supported.  No major changes have been made to the interfaces
since AR System 7.0.01.
 
 
-David J. Easter
Sr. Product Manager, Solution Strategy and Development
BMC Software, Inc.
 
The opinions, statements, and/or suggested courses of action expressed
in this E-mail do not necessarily reflect those of BMC Software, Inc.
My voluntary participation in this forum is not intended to convey a
role as a spokesperson, liaison or public relations representative for
BMC Software, Inc.



From: Action Request System discussion list(ARSList)
[mailto:arsl...@arslist.org] On Behalf Of patrick zandi
Sent: Tuesday, January 13, 2009 5:38 PM
To: arslist@ARSLIST.ORG
Subject: Re: Single Sign-on...


** 
Dave, 
Are you saying BMC is starting to provide additional support for this
application? 
Are there any updates? to the code ?


On Tue, Jan 13, 2009 at 4:42 PM, Easter, David david_eas...@bmc.com
wrote:


** 
There is also a white paper available on BMC Support Central on
how to integrate an SSO solution with AR System.
 

16-Oct-2006 Integrating BMC Remedy Action
Request System with Single Sign-On (SSO) and Other Client-Side Login
Intercept Technologies  PDF
http://www.bmc.com/supportu/documents/57/12/65712/65712.pdf   
 

 
-David J. Easter
Sr. Product Manager, Solution Strategy and Development
BMC Software, Inc.
 
The opinions, statements, and/or suggested courses of action
expressed in this E-mail do not necessarily reflect those of BMC
Software, Inc.  My voluntary participation in this forum is not intended
to convey a role as a spokesperson, liaison or public relations
representative for BMC Software, Inc.
 


From: Action Request System discussion list(ARSList)
[mailto:arsl...@arslist.org] On Behalf Of Richard Copits
Sent: Tuesday, January 13, 2009 12:44 PM
To: arslist@ARSLIST.ORG
Subject: Single Sign-on...


** 

Has anyone implemented a single signon in a 7.1 system and XP
clients? How difficult is it? Any information on

how to proceed would be appreciated... Thanks!

 

 

 

The fact that someone owns a hammer and a saw doesn't make them
a carpenter 

 


Portions of this message may be confidential under an exemption
to Ohio's public records law or under a legal privilege. If you have
received this message in error or due to an unauthorized transmission or
interception, please delete all copies from your system without
disclosing, copying, or transmitting this message. __Platinum Sponsor:
RMI Solutions ARSlist: Where the Answers Are html___ 
__Platinum Sponsor: RMI Solutions ARSlist: Where the Answers
Are html___ 




-- 
Patrick Zandi
__Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are
html___ 

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are

Re: Single Sign-on...

[Danny Kellett]

David,

 

What is the BMC Support standpoint if a customer uses the sample code from
the support site and has issues with it? E.g. compiling, crashes the
arplugin server etc?

 

Thanks

Danny

 

From: Action Request System discussion list(ARSList)
[mailto:arsl...@arslist.org] On Behalf Of Easter, David
Sent: 14 January 2009 17:31
To: arslist@ARSLIST.ORG
Subject: Re: Single Sign-on...

 

** 

The ability to integrate with SSO through either the WUT or the Mid-Tier was
provided as part of AR System 7.0.01 back in 2006.  This capability is still
supported an the white paper provides additional information to individuals
wishing to take advantage of the interface.

 

I'm not sure what your question is asking, but the interface continues to be
supported.  No major changes have been made to the interfaces since AR
System 7.0.01.

 

 

-David J. Easter

Sr. Product Manager, Solution Strategy and Development

BMC Software, Inc.

 

The opinions, statements, and/or suggested courses of action expressed in
this E-mail do not necessarily reflect those of BMC Software, Inc.  My
voluntary participation in this forum is not intended to convey a role as a
spokesperson, liaison or public relations representative for BMC Software,
Inc.

 

  _  

From: Action Request System discussion list(ARSList)
[mailto:arsl...@arslist.org] On Behalf Of patrick zandi
Sent: Tuesday, January 13, 2009 5:38 PM
To: arslist@ARSLIST.ORG
Subject: Re: Single Sign-on...

** 

Dave, 

Are you saying BMC is starting to provide additional support for this
application? 

Are there any updates? to the code ?

On Tue, Jan 13, 2009 at 4:42 PM, Easter, David david_eas...@bmc.com wrote:

** 

There is also a white paper available on BMC Support Central on how to
integrate an SSO solution with AR System.

 


16-Oct-2006

Integrating BMC Remedy Action Request System with
Single Sign-On (SSO) and Other Client-Side Login Intercept Technologies

PDF
http://www.bmc.com/supportu/documents/57/12/65712/65712.pdf  

 

 

-David J. Easter

Sr. Product Manager, Solution Strategy and Development

BMC Software, Inc.

 

The opinions, statements, and/or suggested courses of action expressed in
this E-mail do not necessarily reflect those of BMC Software, Inc.  My
voluntary participation in this forum is not intended to convey a role as a
spokesperson, liaison or public relations representative for BMC Software,
Inc.

 

  _  

From: Action Request System discussion list(ARSList)
[mailto:arsl...@arslist.org] On Behalf Of Richard Copits
Sent: Tuesday, January 13, 2009 12:44 PM
To: arslist@ARSLIST.ORG
Subject: Single Sign-on...

** 

Has anyone implemented a single signon in a 7.1 system and XP clients? How
difficult is it? Any information on

how to proceed would be appreciated... Thanks!

 

 

 

The fact that someone owns a hammer and a saw doesn't make them a
carpenter 

 


Portions of this message may be confidential under an exemption to Ohio's
public records law or under a legal privilege. If you have received this
message in error or due to an unauthorized transmission or interception,
please delete all copies from your system without disclosing, copying, or
transmitting this message. __Platinum Sponsor: RMI Solutions ARSlist: Where
the Answers Are html___ 

__Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are html___ 




-- 
Patrick Zandi
__Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are html___ 

__Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are html___ 


___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are

Re: Single Sign-on...

[Gidd]

Richard,
 
Java Systems has an OOTB SSO solution that is sweet.  
 
Here is a link to their products:
http://www.javasystemsolutions.com/jss/solutions
 
You might like to ping Tim Widowfield, he has done a few
integrations for them.
 
 
HTH
 
 
Regards...Gidd

  _  

From: Action Request System discussion list(ARSList)
[mailto:arsl...@arslist.org] On Behalf Of Richard Copits
Sent: Tuesday, January 13, 2009 12:44 PM
To: arslist@ARSLIST.ORG
Subject: Single Sign-on...


** 

Has anyone implemented a single signon in a 7.1 system and XP clients? How
difficult is it? Any information on

how to proceed would be appreciated... Thanks!

 

 

 

The fact that someone owns a hammer and a saw doesn't make them a
carpenter 

 


Portions of this message may be confidential under an exemption to Ohio's
public records law or under a legal privilege. If you have received this
message in error or due to an unauthorized transmission or interception,
please delete all copies from your system without disclosing, copying, or
transmitting this message. __Platinum Sponsor: RMI Solutions ARSlist: Where
the Answers Are html___ 

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are

Re: Single Sign-on...

[Richard Copits]

Thanks!

 

 

 

The fact that someone owns a hammer and a saw doesn't make them a
carpenter 

 

From: Action Request System discussion list(ARSList)
[mailto:arsl...@arslist.org] On Behalf Of Gidd
Sent: Tuesday, January 13, 2009 3:52 PM
To: arslist@ARSLIST.ORG
Subject: Re: Single Sign-on...

 

** 

Richard,

 

Java Systems has an OOTB SSO solution that is sweet.  

 

Here is a link to their products:

http://www.javasystemsolutions.com/jss/solutions

 

You might like to ping Tim Widowfield, he has done a few

integrations for them.

 

 

HTH

 

 

Regards...Gidd

 



From: Action Request System discussion list(ARSList)
[mailto:arsl...@arslist.org] On Behalf Of Richard Copits
Sent: Tuesday, January 13, 2009 12:44 PM
To: arslist@ARSLIST.ORG
Subject: Single Sign-on...

** 

Has anyone implemented a single signon in a 7.1 system and XP clients?
How difficult is it? Any information on

how to proceed would be appreciated... Thanks!

 

 

 

The fact that someone owns a hammer and a saw doesn't make them a
carpenter 

 


Portions of this message may be confidential under an exemption to
Ohio's public records law or under a legal privilege. If you have
received this message in error or due to an unauthorized transmission or
interception, please delete all copies from your system without
disclosing, copying, or transmitting this message. __Platinum Sponsor:
RMI Solutions ARSlist: Where the Answers Are html___ 

__Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are
html___ 



Portions of this message may be confidential under an exemption to Ohio's 
public records law or under a legal privilege. If you have received this 
message in error or due to an unauthorized transmission or interception, please 
delete all copies from your system without disclosing, copying, or transmitting 
this message.

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are

Re: Single Sign-on...

[Easter, David]

There is also a white paper available on BMC Support Central on how to
integrate an SSO solution with AR System.
 
16-Oct-2006 Integrating BMC Remedy Action Request System
with Single Sign-On (SSO) and Other Client-Side Login Intercept
Technologies PDF
http://www.bmc.com/supportu/documents/57/12/65712/65712.pdf  
 
 
-David J. Easter
Sr. Product Manager, Solution Strategy and Development
BMC Software, Inc.
 
The opinions, statements, and/or suggested courses of action expressed
in this E-mail do not necessarily reflect those of BMC Software, Inc.
My voluntary participation in this forum is not intended to convey a
role as a spokesperson, liaison or public relations representative for
BMC Software, Inc.
 


From: Action Request System discussion list(ARSList)
[mailto:arsl...@arslist.org] On Behalf Of Richard Copits
Sent: Tuesday, January 13, 2009 12:44 PM
To: arslist@ARSLIST.ORG
Subject: Single Sign-on...


** 

Has anyone implemented a single signon in a 7.1 system and XP clients?
How difficult is it? Any information on

how to proceed would be appreciated... Thanks!

 

 

 

The fact that someone owns a hammer and a saw doesn't make them a
carpenter 

 


Portions of this message may be confidential under an exemption to
Ohio's public records law or under a legal privilege. If you have
received this message in error or due to an unauthorized transmission or
interception, please delete all copies from your system without
disclosing, copying, or transmitting this message. __Platinum Sponsor:
RMI Solutions ARSlist: Where the Answers Are html___ 

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are

Re: Single Sign-on...

[patrick zandi]

Dave,
Are you saying BMC is starting to provide additional support for this
application?
Are there any updates? to the code ?

On Tue, Jan 13, 2009 at 4:42 PM, Easter, David david_eas...@bmc.com wrote:

 ** There is also a white paper available on BMC Support Central on how to
 integrate an SSO solution with AR System.

   16-Oct-2006  Integrating BMC Remedy Action Request System with Single
 Sign-On (SSO) and Other Client-Side Login Intercept Technologies  
 PDFhttp://www.bmc.com/supportu/documents/57/12/65712/65712.pdf


 -David J. Easter
 Sr. Product Manager, Solution Strategy and Development
 BMC Software, Inc.

 The opinions, statements, and/or suggested courses of action expressed in
 this E-mail do not necessarily reflect those of BMC Software, Inc.  My
 voluntary participation in this forum is not intended to convey a role as a
 spokesperson, liaison or public relations representative for BMC Software,
 Inc.

  --
 *From:* Action Request System discussion list(ARSList) [mailto:
 arsl...@arslist.org] *On Behalf Of *Richard Copits
 *Sent:* Tuesday, January 13, 2009 12:44 PM
 *To:* arslist@ARSLIST.ORG
 *Subject:* Single Sign-on...

 **

 Has anyone implemented a single signon in a 7.1 system and XP clients? How
 difficult is it? Any information on

 how to proceed would be appreciated... Thanks!



 * *

 * *

 *The fact that someone owns a hammer and a saw doesn't make them a
 carpenter** *



 Portions of this message may be confidential under an exemption to Ohio's
 public records law or under a legal privilege. If you have received this
 message in error or due to an unauthorized transmission or interception,
 please delete all copies from your system without disclosing, copying, or
 transmitting this message. __Platinum Sponsor: RMI Solutions ARSlist: Where
 the Answers Are html___
  __Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are
 html___




-- 
Patrick Zandi

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are

Re: Single Sign On (SSO) Issue

[Begosh, Kevin]

Well one error message you are getting is this

 

- Connects to ARServer servername through Java Rpc failed with: ERROR
(90): Cannot establish a network connection to the AR System server;
Connection refused: connect servername

 

When you bring up the mid tier what error message do you get.  Are you
sure your mid tier is configured with the correct server name, mid tier
password, etc...

 

From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of sivarama velicheti
Sent: Friday, November 21, 2008 4:05 PM
To: arslist@ARSLIST.ORG
Subject: Re: Single Sign On (SSO) Issue

 

** Hi Kevin,

 I am attaching my log files. Let me know in case you find
anything. I have hit a dead end and do not know what more to do.

Thanks
Sivarama


__Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
html___ 


___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are

Re: Single Sign On (SSO) Issue

[sivarama velicheti]

Hi Kevin,

   The servername and password has been set up correctly for the
Mid-Tier because if it was not then I would not be able to login and access
the server tables which I am able to right now (once I provide the
credentials). I am able to perform all the operations that I am able to with
the user tool. I am concerned that the plugin server might be giving some
problems. But then again the server is currently set up to authenticate
users against the LDAP server and it is working fine. So it does not seem to
be the problem with the plugin server either.

Thanks
Sivarama

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are

Re: Single Sign On (SSO) Issue

[Begosh, Kevin]

The issue I was having with this was related to Tomcat using
authentication and not letting IIS handle it.  It was fixed but added
the following line to the server.xml file under tomcat for the connector
I was using,
 
tomcatAuthentication=false
 
that way it uses IIS and not tomcat.  SSO is working for me now.
 

Kevin Begosh, RSP

Tech Ops

Enterprise Business Services

301-791-3540 Phone

410-422-3623 Cell

[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] 

 



From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of sivarama velicheti
Sent: Wednesday, November 19, 2008 1:52 PM
To: arslist@ARSLIST.ORG
Subject: Re: Single Sign On (SSO) Issue


** Hi Kevin,

  Did you make any progress in the issue. I sat the entire day
yesterday but I have nothing to share from my side.

Thanks
Sivarama


__Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
html___ 

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are

Re: Single Sign On (SSO) Issue

[sivarama velicheti]

Hi Kevin,

  I had that in tomcat before you mentioned it. But still does not
seem to be working for me. What do you have as your authentication chaning
mode I wonder??

I have IIS to use the integrated windows login but somehow it does not seem
to pick that up.

Thanks
Siva
  -

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are

Re: Single Sign On (SSO) Issue

[Begosh, Kevin]

well there are a slew of things that could be wrong.  If you could send
me some logs that might help.  
 

Kevin Begosh, RSP

Tech Ops

Enterprise Business Services

301-791-3540 Phone

410-422-3623 Cell

[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] 

 



From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of sivarama velicheti
Sent: Friday, November 21, 2008 12:53 PM
To: arslist@ARSLIST.ORG
Subject: Re: Single Sign On (SSO) Issue


** Hi Kevin,

  I had that in tomcat before you mentioned it. But still does
not seem to be working for me. What do you have as your authentication
chaning mode I wonder??

I have IIS to use the integrated windows login but somehow it does not
seem to pick that up.

Thanks
Siva
  - 

__Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
html___ 

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are

Re: Single Sign On (SSO) Issue

[Begosh, Kevin]

I was on travel all day yesterday so I did not have time to work on it.
I hopefully will in the next couple of days.
 

Kevin Begosh, RSP

Tech Ops

Enterprise Business Services

301-791-3540 Phone

410-422-3623 Cell

[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] 

 



From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of sivarama velicheti
Sent: Wednesday, November 19, 2008 1:52 PM
To: arslist@ARSLIST.ORG
Subject: Re: Single Sign On (SSO) Issue


** Hi Kevin,

  Did you make any progress in the issue. I sat the entire day
yesterday but I have nothing to share from my side.

Thanks
Sivarama


__Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
html___ 

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are

Re: Single Sign On (SSO) Issue

[sivarama velicheti]

Hi Kevin,

  Did you make any progress in the issue. I sat the entire day
yesterday but I have nothing to share from my side.

Thanks
Sivarama

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are

Re: Single Sign On (SSO) Issue

[Jiri Pospisil]

++
Please Read The Disclaimer At The Bottom Of This Email
++

Kevin,

I would look at the code in your custom authenticator jar file located on the 
mid tier and see how it works out the user name.
It seems that after the migration it cannot get the user name.

Hope this gets you some idea.

Jiri Pospisil

IT Services
LCH.Clearnet



From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] 
On Behalf Of Begosh, Kevin
Sent: 17 November 2008 23:11
To: arslist@ARSLIST.ORG
Subject: Single Sign On (SSO) Issue

**
I am having an issue with Single Sign On.  I have a current environment for the 
mid tier, IIS, Servlet Exec where SSO works.  We are looking to change from 
Servlet to Tomcat on our mid tier servers.  In doing so it looks like SSO is 
not working anymore.  SSO is not Supported by BMC from what I have been told 
so my options are limited.  I was told by BMC that there should be no issue 
changing what we have with SSO from Servlet exec to tomcat.  We are on mid tier 
7.1 patch 4, windows 2003, IIS.  All the configurations on the AR Server is 
fine because it was working before.  When I load the mid tier the log in screen 
pops up and no visible errors appear.  From logging I am getting the following 
issues

- Trying to load configuration arsys_api.xml
- Could not load optional configuration arsys_api.xml
- Trying to load configuration default.xml
- constructor(arcatalog)
- Trying to load configuration arsys_api.xml
- Could not load optional configuration arsys_api.xml
- Trying to load configuration default.xml
- Connects to ARServer *servername* through [EMAIL PROTECTED]mailto:[EMAIL 
PROTECTED]
- Api source is identified as: AP675689916919Q6UhSQhwYAAAKQAA
SSO: Initialization: Version 2.05e
SSO: Property values were loaded.
usermethod:remoteuser
usercase:lower
removedomain:T
headername:
attname:
authmethod:default
authcustom:
debuglogging:T
- Unable to find required classes (javax.activation.DataHandler and 
javax.mail.internet.MimeMultipart). Attachment support is disabled.
SSO ERROR: RemoteUser name is null or empty. Using default login page
- Connects to ARServer *servername* through [EMAIL PROTECTED]mailto:[EMAIL 
PROTECTED]
SSO ERROR: RemoteUser name is null or empty. Using default login page
SSO ERROR: RemoteUser name is null or empty. Using default login page

it also makes reference to the custom authenticator failed, and that it is 
using the default one.

And for the sake of the email I removed my server name under *servername*, so 
that part was just my servers name.

Kevin Begosh, RSP
Tech Ops
Enterprise Business Services
301-791-3540 Phone
410-422-3623 Cell
[EMAIL PROTECTED]mailto:[EMAIL PROTECTED]

__Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are html___

*

This email is intended for the named recipient(s) only. Its contents are  
confidential and may only be retained by the named recipient(s) and may only be 
copied or disclosed with the consent of LCH.Clearnet Limited.   If you are not 
an intended recipient please delete this e-mail and notify [EMAIL PROTECTED]

The contents of this email are subject to contract in all cases, and 
LCH.Clearnet Limited makes no contractual commitment save where confirmed by 
hard copy.  LCH.Clearnet Limited accepts no liability, including liability for 
negligence, in respect of any statement in this email.

LCH.Clearnet Limited, Registered Office: Aldgate House, 33 Aldgate High Street, 
London EC3N 1EA.Recognised as a Clearing House under the Financial Services 
 Markets Act 2000. Reg in England No.25932 
Telephone: +44 20 7426 7000  Internet: http://www.lchclearnet.com

*


___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are

Re: Single Sign On (SSO) Issue

[Begosh, Kevin]

well according to BMC the mid tier plug-in jar file I have should work
for both, it is not specific to Tomcat or Servlet Exec
 

Kevin Begosh, RSP

Tech Ops

Enterprise Business Services

301-791-3540 Phone

410-422-3623 Cell

[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] 

 



From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Jiri Pospisil
Sent: Tuesday, November 18, 2008 4:20 AM
To: arslist@ARSLIST.ORG
Subject: Re: Single Sign On (SSO) Issue


** 

++

Please Read The Disclaimer At The Bottom Of This Email

++

 

Kevin,

 

I would look at the code in your custom authenticator jar file located
on the mid tier and see how it works out the user name. 

It seems that after the migration it cannot get the user name. 

 

Hope this gets you some idea.

 

Jiri Pospisil

 

IT Services 
LCH.Clearnet



 

 

From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Begosh, Kevin
Sent: 17 November 2008 23:11
To: arslist@ARSLIST.ORG
Subject: Single Sign On (SSO) Issue

 

** 

I am having an issue with Single Sign On.  I have a current environment
for the mid tier, IIS, Servlet Exec where SSO works.  We are looking to
change from Servlet to Tomcat on our mid tier servers.  In doing so it
looks like SSO is not working anymore.  SSO is not Supported by BMC
from what I have been told so my options are limited.  I was told by BMC
that there should be no issue changing what we have with SSO from
Servlet exec to tomcat.  We are on mid tier 7.1 patch 4, windows 2003,
IIS.  All the configurations on the AR Server is fine because it was
working before.  When I load the mid tier the log in screen pops up and
no visible errors appear.  From logging I am getting the following
issues

 

- Trying to load configuration arsys_api.xml
- Could not load optional configuration arsys_api.xml
- Trying to load configuration default.xml
- constructor(arcatalog)
- Trying to load configuration arsys_api.xml
- Could not load optional configuration arsys_api.xml
- Trying to load configuration default.xml
- Connects to ARServer *servername* through
[EMAIL PROTECTED]
- Api source is identified as: AP675689916919Q6UhSQhwYAAAKQAA
SSO: Initialization: Version 2.05e
SSO: Property values were loaded. 
usermethod:remoteuser
usercase:lower
removedomain:T
headername:
attname:
authmethod:default
authcustom:
debuglogging:T
- Unable to find required classes (javax.activation.DataHandler and
javax.mail.internet.MimeMultipart). Attachment support is disabled.
SSO ERROR: RemoteUser name is null or empty. Using default login page
- Connects to ARServer *servername* through
[EMAIL PROTECTED]
SSO ERROR: RemoteUser name is null or empty. Using default login page
SSO ERROR: RemoteUser name is null or empty. Using default login page

 

it also makes reference to the custom authenticator failed, and that it
is using the default one.

 

And for the sake of the email I removed my server name under
*servername*, so that part was just my servers name.

 

Kevin Begosh, RSP

Tech Ops

Enterprise Business Services

301-791-3540 Phone

410-422-3623 Cell

[EMAIL PROTECTED]

 

__Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
html___ 


*

 

This email is intended for the named recipient(s) only. Its contents are
confidential and may only be retained by the named recipient(s) and may
only be copied or disclosed with the consent of LCH.Clearnet Limited. If
you are not an intended recipient please delete this e-mail and notify
[EMAIL PROTECTED]

 

The contents of this email are subject to contract in all cases, and
LCH.Clearnet Limited makes no contractual commitment save where
confirmed by hard copy. LCH.Clearnet Limited accepts no liability,
including liability for negligence, in respect of any statement in this
email.

 

LCH.Clearnet Limited, Registered Office: Aldgate House, 33 Aldgate High
Street, London EC3N 1EA. Recognised as a Clearing House under the
Financial Services  Markets Act 2000. Reg in England No.25932 

Telephone: +44 20 7426 7000 Internet: http://www.lchclearnet.com

 


*

 

__Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
html___ 

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are

Re: Single Sign On (SSO) Issue

[Begosh, Kevin]

Also the reason I think this is failing is because for some reason with
Tomcat it is not get the user name from IIS.  I do have integrated
windows authentication on.
 

Kevin Begosh, RSP

Tech Ops

Enterprise Business Services

301-791-3540 Phone

410-422-3623 Cell

[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] 

 



From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Jiri Pospisil
Sent: Tuesday, November 18, 2008 4:20 AM
To: arslist@ARSLIST.ORG
Subject: Re: Single Sign On (SSO) Issue


** 

++

Please Read The Disclaimer At The Bottom Of This Email

++

 

Kevin,

 

I would look at the code in your custom authenticator jar file located
on the mid tier and see how it works out the user name. 

It seems that after the migration it cannot get the user name. 

 

Hope this gets you some idea.

 

Jiri Pospisil

 

IT Services 
LCH.Clearnet



 

 

From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Begosh, Kevin
Sent: 17 November 2008 23:11
To: arslist@ARSLIST.ORG
Subject: Single Sign On (SSO) Issue

 

** 

I am having an issue with Single Sign On.  I have a current environment
for the mid tier, IIS, Servlet Exec where SSO works.  We are looking to
change from Servlet to Tomcat on our mid tier servers.  In doing so it
looks like SSO is not working anymore.  SSO is not Supported by BMC
from what I have been told so my options are limited.  I was told by BMC
that there should be no issue changing what we have with SSO from
Servlet exec to tomcat.  We are on mid tier 7.1 patch 4, windows 2003,
IIS.  All the configurations on the AR Server is fine because it was
working before.  When I load the mid tier the log in screen pops up and
no visible errors appear.  From logging I am getting the following
issues

 

- Trying to load configuration arsys_api.xml
- Could not load optional configuration arsys_api.xml
- Trying to load configuration default.xml
- constructor(arcatalog)
- Trying to load configuration arsys_api.xml
- Could not load optional configuration arsys_api.xml
- Trying to load configuration default.xml
- Connects to ARServer *servername* through
[EMAIL PROTECTED]
- Api source is identified as: AP675689916919Q6UhSQhwYAAAKQAA
SSO: Initialization: Version 2.05e
SSO: Property values were loaded. 
usermethod:remoteuser
usercase:lower
removedomain:T
headername:
attname:
authmethod:default
authcustom:
debuglogging:T
- Unable to find required classes (javax.activation.DataHandler and
javax.mail.internet.MimeMultipart). Attachment support is disabled.
SSO ERROR: RemoteUser name is null or empty. Using default login page
- Connects to ARServer *servername* through
[EMAIL PROTECTED]
SSO ERROR: RemoteUser name is null or empty. Using default login page
SSO ERROR: RemoteUser name is null or empty. Using default login page

 

it also makes reference to the custom authenticator failed, and that it
is using the default one.

 

And for the sake of the email I removed my server name under
*servername*, so that part was just my servers name.

 

Kevin Begosh, RSP

Tech Ops

Enterprise Business Services

301-791-3540 Phone

410-422-3623 Cell

[EMAIL PROTECTED]

 

__Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
html___ 


*

 

This email is intended for the named recipient(s) only. Its contents are
confidential and may only be retained by the named recipient(s) and may
only be copied or disclosed with the consent of LCH.Clearnet Limited. If
you are not an intended recipient please delete this e-mail and notify
[EMAIL PROTECTED]

 

The contents of this email are subject to contract in all cases, and
LCH.Clearnet Limited makes no contractual commitment save where
confirmed by hard copy. LCH.Clearnet Limited accepts no liability,
including liability for negligence, in respect of any statement in this
email.

 

LCH.Clearnet Limited, Registered Office: Aldgate House, 33 Aldgate High
Street, London EC3N 1EA. Recognised as a Clearing House under the
Financial Services  Markets Act 2000. Reg in England No.25932 

Telephone: +44 20 7426 7000 Internet: http://www.lchclearnet.com

 


*

 

__Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
html___ 

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are

Re: Single Sign On (SSO) Issue

[sivarama velicheti]

Hi Kevin,

  I am facing the exact same problem with my SSO integration. Let me
know in case you make any progress in that case and I will let you know in
case I have any updates.

Thanks
Siva

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are

Re: Single Sign On (SSO) Issue

[Begosh, Kevin]

okay sounds good.  That is with Tomcat?
 

Kevin Begosh, RSP

Tech Ops

Enterprise Business Services

301-791-3540 Phone

410-422-3623 Cell

[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] 

 



From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of sivarama velicheti
Sent: Tuesday, November 18, 2008 12:07 PM
To: arslist@ARSLIST.ORG
Subject: Re: Single Sign On (SSO) Issue


** Hi Kevin,

  I am facing the exact same problem with my SSO integration.
Let me know in case you make any progress in that case and I will let
you know in case I have any updates.

Thanks
Siva


__Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
html___ 

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are

Re: Single Sign On (SSO) Issue

[sivarama velicheti]

Yep IIS  Tomcat.

Thanks
Siva

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are

Re: Single Sign On

[Roger Justice]

Have you searched BMC developer network?


-Original Message-
From: sivarama velicheti [EMAIL PROTECTED]
To: arslist@ARSLIST.ORG
Sent: Tue, 22 Jul 2008 7:51 pm
Subject: Single Sign On


** 

Hi Guys,

?? I am trying to implement single sign for my current remedy system. Can 
anyone please guide me as to how to implement that. Any documents that you can 
forward me to would be good as well. I am having the following setup running.

?OS: Windows 2003 R2
?Database: MS SQL Server 2005 (Remote)
?AR Server 7.1.00
?Mid-Tier 7.1.00 hosted on IIS 6 and Tomcat 5.5 servlet engine.

Would it require customization to implement single sign on or just making 
configuration changes, I have no idea whatsoever please guide me.

?Thanks
-- 

Sivarama Velicheti



__Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are html___ 

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are

Re: Single Sign On

[Easter, David]

Roger's suggestion is a good one.  After logging in, type SSO into the
Search BMC DN field.  The first forum hit is a thread on SSO for AR
System.
 
You may also wish to use the archive search for ARSList in places where
it is available:
 
http://listserv.rbugs.com/cgi-bin/wa.exe?S1=arslistX=-
 
http://www.nabble.com/ARS-(Action-Request-System)-f716.html
 
 
-David J. Easter
Sr. Product Manager, Solution Strategy and Development
BMC Software, Inc.
 
The opinions, statements, and/or suggested courses of action expressed
in this E-mail do not necessarily reflect those of BMC Software, Inc.
My voluntary participation in this forum is not intended to convey a
role as a spokesperson, liaison or public relations representative for
BMC Software, Inc.
 



From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Roger Justice
Sent: Tuesday, July 22, 2008 5:01 PM
To: arslist@ARSLIST.ORG
Subject: Re: Single Sign On


** Have you searched BMC developer network?


-Original Message-
From: sivarama velicheti [EMAIL PROTECTED]
To: arslist@ARSLIST.ORG
Sent: Tue, 22 Jul 2008 7:51 pm
Subject: Single Sign On


** 

Hi Guys,

   I am trying to implement single sign for my current remedy
system. Can anyone please guide me as to how to implement that. Any
documents that you can forward me to would be good as well. I am having
the following setup running.

 OS: Windows 2003 R2
 Database: MS SQL Server 2005 (Remote)
 AR Server 7.1.00
 Mid-Tier 7.1.00 hosted on IIS 6 and Tomcat 5.5 servlet engine.

Would it require customization to implement single sign on or just
making configuration changes, I have no idea whatsoever please guide me
's  

 Thanks
-- 

Sivarama Velicheti



__Platinum Sponsor: www.rmsportal.com http://www.rmsportal.com/
ARSlist: Where the Answers Are html___ 


The Famous, the Infamous, the Lame - in your browser. Get the TMZ
Toolbar Now
http://toolbar.aol.com/tmz/download.html?NCID=aolcmp000514 ! 
__Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
html___ 

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are

Re: Single Sign On

[ITSM Support]

Hi Sivarama,

 

I would like to suggest integrating the BMC Remedy Mid Tier and BMC Remedy
AR System server with the Single Sign On. 

I have done integration with the Oracle Application Server (OracleAS) Single
Sign-On (SSO). Even you can do with BMC Web Access Manager (WAM) Single
Sign-On (SSO).

 

To integrate the BMC Remedy Mid Tier and BMC Remedy AR System server with
your SSO solution, you must be familiar with all components and know how to

Configure them. This includes:

* LDAP directory server

* Web server

* Web application server (servlet container)

* SSO solution

* AR System server and mid tier

 

After that follow below steps:--

 

This is for OracleAS Integration..

 

1. The OracleAS is installed, configured, and running correctly on a
platform BMC supports for BMC Remedy Mid Tier.

2. The Oracle Internet Directory server is installed, configured, and
running correctly.

3. The OracleAS SSO is installed, configured, and running correctly.

4. The BMC Remedy Mid Tier is installed, configured, and running correctly
on the OracleAS.

5. Add the BMC Remedy Mid Tier to Oracle SSO as an external application as
described in the Oracle Application Server Single Sign-On Administrator's
Guide.

6. In web app install dir/WEB-INF/classes, edit config.properties.

   a. Replace:
arsystem.authenticator=com.remedy.arsys.session.DefaultAuthenticator

  with:arsystem.authenticator=com.remedy.arsys.sso.OracleAuthenticator
(for OracleAS SSO)

   b. If required, replace the value of the
arsystem.authenticator.sso.enckey entry with the encrypted key you created
in step 1. For example: 

   arsystem.authenticator.sso.enckey=105269288E76C311410B6595D6E52791

 

7. Stop and restart the servlet container running the BMC Remedy Mid Tier.

 

 

Configuring the SSO LDAP Plug-In

 

1. Copy the ssoldap.dll or ssoldap.so AREA plug-in file to the AR System
server install directory.

2. Edit AR System configuration file (ar.conf or ar.cfg), and add

  Plugin: ssoldap.dll (for Windows) or

  Plugin: ssoldap.so (for UNIX)

   or, if you are using the AREA hub, add

  AREA-Hub-Plugin: ssoldap.dll (for Windows) or

  AREA-Hub-Plugin: ssoldap.so (for UNIX)

3. Using the Remedy Administrator

   a. Import ssoldap.def.

   b. Make sure you have set up the mapping of LDAP groups to AR System
groups on the External Authentication tab of the Server Information dialog
box.

4. Stop and restart the AR System server so that the plug-in server loads
the plug-ins.

5. Using BMC Remedy User or the mid tier, log in to the AR System server as
a user in the Administrator group, open the SSO LDAP Configuration form, and

   complete it as follows:

   Encryption Key: arsystem (or the cleartext key you chose when you created
the encrypted key value for arsystem.authenticator.sso.enckey) 

  SSO Vendor: (Select your SSO solution.)

  Group Membership: None

  Roles List: (Name the LDAP attribute that lists the user roles. For
example, the roledn attribute contains role definitions for some LDAP
systems. Add any default 

  roles in the Default Value field.) 

  other fields: (Same as those for the AREA LDAP Configuration form. See
the section on Configuring the AREA LDAP plug-in in the Integrating with
Plug-ins and

  Third-Party Products guide.)   

6. Stop and restart the BMC Remedy AR System server.

 

Hope this helps... 

 

Regards, 

 

Sandeep 

Vyom Labs Pvt. Ltd. 

An ISO 2 certified company. 

Consulting | Outsourcing | Training || BMC Remedy BSM | ITIL 

Web : www.vyomlabs.com   

 

 

  _  

From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of sivarama velicheti
Sent: Wednesday, July 23, 2008 5:21 AM
To: arslist@ARSLIST.ORG
Subject: Single Sign On

 

** 


Hi Guys,

   I am trying to implement single sign for my current remedy system.
Can anyone please guide me as to how to implement that. Any documents that
you can forward me to would be good as well. I am having the following setup
running.

 OS: Windows 2003 R2
 Database: MS SQL Server 2005 (Remote)
 AR Server 7.1.00
 Mid-Tier 7.1.00 hosted on IIS 6 and Tomcat 5.5 servlet engine.

Would it require customization to implement single sign on or just making
configuration changes, I have no idea whatsoever please guide me.

 Thanks
-- 

Sivarama Velicheti



__Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
html___ 


___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are

Re: Single Sign On and Mid-Tier

[patrick zandi]

If you already Trust your Client.. because it is Force to be on the
domain and that is fine.. then what you can do instead is to use an
ldap authentication..
that has an escalation that imports all AD customers into Remedy Userform..
at the same time embed a Special password into the userform with it..
(you might want to exclude your licensed customers) and then make the
JSP - as autologin, with a ldap verify, and the embedded Remedy
password.

This is one solution I have seen and tested .. and works.. just not very ..
Huhummm.. Kosher..

On 10/10/06, Keats Kirsch [EMAIL PROTECTED] wrote:

If your client doesn't already have a Web SSO solution in place then
they would need to set up one first.  There are free and commercial
products available, but it is a non-trivial exercise.  Once you have
that, you need to configure the mid-tier to forward the SSO credentials
(in 6.x you use a custom Java authenticator class for this.) and
develop a custom AREA plug-in for Remedy to validate them.

We have done this using CA's SiteMinder Web SSO.  Modifying the sample
C++ application was fairly straightforward.

Hope this helps.

Keats

Jason Tuomy wrote:
 I'm looking to implement a Single Sign On via mid-tier.  I searched the
 archives but couldn't find any details.  My customer is wanting to be able
 to point a user to the mid-tier and get them past the authentication
 without requiring the user to login.

 This would mean to somehow get their login and password credentials from
 their windows environment or something and pass it to the mid-tier and set
 the user directly to where they need to be.

 I found that there are plenty of SSO software out there that will get some
 form of this data and put it into some kind of HTTP token that I could
 then retrieve (via White Paper) and pass to mid-tier.

 I was wondering if I have to have SSO software or is there some way to do
 this without purchasing software.  Again, my customer doesn't want to have
 the user do a login/password process to get to mid-tier.  So, using LDAP
 doesn't seem to be the right process.  Unless I can retrive the password
 and store it locally.

 Any help would be greatly appreciated.  Thanks.
 Jason Tuomy

 
___
 UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org

___
UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org




--
Patrick Zandi

___
UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org

Re: Single Sign On and Mid-Tier

[Jason Tuomy]

Axton,
We have IIS currently doing a SSO with a custom web application.  Reading 
Remedy's white paper on building the bridge via java and c++, it didn't 
look like it was going to be an easy process to build the code to get the 
credentials from IIS.  If you have any examples or links to follow up on 
this, I would really appreciate it.  Thanks to everyone who wrote back.

Jason

On Tue, 10 Oct 2006 21:28:21 -0400, Axton [EMAIL PROTECTED] wrote:

It all depends on your level of trust for the method of
authentication.  If you trust that IIS can properly retrieve the
user's information, then you can write an SSO solution for that
environment, granted all your target users are in an M$ domain and run
an M$ OS.

If this is not the case, you will need to find an alternative.
PKI/Smartcards have been discussed extensively, though I'm not sure if
a solution has been developed (maybe someone in that arena could share
what type of infrastructure/software they use for that type of
authentication, then again, maybe not).

From my observations, SSO solutions typically have a server component
that resides on the web server.  Certain areas of the web server can
then be marked as protected, where authentication is required for
users to access that portion of the site.  The SSO session is
established the first time a user authenticates to an SSO protected
site and those credentials persist for all/any access across other
sites that are protected using the same server side SSO software.  The
session persistence is accomplished by storing some session
information on the SSO policy server, and that is
cross-referenced/autheticated using a client-side cookie.

For some free (some maybe not so free) alternatives:
http://www.josso.org/
http://www3.ca.com/solutions/Product.aspx?ID=166
https://opensso.dev.java.net/

Axton Grams

On 9/25/06, Jason Tuomy [EMAIL PROTECTED] wrote:
 I'm looking to implement a Single Sign On via mid-tier.  I searched the
 archives but couldn't find any details.  My customer is wanting to be 
able
 to point a user to the mid-tier and get them past the authentication
 without requiring the user to login.

 This would mean to somehow get their login and password credentials from
 their windows environment or something and pass it to the mid-tier and 
set
 the user directly to where they need to be.

 I found that there are plenty of SSO software out there that will get 
some
 form of this data and put it into some kind of HTTP token that I could
 then retrieve (via White Paper) and pass to mid-tier.

 I was wondering if I have to have SSO software or is there some way to 
do
 this without purchasing software.  Again, my customer doesn't want to 
have
 the user do a login/password process to get to mid-tier.  So, using LDAP
 doesn't seem to be the right process.  Unless I can retrive the password
 and store it locally.

 Any help would be greatly appreciated.  Thanks.
 Jason Tuomy

 
___

 UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org


__
_
UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org
=

___
UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org

Re: Single Sign On and Mid-Tier

[Keats Kirsch]

If your client doesn't already have a Web SSO solution in place then
they would need to set up one first.  There are free and commercial
products available, but it is a non-trivial exercise.  Once you have
that, you need to configure the mid-tier to forward the SSO credentials
(in 6.x you use a custom Java authenticator class for this.) and
develop a custom AREA plug-in for Remedy to validate them.

We have done this using CA's SiteMinder Web SSO.  Modifying the sample
C++ application was fairly straightforward.

Hope this helps.

Keats

Jason Tuomy wrote:
 I'm looking to implement a Single Sign On via mid-tier.  I searched the
 archives but couldn't find any details.  My customer is wanting to be able
 to point a user to the mid-tier and get them past the authentication
 without requiring the user to login.

 This would mean to somehow get their login and password credentials from
 their windows environment or something and pass it to the mid-tier and set
 the user directly to where they need to be.

 I found that there are plenty of SSO software out there that will get some
 form of this data and put it into some kind of HTTP token that I could
 then retrieve (via White Paper) and pass to mid-tier.

 I was wondering if I have to have SSO software or is there some way to do
 this without purchasing software.  Again, my customer doesn't want to have
 the user do a login/password process to get to mid-tier.  So, using LDAP
 doesn't seem to be the right process.  Unless I can retrive the password
 and store it locally.

 Any help would be greatly appreciated.  Thanks.
 Jason Tuomy

 ___
 UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org

___
UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org

Re: Single Sign On and Mid-Tier

[Axton]

It all depends on your level of trust for the method of
authentication.  If you trust that IIS can properly retrieve the
user's information, then you can write an SSO solution for that
environment, granted all your target users are in an M$ domain and run
an M$ OS.

If this is not the case, you will need to find an alternative.
PKI/Smartcards have been discussed extensively, though I'm not sure if
a solution has been developed (maybe someone in that arena could share
what type of infrastructure/software they use for that type of
authentication, then again, maybe not).


From my observations, SSO solutions typically have a server component

that resides on the web server.  Certain areas of the web server can
then be marked as protected, where authentication is required for
users to access that portion of the site.  The SSO session is
established the first time a user authenticates to an SSO protected
site and those credentials persist for all/any access across other
sites that are protected using the same server side SSO software.  The
session persistence is accomplished by storing some session
information on the SSO policy server, and that is
cross-referenced/autheticated using a client-side cookie.

For some free (some maybe not so free) alternatives:
http://www.josso.org/
http://www3.ca.com/solutions/Product.aspx?ID=166
https://opensso.dev.java.net/

Axton Grams

On 9/25/06, Jason Tuomy [EMAIL PROTECTED] wrote:

I'm looking to implement a Single Sign On via mid-tier.  I searched the
archives but couldn't find any details.  My customer is wanting to be able
to point a user to the mid-tier and get them past the authentication
without requiring the user to login.

This would mean to somehow get their login and password credentials from
their windows environment or something and pass it to the mid-tier and set
the user directly to where they need to be.

I found that there are plenty of SSO software out there that will get some
form of this data and put it into some kind of HTTP token that I could
then retrieve (via White Paper) and pass to mid-tier.

I was wondering if I have to have SSO software or is there some way to do
this without purchasing software.  Again, my customer doesn't want to have
the user do a login/password process to get to mid-tier.  So, using LDAP
doesn't seem to be the right process.  Unless I can retrive the password
and store it locally.

Any help would be greatly appreciated.  Thanks.
Jason Tuomy

___
UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org



___
UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org

Re: Single Sign on

[Chris Rom]

Prasad,

so you want single signon only for Mid-Tier or also for Remedy server ?

If you enable external authentication on Remedy server, you can use the 
user's Windows network password and/or LDAP/Active Directory.

I have only done LDAP so far. It works both on the Remedy server as well as 
Mid-Tier.

Rgds,

Chris

___
UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org

Re: Single Sign on

[Heider, Stephen]

Title: RE: Remedy License Reseller
**




Prasad,

Here is one way that might work (I have not tried 
this). Note: This method is not the most secure because it involves 
storing a clear text copy of the users' passwords in another field on the User 
form. 

Create a character field on the User form to hold a 
copy of a user's password. 

In your workflow you use to allow users to change their 
passwords Push the new password to both the Password field and the character 
field.

Create a web application that, when 
run:
- Grabs the NT user name 
of the user logged into Windows

 - Retrieves the clear text 
password from your DBMS from the User_x SQL View. You could use the Remedy 
API but if you use Windows Authentication (with SQL Server, for example) you 
would be able to retrieve the user's password from a simple SELECT statement 
without having to store the Demo password (for example) in the web application 
or a config file.

 - Redirect the user to the 
Remedy form with the username and password in the URL. Since the user is 
already logged into Windows seeing their Remedy password wouldn't matter. 
Note: there might be a way to redirect the user to the Remedy URL without 
displaying it in the browser address bar. Maybe someone else can offer a 
solution to this part.

Variation: You couldencrypt the clear 
text password in the User form with an algorithm and password that only you 
know. This would help ensure thatno-one else would be able to figure 
out what someone's password was if the happen to view the User form (ie. when 
you step away from your computer).

Variation: Update the existing login.jsp web page to 
retrieve the user's password directly. Then no redirection would be 
needed. 

HTH


Stephen



From: Action Request System discussion 
list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Nunna, 
PrasadSent: Wednesday, August 23, 2006 2:04 PMTo: 
arslist@ARSLIST.ORGSubject: Single Sign on
** 

Hi 
,
 We would like to implement single sign on with remedy 
midtier. When windows users click the login page( mid tier), I will detect 
who(NT id)is connected on that PC. But I need to authenticate against 
remedy server. IS there any way I can get the password and authenticate or is 
there any procedure that I can skip the remedy authentication? 


 Pleasegive me details ifyou know any info on 
this topic. I appreciate your suggestions.

Thanks,
Prasad__20060125___This posting 
was submitted with HTML in it___
__20060125___This posting was submitted with HTML in it___