Re: Single Sign On (SSO) with CAS
Excellent thanks! -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Alex Agle Sent: Thursday, May 28, 2015 10:37 PM To: arslist@ARSLIST.ORG Subject: Re: Single Sign On (SSO) with CAS I went ahead and wrote a 10 page guide on implementing SSO with CAS. I hope it is helpful. If anyone has any corrections, please feel free to send them my way. Thanks, Alex On Tue, May 26, 2015 at 04:20:18PM -0600, LJ LongWing wrote: Alex, Anybody that is willing to provide help to the community is appreciatedso, while I don't currently have any use for that information, I never quite know where I'm going to be next month/year, and I might find the information useful, so, if you don't mind, please, post :) On Tue, May 26, 2015 at 4:16 PM, Alex Agle alex.a...@oit.gatech.edu wrote: Hi everyone, I haven't posted in years, because I was spending most of my time working with a different BMC product. Now I'm circling back to the BMC Remedy Action Request System. We're on 6.3 (on Solaris), moving to 8.1.2p1 on Linux next month. I documented the upgrade of our test environment. It didn't go the most smoothly, and I couldn't have completed it without BMC Support's help. We had to manually update some of the table structures. Perhaps this is because we totally skipped 7.0, 7.1, 7.5, 7.6, and 8.0. We also had a duplicate index on one table, according to the data dictionary, so we had to delete it. In any case, my last technical challenge was to get single sign on working. I never tried to get it working before, and I thought it would be a bonus if I could get it working as part of this upgrade. I did a lot of google searching, and I saw a few other posts where other people were trying to accomplish what I wanted to do. Either nobody responded, or some people gave some general pointers, or javasystemsolutions.com chimed in to tout their product. In any case, after a long 14 hour day, I finally got it working. We have the following environment: Linux RHEL 6.6 / Apache 2.2 / Tomcat 7.0 / mod_ssl / mod_auth_cas 1.0.9 / areasso 7.0 If there is any interest, I will write up a guide on how to implement SSO with CAS and share it with the list. Thanks, Alex -- O--O--O-O | Alex Agle \/ Lead Application Developer | O---/\ Georgia Institute of Technology | |(404)894-6165 //\\ EIS - Applications Support | | Atlanta, GA //\/\\ alex.agle(@)oit.gatech.edu| OO-\/\/-O---O ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years __ _ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years -- O--O--O-O | Alex Agle \/ Lead Application Developer | O---/\ Georgia Institute of Technology | |(404)894-6165 //\\ EIS - Applications Support | | Atlanta, GA //\/\\ alex.agle(@)oit.gatech.edu| OO-\/\/-O---O ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
Re: Single Sign On (SSO) with CAS
Very nice! Thanks, rp On 5/28/2015 1:36 PM, Alex Agle wrote: I went ahead and wrote a 10 page guide on implementing SSO with CAS. I hope it is helpful. If anyone has any corrections, please feel free to send them my way. Thanks, Alex On Tue, May 26, 2015 at 04:20:18PM -0600, LJ LongWing wrote: Alex, Anybody that is willing to provide help to the community is appreciatedso, while I don't currently have any use for that information, I never quite know where I'm going to be next month/year, and I might find the information useful, so, if you don't mind, please, post :) On Tue, May 26, 2015 at 4:16 PM, Alex Agle alex.a...@oit.gatech.edu wrote: Hi everyone, I haven't posted in years, because I was spending most of my time working with a different BMC product. Now I'm circling back to the BMC Remedy Action Request System. We're on 6.3 (on Solaris), moving to 8.1.2p1 on Linux next month. I documented the upgrade of our test environment. It didn't go the most smoothly, and I couldn't have completed it without BMC Support's help. We had to manually update some of the table structures. Perhaps this is because we totally skipped 7.0, 7.1, 7.5, 7.6, and 8.0. We also had a duplicate index on one table, according to the data dictionary, so we had to delete it. In any case, my last technical challenge was to get single sign on working. I never tried to get it working before, and I thought it would be a bonus if I could get it working as part of this upgrade. I did a lot of google searching, and I saw a few other posts where other people were trying to accomplish what I wanted to do. Either nobody responded, or some people gave some general pointers, or javasystemsolutions.com chimed in to tout their product. In any case, after a long 14 hour day, I finally got it working. We have the following environment: Linux RHEL 6.6 / Apache 2.2 / Tomcat 7.0 / mod_ssl / mod_auth_cas 1.0.9 / areasso 7.0 If there is any interest, I will write up a guide on how to implement SSO with CAS and share it with the list. Thanks, Alex -- O--O--O-O | Alex Agle \/ Lead Application Developer | O---/\ Georgia Institute of Technology | |(404)894-6165 //\\ EIS - Applications Support | | Atlanta, GA //\/\\ alex.agle(@)oit.gatech.edu| OO-\/\/-O---O ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
Re: Single Sign On (SSO) with CAS
Hi, Yes please do post the info. I’ve implemented the SSO with CAS and have the same environment you described except instead of Linux we still have an old “SunOS Generic_147440-09 sun4v sparc sun4v” We shall move to Linux in a couple of months. So your info could be very much appreciated. Best From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of LJ LongWing Sent: Wednesday, May 27, 2015 12:20 AM To: arslist@ARSLIST.ORG Subject: Re: Single Sign On (SSO) with CAS ** Alex, Anybody that is willing to provide help to the community is appreciatedso, while I don't currently have any use for that information, I never quite know where I'm going to be next month/year, and I might find the information useful, so, if you don't mind, please, post :) On Tue, May 26, 2015 at 4:16 PM, Alex Agle alex.a...@oit.gatech.edumailto:alex.a...@oit.gatech.edu wrote: Hi everyone, I haven't posted in years, because I was spending most of my time working with a different BMC product. Now I'm circling back to the BMC Remedy Action Request System. We're on 6.3 (on Solaris), moving to 8.1.2p1 on Linux next month. I documented the upgrade of our test environment. It didn't go the most smoothly, and I couldn't have completed it without BMC Support's help. We had to manually update some of the table structures. Perhaps this is because we totally skipped 7.0, 7.1, 7.5, 7.6, and 8.0. We also had a duplicate index on one table, according to the data dictionary, so we had to delete it. In any case, my last technical challenge was to get single sign on working. I never tried to get it working before, and I thought it would be a bonus if I could get it working as part of this upgrade. I did a lot of google searching, and I saw a few other posts where other people were trying to accomplish what I wanted to do. Either nobody responded, or some people gave some general pointers, or javasystemsolutions.comhttp://javasystemsolutions.com chimed in to tout their product. In any case, after a long 14 hour day, I finally got it working. We have the following environment: Linux RHEL 6.6 / Apache 2.2 / Tomcat 7.0 / mod_ssl / mod_auth_cas 1.0.9 / areasso 7.0 If there is any interest, I will write up a guide on how to implement SSO with CAS and share it with the list. Thanks, Alex -- O--O--O-O | Alex Agle \/ Lead Application Developer | O---/\ Georgia Institute of Technology | |(404)894-6165tel:%28404%29894-6165 //\\ EIS - Applications Support | | Atlanta, GA //\/\\ alex.agle(@)oit.gatech.eduhttp://oit.gatech.edu| OO-\/\/-O---O ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.orghttp://www.arslist.org Where the Answers Are, and have been for 20 years _ARSlist: Where the Answers Are and have been for 20 years_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
Re: Single Sign On (SSO) with CAS
Alex, Anybody that is willing to provide help to the community is appreciatedso, while I don't currently have any use for that information, I never quite know where I'm going to be next month/year, and I might find the information useful, so, if you don't mind, please, post :) On Tue, May 26, 2015 at 4:16 PM, Alex Agle alex.a...@oit.gatech.edu wrote: Hi everyone, I haven't posted in years, because I was spending most of my time working with a different BMC product. Now I'm circling back to the BMC Remedy Action Request System. We're on 6.3 (on Solaris), moving to 8.1.2p1 on Linux next month. I documented the upgrade of our test environment. It didn't go the most smoothly, and I couldn't have completed it without BMC Support's help. We had to manually update some of the table structures. Perhaps this is because we totally skipped 7.0, 7.1, 7.5, 7.6, and 8.0. We also had a duplicate index on one table, according to the data dictionary, so we had to delete it. In any case, my last technical challenge was to get single sign on working. I never tried to get it working before, and I thought it would be a bonus if I could get it working as part of this upgrade. I did a lot of google searching, and I saw a few other posts where other people were trying to accomplish what I wanted to do. Either nobody responded, or some people gave some general pointers, or javasystemsolutions.com chimed in to tout their product. In any case, after a long 14 hour day, I finally got it working. We have the following environment: Linux RHEL 6.6 / Apache 2.2 / Tomcat 7.0 / mod_ssl / mod_auth_cas 1.0.9 / areasso 7.0 If there is any interest, I will write up a guide on how to implement SSO with CAS and share it with the list. Thanks, Alex -- O--O--O-O | Alex Agle \/ Lead Application Developer | O---/\ Georgia Institute of Technology | |(404)894-6165 //\\ EIS - Applications Support | | Atlanta, GA //\/\\ alex.agle(@)oit.gatech.edu| OO-\/\/-O---O ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
Re: Single Sign-On (SSO)
John, thanks alot for your suggest ! You say to use BMC community code, but where i can find this code ? i would like to realize the solution myself without include other people (i.e. Column or similar). can you help me to indicate the 'right street' ? i try to read 'Integrating BMC® Remedy®Action Request System® with Single Sign-On (SSO) Authentication Systems and Other Client-Side Login Intercept Technologies' but i understand just a little ! thx Peter ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: Where the Answers Are
Re: Single Sign-On (SSO)
Yes, this can be done. Column Technologies helped us set this up, they have a packaged custom plugin they've written to perform the pass-through SSO solution which basically gets applied to your Miditer server and intercepts traffic to the web server and authenticates to your Identity Mgt solution then passes you through into Remedy. The licensing does not change with an SSO solution, based on function the user would still need to the appropriate license for the functionality used. If you are talking about the basic Requester Console, this interface does not require a license, but if you are referring to the full Service Request Management module, that is a licensed component and they would require a license. Hope this helps, contact Column Technologies (www.columnit.com) for info on their SSO solution, they were able to get us up and running in short order on it. Thanks. Nate. Nathan Aker ITSM Solution Architect McAfee, Inc. -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Team Remedy Sent: Thursday, May 31, 2012 4:31 AM To: arslist@ARSLIST.ORG Subject: Single Sign-On (SSO) Hi all, i would like to log to Requester Console bypassing the login page of Mid Tier. the User could access to the system using his Web portal and i try to interface the RQC by Single Sign-On (SSO) of BMC Remedy. Is it possible ? i don't understand if Single Sign-On (SSO) needs of regular license by BMC ! any Idea ? can you help me to solve this requirement ? thx Peter ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: Where the Answers Are ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: Where the Answers Are
Re: Single Sign On and Remedy
The classic doc on SSO is on the BMC support site. Here's the link I turn up (this is valid for ARS 7.1): http://documents.bmc.com/supportu/documents/57/12/65712/65712.pdf This directs you through the free option, which essentially is allowing the customer to use their domain password to login to Remedy. If you want to have complete passthrough without any login, you'll need a customized solution. There are a few out there, or the doc above will direct you how to develop your own. (I see that Mr. Gill is presenting one of the vendor options now. :^) Kelly Logan Office : 763-764-2375 Mobile: 313-645-4552 From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Jase Brandon Sent: Wednesday, May 26, 2010 2:33 PM To: arslist@ARSLIST.ORG Subject: Single Sign On and Remedy ** Hello All, I have been tasked with coming up with a Single Sign On solution using Remedy as the source. I think the People form would be the obvious place to start. I am curious to know if anyone else has done anything similar or if there is some Out of the Box solution available that integrates easily with Remedy. Thanks in Advance, Jase Brandon Remedy Developer Quality Technology Services 7.1 Patch 004 SQL Server Windows 2003 _attend WWRUG10 www.wwrug.com ARSlist: Where the Answers Are_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are
Re: Single sign-in
Hi Dawn. Would you be able to share the documentation with me? This is something a client of mine would like to do. Thanks. Steve Date: Thu, 17 Dec 2009 06:01:13 -0500 From: dawn.brumb...@perdue.com Subject: Single sign-in To: arslist@ARSLIST.ORG ** We are looking into implementing single sign-in for our users (I have gotten the BMC documentation to review). I was wondering if anyone else has implemented this and would be willing to share if you had any issues implementing or since implementation and also see if you could provide any pointers. Any information would be greatly appreciated. Thanks!_Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers Are_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are
Re: Single sign-in
Dawn, We tried to implement BMC's solution, and while I got it working, it didn't work for everyone, and there was no good way to troubleshoot it. We also tried another product from JSS that did work, but management decided not to proceed with purchasing it at this time. Shawn Pierson From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Brumbley, Dawn Sent: Thursday, December 17, 2009 5:01 AM To: arslist@ARSLIST.ORG Subject: Single sign-in ** We are looking into implementing single sign-in for our users (I have gotten the BMC documentation to review). I was wondering if anyone else has implemented this and would be willing to share if you had any issues implementing or since implementation and also see if you could provide any pointers. Any information would be greatly appreciated. Thanks! _Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers Are_ Private and confidential as detailed here: http://www.sug.com/disclaimers/default.htm#Mail . If you cannot access the link, please e-mail sender. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are
Re: Single sign-in
Documentation is found here: 16-Oct-2006 Integrating BMC Remedy Action Request System with Single Sign-On (SSO) and Other Client-Side Login Intercept Technologies PDFhttp://documents.bmc.com/supportu/documents/57/12/65712/65712.pdf -David J. Easter Sr. Product Manager, Solution Strategy and Development BMC Software, Inc. The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Steven Iocco Sent: Thursday, December 17, 2009 8:01 AM To: arslist@ARSLIST.ORG Subject: Re: Single sign-in ** Hi Dawn. Would you be able to share the documentation with me? This is something a client of mine would like to do. Thanks. Steve Date: Thu, 17 Dec 2009 06:01:13 -0500 From: dawn.brumb...@perdue.com Subject: Single sign-in To: arslist@ARSLIST.ORG ** We are looking into implementing single sign-in for our users (I have gotten the BMC documentation to review). I was wondering if anyone else has implemented this and would be willing to share if you had any issues implementing or since implementation and also see if you could provide any pointers. Any information would be greatly appreciated. Thanks! _Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers Are_ _Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers Are_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are
Re: Single sign-in
you should use the Free one Devtechnology Group has We have it working at DLA, Marines, and other locations.. It is configurable.. Silly to pay money.. On Thu, Dec 17, 2009 at 1:17 PM, Pierson, Shawn shawn.pier...@sug.comwrote: ** Dawn, We tried to implement BMC’s solution, and while I got it working, it didn’t work for everyone, and there was no good way to troubleshoot it. We also tried another product from JSS that did work, but management decided not to proceed with purchasing it at this time. Shawn Pierson *From:* Action Request System discussion list(ARSList) [mailto: arsl...@arslist.org] *On Behalf Of *Brumbley, Dawn *Sent:* Thursday, December 17, 2009 5:01 AM *To:* arslist@ARSLIST.ORG *Subject:* Single sign-in ** We are looking into implementing single sign-in for our users (I have gotten the BMC documentation to review). I was wondering if anyone else has implemented this and would be willing to share if you had any issues implementing or since implementation and also see if you could provide any pointers. Any information would be greatly appreciated. Thanks! _Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers Are_ Private and confidential as detailed herehttp://www.sug.com/disclaimers/default.htm#Mail. If you cannot access hyperlink, please e-mail sender. _Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers Are_ -- Patrick Zandi ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are
Re: Single sign-in
I like the sound of Free, where do I get it? Thanks, Doug From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of patrick zandi Sent: Thursday, December 17, 2009 2:37 PM To: arslist@ARSLIST.ORG Subject: Re: Single sign-in ** you should use the Free one Devtechnology Group has We have it working at DLA, Marines, and other locations.. It is configurable.. Silly to pay money.. On Thu, Dec 17, 2009 at 1:17 PM, Pierson, Shawn shawn.pier...@sug.commailto:shawn.pier...@sug.com wrote: ** Dawn, We tried to implement BMC's solution, and while I got it working, it didn't work for everyone, and there was no good way to troubleshoot it. We also tried another product from JSS that did work, but management decided not to proceed with purchasing it at this time. Shawn Pierson From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORGmailto:arslist@ARSLIST.ORG] On Behalf Of Brumbley, Dawn Sent: Thursday, December 17, 2009 5:01 AM To: arslist@ARSLIST.ORGmailto:arslist@ARSLIST.ORG Subject: Single sign-in ** We are looking into implementing single sign-in for our users (I have gotten the BMC documentation to review). I was wondering if anyone else has implemented this and would be willing to share if you had any issues implementing or since implementation and also see if you could provide any pointers. Any information would be greatly appreciated. Thanks! _Platinum Sponsor: rmisoluti...@verizon.netmailto:rmisoluti...@verizon.net ARSlist: Where the Answers Are_ Private and confidential as detailed herehttp://www.sug.com/disclaimers/default.htm#Mail. If you cannot access hyperlink, please e-mail sender. _Platinum Sponsor: rmisoluti...@verizon.netmailto:rmisoluti...@verizon.net ARSlist: Where the Answers Are_ -- Patrick Zandi _Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers Are_ DISCLAIMER Important! This message is intended for the above named person(s) only and is CONFIDENTIAL AND PROPRIETARY. If you are not the intended recipient of this e-mail and have received it in error, please immediately notify the sender by return email and then delete it from your mailbox. This message may be protected by the attorney-client privilege and/or work product doctrine. Accessing, copying, disseminating or re-using any of the information contained in this e-mail by anyone other than the intended recipient is strictly prohibited. Finally, you should check this email and any attachments for the presence of viruses, as the sender accepts no liability for any damage caused by any virus transmitted by this email. Thank you. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are
Re: Single sign-in
Do you have a link? Tony Worthington | Sr. Technical Analyst | Kohl?s Department Stores N56 W17000 Ridgewood Drive | Menomonee Falls, WI 53051 | office: (262) 703-7763 | e-mail: tony.worthing...@kohls.com From: patrick zandi remedy...@gmail.com To: arslist@ARSLIST.ORG Date: 12/17/2009 01:37 PM Subject: Re: Single sign-in Sent by: Action Request System discussion list(ARSList) arslist@ARSLIST.ORG ** you should use the Free one Devtechnology Group has We have it working at DLA, Marines, and other locations.. It is configurable.. Silly to pay money.. On Thu, Dec 17, 2009 at 1:17 PM, Pierson, Shawn shawn.pier...@sug.com wrote: ** Dawn, We tried to implement BMC?s solution, and while I got it working, it didn?t work for everyone, and there was no good way to troubleshoot it. We also tried another product from JSS that did work, but management decided not to proceed with purchasing it at this time. Shawn Pierson From: Action Request System discussion list(ARSList) [mailto: arsl...@arslist.org] On Behalf Of Brumbley, Dawn Sent: Thursday, December 17, 2009 5:01 AM To: arslist@ARSLIST.ORG Subject: Single sign-in ** We are looking into implementing single sign-in for our users (I have gotten the BMC documentation to review). I was wondering if anyone else has implemented this and would be willing to share if you had any issues implementing or since implementation and also see if you could provide any pointers. Any information would be greatly appreciated. Thanks! _Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers Are_ Private and confidential as detailed here. If you cannot access hyperlink, please e-mail sender. _Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers Are_ -- Patrick Zandi _Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers Are_ ** CONFIDENTIALITY NOTICE: This is a transmission from Kohl's Department Stores, Inc. and may contain information which is confidential and proprietary. If you are not the addressee, any disclosure, copying or distribution or use of the contents of this message is expressly prohibited. If you have received this transmission in error, please destroy it and notify us immediately at 262-703-7000. CAUTION: Internet and e-mail communications are Kohl's property and Kohl's reserves the right to retrieve and read any message created, sent and received. Kohl's reserves the right to monitor messages by authorized Kohl's Associates at any time without any further consent. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are
Re: Single sign-in
michael.campb...@devtechnology.com Sent from my iPhone On Dec 17, 2009, at 4:01 PM, Tony Worthington tony.worthing...@kohls.com wrote: ** Do you have a link? Tony Worthington | Sr. Technical Analyst | Kohl’s Department Stores N56 W17000 Ridgewood Drive | Menomonee Falls, WI 53051 | office: (262) 703-7763 | e-mail: tony.worthing...@kohls.com From: patrick zandi remedy...@gmail.com To: arslist@ARSLIST.ORG Date: 12/17/2009 01:37 PM Subject:Re: Single sign-in Sent by: Action Request System discussion list(ARSList) arslist@ARSLIST.ORG ** you should use the Free one Devtechnology Group has We have it working at DLA, Marines, and other locations.. It is configurable.. Silly to pay money.. On Thu, Dec 17, 2009 at 1:17 PM, Pierson, Shawn shawn.pier...@sug.com wrote: ** Dawn, We tried to implement BMC’s solution, and while I got it working, it didn’t work for everyone, and there was no good way to troubleshoot it. We also tried another product from JSS that did work, but mana gement decided not to proceed with purchasing it at this time. Shawn Pierson From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Brumbley, Dawn Sent: Thursday, December 17, 2009 5:01 AM To: arslist@ARSLIST.ORG Subject: Single sign-in ** We are looking into implementing single sign-in for our users (I have gotten the BMC documentation to review). I was wondering if anyone else has implemented this and would be willing to share if you had any issues implementing or since implementation and also see if you could provide any pointers. Any information would be greatly appreciated. Thanks! _Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers Are_ Private and confidential as detailed here. If you cannot access hyperlink, please e-mail sender. _Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers Are_ -- Patrick Zandi _Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers Are_ CONFIDENTIALITY NOTICE: This is a transmission from Kohl's Department Stores, Inc. and may contain information which is confidential and proprietary. If you are not the addressee, any disclosure, copying or distribution or use of the contents of this message is expressly prohibited. If you have received this transmission in error, please destroy it and notify us immediately at 262-703-7000. CAUTION: Internet and e-mail communications are Kohl's property and Kohl's reserves the right to retrieve and read any message created, sent and received. Kohl's reserves the right to monitor messages by authorized Kohl's Associates at any time without any further consent. _Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers Are_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are
Re: Single sign-in
Michael has also graciously posted the Common Access Card (CAC) integration utilizing the SSO interface on the BMC Developer Network. The integration is provided for the Remedy User client. It can be found here: http://communities.bmc.com/communities/docs/DOC-7066 -David J. Easter Sr. Product Manager, Solution Strategy and Development BMC Software, Inc. The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Pat Zandi Sent: Thursday, December 17, 2009 1:08 PM To: arslist@ARSLIST.ORG Subject: Re: Single sign-in ** michael.campb...@devtechnology.commailto:michael.campb...@devtechnology.com Sent from my iPhone On Dec 17, 2009, at 4:01 PM, Tony Worthington tony.worthing...@kohls.commailto:tony.worthing...@kohls.com wrote: ** Do you have a link? Tony Worthington | Sr. Technical Analyst | Kohl’s Department Stores N56 W17000 Ridgewood Drive | Menomonee Falls, WI 53051 | office: (262) 703-7763 | e-mail: tony.worthing...@kohls.commailto:tony.worthing...@kohls.com From: patrick zandi remedy...@gmail.commailto:remedy...@gmail.com To: arslist@ARSLIST.ORGmailto:arslist@ARSLIST.ORG Date: 12/17/2009 01:37 PM Subject: Re: Single sign-in Sent by: Action Request System discussion list(ARSList) arslist@ARSLIST.ORGmailto:arslist@ARSLIST.ORG ** you should use the Free one Devtechnology Group has We have it working at DLA, Marines, and other locations.. It is configurable.. Silly to pay money.. On Thu, Dec 17, 2009 at 1:17 PM, Pierson, Shawn shawn.pier...@sug.commailto:shawn.pier...@sug.com wrote: ** Dawn, We tried to implement BMC’s solution, and while I got it working, it didn’t work for everyone, and there was no good way to troubleshoot it. We also tried another product from JSS that did work, but management decided not to proceed with purchasing it at this time. Shawn Pierson From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORGmailto:arslist@ARSLIST.ORG] On Behalf Of Brumbley, Dawn Sent: Thursday, December 17, 2009 5:01 AM To: arslist@ARSLIST.ORGmailto:arslist@ARSLIST.ORG Subject: Single sign-in ** We are looking into implementing single sign-in for our users (I have gotten the BMC documentation to review). I was wondering if anyone else has implemented this and would be willing to share if you had any issues implementing or since implementation and also see if you could provide any pointers. Any information would be greatly appreciated. Thanks! _Platinum Sponsor: rmisoluti...@verizon.netmailto:rmisoluti...@verizon.net ARSlist: Where the Answers Are_ Private and confidential as detailed herehttp://www.sug.com/disclaimers/default.htm#Mail. If you cannot access hyperlink, please e-mail sender. _Platinum Sponsor: rmisoluti...@verizon.netmailto:rmisoluti...@verizon.net ARSlist: Where the Answers Are_ -- Patrick Zandi _Platinum Sponsor: rmisoluti...@verizon.netmailto:rmisoluti...@verizon.net ARSlist: Where the Answers Are_ CONFIDENTIALITY NOTICE: This is a transmission from Kohl's Department Stores, Inc. and may contain information which is confidential and proprietary. If you are not the addressee, any disclosure, copying or distribution or use of the contents of this message is expressly prohibited. If you have received this transmission in error, please destroy it and notify us immediately at 262-703-7000. CAUTION: Internet and e-mail communications are Kohl's property and Kohl's reserves the right to retrieve and read any message created, sent and received. Kohl's reserves the right to monitor messages by authorized Kohl's Associates at any time without any further consent. _Platinum Sponsor: rmisoluti...@verizon.netmailto:rmisoluti...@verizon.net ARSlist: Where the Answers Are_ _Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers Are_
Re: Single Sign-On (SiteMinder, Identity Manager)
Axton, after looking at the documentation this is exactly what I'm looking for. The BMC white paper was extremely helpful. I will give it a crack and let you know if I run into any issues. Thanks again! Rafael From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Axton Sent: Wednesday, March 04, 2009 1:38 PM To: arslist@ARSLIST.ORG Subject: Re: Single Sign-On (SiteMinder, Identity Manager) ** With the approach I took, yes. Are there other approaches? Yes. Will they require similar changes? Probably. Axton Grams The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. On Wed, Mar 4, 2009 at 12:08 PM, Rodriguez, Rafael J x23718 rafael.rodrig...@broadridge.com wrote: ** Thanks Axton, I will take a look at the docs you provided. So are you saying that in order to use SiteMinder you have to develop a custom AREA plugin and make changes to login.jsp on Mid-Tier. Please bare with me as this is my first exposure to SSO with Mid-tier. From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Axton Sent: Tuesday, March 03, 2009 3:44 PM To: arslist@ARSLIST.ORG Subject: Re: Single Sign-On (SiteMinder, Identity Manager) ** The Java System Solutions page on their sso plugin does the best job I've found of illustrating how I've seen SSO implemented with the mid-tier. http://www.javasystemsolutions.com/jss/ssoplugin http://www.javasystemsolutions.com/img/diagram/ssoplugin-midtier.png Not endorsing the product, as I've never used it, but there is a good write-up/illustrations on the page. It involves writing a custom AREA plug-in as well as customizations to login.jsp and custom servlets on the mid-tier server. There are BMC whitepapers on the subject as well, though I have not used them as we developed the sso solution using a 6.0.1 mid-tier server which did not have the Authenticator hooks the newer versions of mid-tier have. We can keep the discussion on the list; other people may have things to add and things to gain through visibility into the discussion. Axton Grams The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. On Tue, Mar 3, 2009 at 9:42 AM, Rodriguez, Rafael J x23718 rafael.rodrig...@broadridge.com wrote: ** Thanks Axton for the response. I'm aware that this would be a solution just for Mid-Tier. Can you provide any documentation or direction on this? If you would be willing we can have a brief discussion outside of the list? Thanks Rafael Rodriguez Manager Midtier/Remedy Enterprise Broadridge Financial Solutions Inc 201.714.3718 From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Axton Sent: Tuesday, March 03, 2009 10:07 AM To: arslist@ARSLIST.ORG Subject: Re: Single Sign-On (SiteMinder, Identity Manager) ** I have worked with SiteMinder sso integrations. It was an sso solution for the mid-tier; native clients still required a login. Axton Grams The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. On Tue, Mar 3, 2009 at 8:05 AM, Rodriguez, Rafael J x23718 rafael.rodrig...@broadridge.com wrote: Hello, Just wanted to find out if anyone has utilized SiteMinder or Identity Manager to implement Single Sign-On in there environment? Any ideas are welcome Thanks My environment is: IIS 6 Tomcat Servlet for Mid-Tier. ARS 7.0.1 Patch 6 SQL 2000 This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are __Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are html___ This message
Re: Single Sign-On (SiteMinder, Identity Manager)
Thanks Axton, I will take a look at the docs you provided. So are you saying that in order to use SiteMinder you have to develop a custom AREA plugin and make changes to login.jsp on Mid-Tier. Please bare with me as this is my first exposure to SSO with Mid-tier. From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Axton Sent: Tuesday, March 03, 2009 3:44 PM To: arslist@ARSLIST.ORG Subject: Re: Single Sign-On (SiteMinder, Identity Manager) ** The Java System Solutions page on their sso plugin does the best job I've found of illustrating how I've seen SSO implemented with the mid-tier. http://www.javasystemsolutions.com/jss/ssoplugin http://www.javasystemsolutions.com/img/diagram/ssoplugin-midtier.png Not endorsing the product, as I've never used it, but there is a good write-up/illustrations on the page. It involves writing a custom AREA plug-in as well as customizations to login.jsp and custom servlets on the mid-tier server. There are BMC whitepapers on the subject as well, though I have not used them as we developed the sso solution using a 6.0.1 mid-tier server which did not have the Authenticator hooks the newer versions of mid-tier have. We can keep the discussion on the list; other people may have things to add and things to gain through visibility into the discussion. Axton Grams The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. On Tue, Mar 3, 2009 at 9:42 AM, Rodriguez, Rafael J x23718 rafael.rodrig...@broadridge.com wrote: ** Thanks Axton for the response. I'm aware that this would be a solution just for Mid-Tier. Can you provide any documentation or direction on this? If you would be willing we can have a brief discussion outside of the list? Thanks Rafael Rodriguez Manager Midtier/Remedy Enterprise Broadridge Financial Solutions Inc 201.714.3718 From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Axton Sent: Tuesday, March 03, 2009 10:07 AM To: arslist@ARSLIST.ORG Subject: Re: Single Sign-On (SiteMinder, Identity Manager) ** I have worked with SiteMinder sso integrations. It was an sso solution for the mid-tier; native clients still required a login. Axton Grams The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. On Tue, Mar 3, 2009 at 8:05 AM, Rodriguez, Rafael J x23718 rafael.rodrig...@broadridge.com wrote: Hello, Just wanted to find out if anyone has utilized SiteMinder or Identity Manager to implement Single Sign-On in there environment? Any ideas are welcome Thanks My environment is: IIS 6 Tomcat Servlet for Mid-Tier. ARS 7.0.1 Patch 6 SQL 2000 This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are __Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are html___ This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system. __Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are html___ __Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are html___ This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication
Re: Single Sign-On (SiteMinder, Identity Manager)
With the approach I took, yes. Are there other approaches? Yes. Will they require similar changes? Probably. Axton Grams The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. On Wed, Mar 4, 2009 at 12:08 PM, Rodriguez, Rafael J x23718 rafael.rodrig...@broadridge.com wrote: ** Thanks Axton, I will take a look at the docs you provided. So are you saying that in order to use SiteMinder you have to develop a custom AREA plugin and make changes to login.jsp on Mid-Tier. Please bare with me as this is my first exposure to SSO with Mid-tier. -- *From:* Action Request System discussion list(ARSList) [mailto: arsl...@arslist.org] *On Behalf Of *Axton *Sent:* Tuesday, March 03, 2009 3:44 PM *To:* arslist@ARSLIST.ORG *Subject:* Re: Single Sign-On (SiteMinder, Identity Manager) ** The Java System Solutions page on their sso plugin does the best job I've found of illustrating how I've seen SSO implemented with the mid-tier. http://www.javasystemsolutions.com/jss/ssoplugin http://www.javasystemsolutions.com/img/diagram/ssoplugin-midtier.png Not endorsing the product, as I've never used it, but there is a good write-up/illustrations on the page. It involves writing a custom AREA plug-in as well as customizations to login.jsp and custom servlets on the mid-tier server. There are BMC whitepapers on the subject as well, though I have not used them as we developed the sso solution using a 6.0.1 mid-tier server which did not have the Authenticator hooks the newer versions of mid-tier have. We can keep the discussion on the list; other people may have things to add and things to gain through visibility into the discussion. Axton Grams The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. On Tue, Mar 3, 2009 at 9:42 AM, Rodriguez, Rafael J x23718 rafael.rodrig...@broadridge.com wrote: ** Thanks Axton for the response. I'm aware that this would be a solution just for Mid-Tier. Can you provide any documentation or direction on this? If you would be willing we can have a brief discussion outside of the list? Thanks *Rafael Rodriguez*** *Manager Midtier/Remedy Enterprise* *Broadridge Financial Solutions Inc* *201.714.3718* -- *From:* Action Request System discussion list(ARSList) [mailto: arsl...@arslist.org] *On Behalf Of *Axton *Sent:* Tuesday, March 03, 2009 10:07 AM *To:* arslist@ARSLIST.ORG *Subject:* Re: Single Sign-On (SiteMinder, Identity Manager) ** I have worked with SiteMinder sso integrations. It was an sso solution for the mid-tier; native clients still required a login. Axton Grams The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. On Tue, Mar 3, 2009 at 8:05 AM, Rodriguez, Rafael J x23718 rafael.rodrig...@broadridge.com wrote: Hello, Just wanted to find out if anyone has utilized SiteMinder or Identity Manager to implement Single Sign-On in there environment? Any ideas are welcome Thanks My environment is: IIS 6 Tomcat Servlet for Mid-Tier. ARS 7.0.1 Patch 6 SQL 2000 This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are __Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are html___ This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly
Re: Single Sign-On (SiteMinder, Identity Manager)
In any instance you will have to create your own AREA plugin From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Axton Sent: 04 March 2009 18:38 To: arslist@ARSLIST.ORG Subject: Re: Single Sign-On (SiteMinder, Identity Manager) ** With the approach I took, yes. Are there other approaches? Yes. Will they require similar changes? Probably. Axton Grams The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. On Wed, Mar 4, 2009 at 12:08 PM, Rodriguez, Rafael J x23718 rafael.rodrig...@broadridge.com wrote: ** Thanks Axton, I will take a look at the docs you provided. So are you saying that in order to use SiteMinder you have to develop a custom AREA plugin and make changes to login.jsp on Mid-Tier. Please bare with me as this is my first exposure to SSO with Mid-tier. _ From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Axton Sent: Tuesday, March 03, 2009 3:44 PM To: arslist@ARSLIST.ORG Subject: Re: Single Sign-On (SiteMinder, Identity Manager) ** The Java System Solutions page on their sso plugin does the best job I've found of illustrating how I've seen SSO implemented with the mid-tier. http://www.javasystemsolutions.com/jss/ssoplugin http://www.javasystemsolutions.com/img/diagram/ssoplugin-midtier.png Not endorsing the product, as I've never used it, but there is a good write-up/illustrations on the page. It involves writing a custom AREA plug-in as well as customizations to login.jsp and custom servlets on the mid-tier server. There are BMC whitepapers on the subject as well, though I have not used them as we developed the sso solution using a 6.0.1 mid-tier server which did not have the Authenticator hooks the newer versions of mid-tier have. We can keep the discussion on the list; other people may have things to add and things to gain through visibility into the discussion. Axton Grams The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. On Tue, Mar 3, 2009 at 9:42 AM, Rodriguez, Rafael J x23718 rafael.rodrig...@broadridge.com wrote: ** Thanks Axton for the response. I'm aware that this would be a solution just for Mid-Tier. Can you provide any documentation or direction on this? If you would be willing we can have a brief discussion outside of the list? Thanks Rafael Rodriguez Manager Midtier/Remedy Enterprise Broadridge Financial Solutions Inc 201.714.3718 _ From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Axton Sent: Tuesday, March 03, 2009 10:07 AM To: arslist@ARSLIST.ORG Subject: Re: Single Sign-On (SiteMinder, Identity Manager) ** I have worked with SiteMinder sso integrations. It was an sso solution for the mid-tier; native clients still required a login. Axton Grams The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. On Tue, Mar 3, 2009 at 8:05 AM, Rodriguez, Rafael J x23718 rafael.rodrig...@broadridge.com wrote: Hello, Just wanted to find out if anyone has utilized SiteMinder or Identity Manager to implement Single Sign-On in there environment? Any ideas are welcome Thanks My environment is: IIS 6 Tomcat Servlet for Mid-Tier. ARS 7.0.1 Patch 6 SQL 2000 This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are __Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are html___ This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized
Re: Single Sign-On (SiteMinder, Identity Manager)
Thanks Axton for the response. I'm aware that this would be a solution just for Mid-Tier. Can you provide any documentation or direction on this? If you would be willing we can have a brief discussion outside of the list? Thanks Rafael Rodriguez Manager Midtier/Remedy Enterprise Broadridge Financial Solutions Inc 201.714.3718 From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Axton Sent: Tuesday, March 03, 2009 10:07 AM To: arslist@ARSLIST.ORG Subject: Re: Single Sign-On (SiteMinder, Identity Manager) ** I have worked with SiteMinder sso integrations. It was an sso solution for the mid-tier; native clients still required a login. Axton Grams The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. On Tue, Mar 3, 2009 at 8:05 AM, Rodriguez, Rafael J x23718 rafael.rodrig...@broadridge.com wrote: Hello, Just wanted to find out if anyone has utilized SiteMinder or Identity Manager to implement Single Sign-On in there environment? Any ideas are welcome Thanks My environment is: IIS 6 Tomcat Servlet for Mid-Tier. ARS 7.0.1 Patch 6 SQL 2000 This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are __Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are html___ This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are
Re: Single Sign-On (SiteMinder, Identity Manager)
The Java System Solutions page on their sso plugin does the best job I've found of illustrating how I've seen SSO implemented with the mid-tier. http://www.javasystemsolutions.com/jss/ssoplugin http://www.javasystemsolutions.com/img/diagram/ssoplugin-midtier.png Not endorsing the product, as I've never used it, but there is a good write-up/illustrations on the page. It involves writing a custom AREA plug-in as well as customizations to login.jsp and custom servlets on the mid-tier server. There are BMC whitepapers on the subject as well, though I have not used them as we developed the sso solution using a 6.0.1 mid-tier server which did not have the Authenticator hooks the newer versions of mid-tier have. We can keep the discussion on the list; other people may have things to add and things to gain through visibility into the discussion. Axton Grams The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. On Tue, Mar 3, 2009 at 9:42 AM, Rodriguez, Rafael J x23718 rafael.rodrig...@broadridge.com wrote: ** Thanks Axton for the response. I'm aware that this would be a solution just for Mid-Tier. Can you provide any documentation or direction on this? If you would be willing we can have a brief discussion outside of the list? Thanks * Rafael Rodriguez Manager Midtier/Remedy Enterprise Broadridge Financial Solutions Inc 201.714.3718 * -- *From:* Action Request System discussion list(ARSList) [mailto: arsl...@arslist.org] *On Behalf Of *Axton *Sent:* Tuesday, March 03, 2009 10:07 AM *To:* arslist@ARSLIST.ORG *Subject:* Re: Single Sign-On (SiteMinder, Identity Manager) ** I have worked with SiteMinder sso integrations. It was an sso solution for the mid-tier; native clients still required a login. Axton Grams The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. On Tue, Mar 3, 2009 at 8:05 AM, Rodriguez, Rafael J x23718 rafael.rodrig...@broadridge.com wrote: Hello, Just wanted to find out if anyone has utilized SiteMinder or Identity Manager to implement Single Sign-On in there environment? Any ideas are welcome Thanks My environment is: IIS 6 Tomcat Servlet for Mid-Tier. ARS 7.0.1 Patch 6 SQL 2000 This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are __Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are html___ This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system. __Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are html___ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are
Re: Single Sign-on...
David, Consider the following scenario: A client implements an SSO integration and naturally has to make various modifications to the out of the box sample code. Question 1: Will BMC rubber stamp the SSO implementation as secure and fit for purpose? The solution is deployed in an enterprise with thousands of users and after a while they discover that some users are being asked to provide Windows login credentials when accessing the Midtier. A call is placed to BMC support who can not diagnose the situation. Question 2. Can the user escalate the problem and get a priority resolution from BMC? Thanks !! Regards...Gidd _ From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Easter, David Sent: Wednesday, January 14, 2009 10:19 AM To: arslist@ARSLIST.ORG Subject: Re: Single Sign-on... ** Sample code is provided as is without warranty. However, if an issue is found with a supported portion of AR System (the AREA plug-in server, Mid-Tier, DLL integration with Remedy User, etc.) while using the sample code - and the issue can be isolated from the sample code or customer generated code - then, of course, BMC Support would treat the issue as a supported one. As has been the tradition in Support, most Support technicians will also attempt to provide best effort in answering questions or helping customers with issues even if not officially supported. -David J. Easter Sr. Product Manager, Solution Strategy and Development BMC Software, Inc. The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. _ From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Danny Kellett Sent: Wednesday, January 14, 2009 9:53 AM To: arslist@ARSLIST.ORG Subject: Re: Single Sign-on... ** David, What is the BMC Support standpoint if a customer uses the sample code from the support site and has issues with it? E.g. compiling, crashes the arplugin server etc? Thanks Danny From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Easter, David Sent: 14 January 2009 17:31 To: arslist@ARSLIST.ORG Subject: Re: Single Sign-on... ** The ability to integrate with SSO through either the WUT or the Mid-Tier was provided as part of AR System 7.0.01 back in 2006. This capability is still supported an the white paper provides additional information to individuals wishing to take advantage of the interface. I'm not sure what your question is asking, but the interface continues to be supported. No major changes have been made to the interfaces since AR System 7.0.01. -David J. Easter Sr. Product Manager, Solution Strategy and Development BMC Software, Inc. The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. _ From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of patrick zandi Sent: Tuesday, January 13, 2009 5:38 PM To: arslist@ARSLIST.ORG Subject: Re: Single Sign-on... ** Dave, Are you saying BMC is starting to provide additional support for this application? Are there any updates? to the code ? On Tue, Jan 13, 2009 at 4:42 PM, Easter, David david_eas...@bmc.com wrote: ** There is also a white paper available on BMC Support Central on how to integrate an SSO solution with AR System. 16-Oct-2006 Integrating BMC Remedy Action Request System with Single Sign-On (SSO) and Other Client-Side Login Intercept Technologies PDF http://www.bmc.com/supportu/documents/57/12/65712/65712.pdf -David J. Easter Sr. Product Manager, Solution Strategy and Development BMC Software, Inc. The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. _ From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Richard Copits Sent: Tuesday, January 13, 2009 12:44 PM To: arslist@ARSLIST.ORG Subject: Single Sign-on... ** Has anyone implemented a single signon in a 7.1 system and XP clients? How difficult is it? Any information on how to proceed would be appreciated... Thanks! The fact that someone owns a hammer and a saw doesn't make them a carpenter Portions
Re: Single Sign-on...
Thanks Dave!! The fact that someone owns a hammer and a saw doesn't make them a carpenter From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Easter, David Sent: Tuesday, January 13, 2009 4:43 PM To: arslist@ARSLIST.ORG Subject: Re: Single Sign-on... ** There is also a white paper available on BMC Support Central on how to integrate an SSO solution with AR System. 16-Oct-2006 Integrating BMC Remedy Action Request System with Single Sign-On (SSO) and Other Client-Side Login Intercept Technologies PDF http://www.bmc.com/supportu/documents/57/12/65712/65712.pdf -David J. Easter Sr. Product Manager, Solution Strategy and Development BMC Software, Inc. The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Richard Copits Sent: Tuesday, January 13, 2009 12:44 PM To: arslist@ARSLIST.ORG Subject: Single Sign-on... ** Has anyone implemented a single signon in a 7.1 system and XP clients? How difficult is it? Any information on how to proceed would be appreciated... Thanks! The fact that someone owns a hammer and a saw doesn't make them a carpenter Portions of this message may be confidential under an exemption to Ohio's public records law or under a legal privilege. If you have received this message in error or due to an unauthorized transmission or interception, please delete all copies from your system without disclosing, copying, or transmitting this message. __Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are html___ __Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are html___ Portions of this message may be confidential under an exemption to Ohio's public records law or under a legal privilege. If you have received this message in error or due to an unauthorized transmission or interception, please delete all copies from your system without disclosing, copying, or transmitting this message. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are
Re: Single Sign-on...
The ability to integrate with SSO through either the WUT or the Mid-Tier was provided as part of AR System 7.0.01 back in 2006. This capability is still supported an the white paper provides additional information to individuals wishing to take advantage of the interface. I'm not sure what your question is asking, but the interface continues to be supported. No major changes have been made to the interfaces since AR System 7.0.01. -David J. Easter Sr. Product Manager, Solution Strategy and Development BMC Software, Inc. The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of patrick zandi Sent: Tuesday, January 13, 2009 5:38 PM To: arslist@ARSLIST.ORG Subject: Re: Single Sign-on... ** Dave, Are you saying BMC is starting to provide additional support for this application? Are there any updates? to the code ? On Tue, Jan 13, 2009 at 4:42 PM, Easter, David david_eas...@bmc.com wrote: ** There is also a white paper available on BMC Support Central on how to integrate an SSO solution with AR System. 16-Oct-2006 Integrating BMC Remedy Action Request System with Single Sign-On (SSO) and Other Client-Side Login Intercept Technologies PDF http://www.bmc.com/supportu/documents/57/12/65712/65712.pdf -David J. Easter Sr. Product Manager, Solution Strategy and Development BMC Software, Inc. The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Richard Copits Sent: Tuesday, January 13, 2009 12:44 PM To: arslist@ARSLIST.ORG Subject: Single Sign-on... ** Has anyone implemented a single signon in a 7.1 system and XP clients? How difficult is it? Any information on how to proceed would be appreciated... Thanks! The fact that someone owns a hammer and a saw doesn't make them a carpenter Portions of this message may be confidential under an exemption to Ohio's public records law or under a legal privilege. If you have received this message in error or due to an unauthorized transmission or interception, please delete all copies from your system without disclosing, copying, or transmitting this message. __Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are html___ __Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are html___ -- Patrick Zandi __Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are html___ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are
Re: Single Sign-on...
David, What is the BMC Support standpoint if a customer uses the sample code from the support site and has issues with it? E.g. compiling, crashes the arplugin server etc? Thanks Danny From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Easter, David Sent: 14 January 2009 17:31 To: arslist@ARSLIST.ORG Subject: Re: Single Sign-on... ** The ability to integrate with SSO through either the WUT or the Mid-Tier was provided as part of AR System 7.0.01 back in 2006. This capability is still supported an the white paper provides additional information to individuals wishing to take advantage of the interface. I'm not sure what your question is asking, but the interface continues to be supported. No major changes have been made to the interfaces since AR System 7.0.01. -David J. Easter Sr. Product Manager, Solution Strategy and Development BMC Software, Inc. The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. _ From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of patrick zandi Sent: Tuesday, January 13, 2009 5:38 PM To: arslist@ARSLIST.ORG Subject: Re: Single Sign-on... ** Dave, Are you saying BMC is starting to provide additional support for this application? Are there any updates? to the code ? On Tue, Jan 13, 2009 at 4:42 PM, Easter, David david_eas...@bmc.com wrote: ** There is also a white paper available on BMC Support Central on how to integrate an SSO solution with AR System. 16-Oct-2006 Integrating BMC Remedy Action Request System with Single Sign-On (SSO) and Other Client-Side Login Intercept Technologies PDF http://www.bmc.com/supportu/documents/57/12/65712/65712.pdf -David J. Easter Sr. Product Manager, Solution Strategy and Development BMC Software, Inc. The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. _ From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Richard Copits Sent: Tuesday, January 13, 2009 12:44 PM To: arslist@ARSLIST.ORG Subject: Single Sign-on... ** Has anyone implemented a single signon in a 7.1 system and XP clients? How difficult is it? Any information on how to proceed would be appreciated... Thanks! The fact that someone owns a hammer and a saw doesn't make them a carpenter Portions of this message may be confidential under an exemption to Ohio's public records law or under a legal privilege. If you have received this message in error or due to an unauthorized transmission or interception, please delete all copies from your system without disclosing, copying, or transmitting this message. __Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are html___ __Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are html___ -- Patrick Zandi __Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are html___ __Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are html___ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are
Re: Single Sign-on...
Richard, Java Systems has an OOTB SSO solution that is sweet. Here is a link to their products: http://www.javasystemsolutions.com/jss/solutions You might like to ping Tim Widowfield, he has done a few integrations for them. HTH Regards...Gidd _ From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Richard Copits Sent: Tuesday, January 13, 2009 12:44 PM To: arslist@ARSLIST.ORG Subject: Single Sign-on... ** Has anyone implemented a single signon in a 7.1 system and XP clients? How difficult is it? Any information on how to proceed would be appreciated... Thanks! The fact that someone owns a hammer and a saw doesn't make them a carpenter Portions of this message may be confidential under an exemption to Ohio's public records law or under a legal privilege. If you have received this message in error or due to an unauthorized transmission or interception, please delete all copies from your system without disclosing, copying, or transmitting this message. __Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are html___ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are
Re: Single Sign-on...
Thanks! The fact that someone owns a hammer and a saw doesn't make them a carpenter From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Gidd Sent: Tuesday, January 13, 2009 3:52 PM To: arslist@ARSLIST.ORG Subject: Re: Single Sign-on... ** Richard, Java Systems has an OOTB SSO solution that is sweet. Here is a link to their products: http://www.javasystemsolutions.com/jss/solutions You might like to ping Tim Widowfield, he has done a few integrations for them. HTH Regards...Gidd From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Richard Copits Sent: Tuesday, January 13, 2009 12:44 PM To: arslist@ARSLIST.ORG Subject: Single Sign-on... ** Has anyone implemented a single signon in a 7.1 system and XP clients? How difficult is it? Any information on how to proceed would be appreciated... Thanks! The fact that someone owns a hammer and a saw doesn't make them a carpenter Portions of this message may be confidential under an exemption to Ohio's public records law or under a legal privilege. If you have received this message in error or due to an unauthorized transmission or interception, please delete all copies from your system without disclosing, copying, or transmitting this message. __Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are html___ __Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are html___ Portions of this message may be confidential under an exemption to Ohio's public records law or under a legal privilege. If you have received this message in error or due to an unauthorized transmission or interception, please delete all copies from your system without disclosing, copying, or transmitting this message. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are
Re: Single Sign-on...
There is also a white paper available on BMC Support Central on how to integrate an SSO solution with AR System. 16-Oct-2006 Integrating BMC Remedy Action Request System with Single Sign-On (SSO) and Other Client-Side Login Intercept Technologies PDF http://www.bmc.com/supportu/documents/57/12/65712/65712.pdf -David J. Easter Sr. Product Manager, Solution Strategy and Development BMC Software, Inc. The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Richard Copits Sent: Tuesday, January 13, 2009 12:44 PM To: arslist@ARSLIST.ORG Subject: Single Sign-on... ** Has anyone implemented a single signon in a 7.1 system and XP clients? How difficult is it? Any information on how to proceed would be appreciated... Thanks! The fact that someone owns a hammer and a saw doesn't make them a carpenter Portions of this message may be confidential under an exemption to Ohio's public records law or under a legal privilege. If you have received this message in error or due to an unauthorized transmission or interception, please delete all copies from your system without disclosing, copying, or transmitting this message. __Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are html___ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are
Re: Single Sign-on...
Dave, Are you saying BMC is starting to provide additional support for this application? Are there any updates? to the code ? On Tue, Jan 13, 2009 at 4:42 PM, Easter, David david_eas...@bmc.com wrote: ** There is also a white paper available on BMC Support Central on how to integrate an SSO solution with AR System. 16-Oct-2006 Integrating BMC Remedy Action Request System with Single Sign-On (SSO) and Other Client-Side Login Intercept Technologies PDFhttp://www.bmc.com/supportu/documents/57/12/65712/65712.pdf -David J. Easter Sr. Product Manager, Solution Strategy and Development BMC Software, Inc. The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. -- *From:* Action Request System discussion list(ARSList) [mailto: arsl...@arslist.org] *On Behalf Of *Richard Copits *Sent:* Tuesday, January 13, 2009 12:44 PM *To:* arslist@ARSLIST.ORG *Subject:* Single Sign-on... ** Has anyone implemented a single signon in a 7.1 system and XP clients? How difficult is it? Any information on how to proceed would be appreciated... Thanks! * * * * *The fact that someone owns a hammer and a saw doesn't make them a carpenter** * Portions of this message may be confidential under an exemption to Ohio's public records law or under a legal privilege. If you have received this message in error or due to an unauthorized transmission or interception, please delete all copies from your system without disclosing, copying, or transmitting this message. __Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are html___ __Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are html___ -- Patrick Zandi ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are
Re: Single Sign On (SSO) Issue
Well one error message you are getting is this - Connects to ARServer servername through Java Rpc failed with: ERROR (90): Cannot establish a network connection to the AR System server; Connection refused: connect servername When you bring up the mid tier what error message do you get. Are you sure your mid tier is configured with the correct server name, mid tier password, etc... From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of sivarama velicheti Sent: Friday, November 21, 2008 4:05 PM To: arslist@ARSLIST.ORG Subject: Re: Single Sign On (SSO) Issue ** Hi Kevin, I am attaching my log files. Let me know in case you find anything. I have hit a dead end and do not know what more to do. Thanks Sivarama __Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are html___ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
Re: Single Sign On (SSO) Issue
Hi Kevin, The servername and password has been set up correctly for the Mid-Tier because if it was not then I would not be able to login and access the server tables which I am able to right now (once I provide the credentials). I am able to perform all the operations that I am able to with the user tool. I am concerned that the plugin server might be giving some problems. But then again the server is currently set up to authenticate users against the LDAP server and it is working fine. So it does not seem to be the problem with the plugin server either. Thanks Sivarama ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
Re: Single Sign On (SSO) Issue
The issue I was having with this was related to Tomcat using authentication and not letting IIS handle it. It was fixed but added the following line to the server.xml file under tomcat for the connector I was using, tomcatAuthentication=false that way it uses IIS and not tomcat. SSO is working for me now. Kevin Begosh, RSP Tech Ops Enterprise Business Services 301-791-3540 Phone 410-422-3623 Cell [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of sivarama velicheti Sent: Wednesday, November 19, 2008 1:52 PM To: arslist@ARSLIST.ORG Subject: Re: Single Sign On (SSO) Issue ** Hi Kevin, Did you make any progress in the issue. I sat the entire day yesterday but I have nothing to share from my side. Thanks Sivarama __Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are html___ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
Re: Single Sign On (SSO) Issue
Hi Kevin, I had that in tomcat before you mentioned it. But still does not seem to be working for me. What do you have as your authentication chaning mode I wonder?? I have IIS to use the integrated windows login but somehow it does not seem to pick that up. Thanks Siva - ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
Re: Single Sign On (SSO) Issue
well there are a slew of things that could be wrong. If you could send me some logs that might help. Kevin Begosh, RSP Tech Ops Enterprise Business Services 301-791-3540 Phone 410-422-3623 Cell [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of sivarama velicheti Sent: Friday, November 21, 2008 12:53 PM To: arslist@ARSLIST.ORG Subject: Re: Single Sign On (SSO) Issue ** Hi Kevin, I had that in tomcat before you mentioned it. But still does not seem to be working for me. What do you have as your authentication chaning mode I wonder?? I have IIS to use the integrated windows login but somehow it does not seem to pick that up. Thanks Siva - __Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are html___ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
Re: Single Sign On (SSO) Issue
I was on travel all day yesterday so I did not have time to work on it. I hopefully will in the next couple of days. Kevin Begosh, RSP Tech Ops Enterprise Business Services 301-791-3540 Phone 410-422-3623 Cell [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of sivarama velicheti Sent: Wednesday, November 19, 2008 1:52 PM To: arslist@ARSLIST.ORG Subject: Re: Single Sign On (SSO) Issue ** Hi Kevin, Did you make any progress in the issue. I sat the entire day yesterday but I have nothing to share from my side. Thanks Sivarama __Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are html___ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
Re: Single Sign On (SSO) Issue
Hi Kevin, Did you make any progress in the issue. I sat the entire day yesterday but I have nothing to share from my side. Thanks Sivarama ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
Re: Single Sign On (SSO) Issue
++ Please Read The Disclaimer At The Bottom Of This Email ++ Kevin, I would look at the code in your custom authenticator jar file located on the mid tier and see how it works out the user name. It seems that after the migration it cannot get the user name. Hope this gets you some idea. Jiri Pospisil IT Services LCH.Clearnet From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Begosh, Kevin Sent: 17 November 2008 23:11 To: arslist@ARSLIST.ORG Subject: Single Sign On (SSO) Issue ** I am having an issue with Single Sign On. I have a current environment for the mid tier, IIS, Servlet Exec where SSO works. We are looking to change from Servlet to Tomcat on our mid tier servers. In doing so it looks like SSO is not working anymore. SSO is not Supported by BMC from what I have been told so my options are limited. I was told by BMC that there should be no issue changing what we have with SSO from Servlet exec to tomcat. We are on mid tier 7.1 patch 4, windows 2003, IIS. All the configurations on the AR Server is fine because it was working before. When I load the mid tier the log in screen pops up and no visible errors appear. From logging I am getting the following issues - Trying to load configuration arsys_api.xml - Could not load optional configuration arsys_api.xml - Trying to load configuration default.xml - constructor(arcatalog) - Trying to load configuration arsys_api.xml - Could not load optional configuration arsys_api.xml - Trying to load configuration default.xml - Connects to ARServer *servername* through [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] - Api source is identified as: AP675689916919Q6UhSQhwYAAAKQAA SSO: Initialization: Version 2.05e SSO: Property values were loaded. usermethod:remoteuser usercase:lower removedomain:T headername: attname: authmethod:default authcustom: debuglogging:T - Unable to find required classes (javax.activation.DataHandler and javax.mail.internet.MimeMultipart). Attachment support is disabled. SSO ERROR: RemoteUser name is null or empty. Using default login page - Connects to ARServer *servername* through [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] SSO ERROR: RemoteUser name is null or empty. Using default login page SSO ERROR: RemoteUser name is null or empty. Using default login page it also makes reference to the custom authenticator failed, and that it is using the default one. And for the sake of the email I removed my server name under *servername*, so that part was just my servers name. Kevin Begosh, RSP Tech Ops Enterprise Business Services 301-791-3540 Phone 410-422-3623 Cell [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] __Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are html___ * This email is intended for the named recipient(s) only. Its contents are confidential and may only be retained by the named recipient(s) and may only be copied or disclosed with the consent of LCH.Clearnet Limited. If you are not an intended recipient please delete this e-mail and notify [EMAIL PROTECTED] The contents of this email are subject to contract in all cases, and LCH.Clearnet Limited makes no contractual commitment save where confirmed by hard copy. LCH.Clearnet Limited accepts no liability, including liability for negligence, in respect of any statement in this email. LCH.Clearnet Limited, Registered Office: Aldgate House, 33 Aldgate High Street, London EC3N 1EA.Recognised as a Clearing House under the Financial Services Markets Act 2000. Reg in England No.25932 Telephone: +44 20 7426 7000 Internet: http://www.lchclearnet.com * ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
Re: Single Sign On (SSO) Issue
well according to BMC the mid tier plug-in jar file I have should work for both, it is not specific to Tomcat or Servlet Exec Kevin Begosh, RSP Tech Ops Enterprise Business Services 301-791-3540 Phone 410-422-3623 Cell [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Jiri Pospisil Sent: Tuesday, November 18, 2008 4:20 AM To: arslist@ARSLIST.ORG Subject: Re: Single Sign On (SSO) Issue ** ++ Please Read The Disclaimer At The Bottom Of This Email ++ Kevin, I would look at the code in your custom authenticator jar file located on the mid tier and see how it works out the user name. It seems that after the migration it cannot get the user name. Hope this gets you some idea. Jiri Pospisil IT Services LCH.Clearnet From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Begosh, Kevin Sent: 17 November 2008 23:11 To: arslist@ARSLIST.ORG Subject: Single Sign On (SSO) Issue ** I am having an issue with Single Sign On. I have a current environment for the mid tier, IIS, Servlet Exec where SSO works. We are looking to change from Servlet to Tomcat on our mid tier servers. In doing so it looks like SSO is not working anymore. SSO is not Supported by BMC from what I have been told so my options are limited. I was told by BMC that there should be no issue changing what we have with SSO from Servlet exec to tomcat. We are on mid tier 7.1 patch 4, windows 2003, IIS. All the configurations on the AR Server is fine because it was working before. When I load the mid tier the log in screen pops up and no visible errors appear. From logging I am getting the following issues - Trying to load configuration arsys_api.xml - Could not load optional configuration arsys_api.xml - Trying to load configuration default.xml - constructor(arcatalog) - Trying to load configuration arsys_api.xml - Could not load optional configuration arsys_api.xml - Trying to load configuration default.xml - Connects to ARServer *servername* through [EMAIL PROTECTED] - Api source is identified as: AP675689916919Q6UhSQhwYAAAKQAA SSO: Initialization: Version 2.05e SSO: Property values were loaded. usermethod:remoteuser usercase:lower removedomain:T headername: attname: authmethod:default authcustom: debuglogging:T - Unable to find required classes (javax.activation.DataHandler and javax.mail.internet.MimeMultipart). Attachment support is disabled. SSO ERROR: RemoteUser name is null or empty. Using default login page - Connects to ARServer *servername* through [EMAIL PROTECTED] SSO ERROR: RemoteUser name is null or empty. Using default login page SSO ERROR: RemoteUser name is null or empty. Using default login page it also makes reference to the custom authenticator failed, and that it is using the default one. And for the sake of the email I removed my server name under *servername*, so that part was just my servers name. Kevin Begosh, RSP Tech Ops Enterprise Business Services 301-791-3540 Phone 410-422-3623 Cell [EMAIL PROTECTED] __Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are html___ * This email is intended for the named recipient(s) only. Its contents are confidential and may only be retained by the named recipient(s) and may only be copied or disclosed with the consent of LCH.Clearnet Limited. If you are not an intended recipient please delete this e-mail and notify [EMAIL PROTECTED] The contents of this email are subject to contract in all cases, and LCH.Clearnet Limited makes no contractual commitment save where confirmed by hard copy. LCH.Clearnet Limited accepts no liability, including liability for negligence, in respect of any statement in this email. LCH.Clearnet Limited, Registered Office: Aldgate House, 33 Aldgate High Street, London EC3N 1EA. Recognised as a Clearing House under the Financial Services Markets Act 2000. Reg in England No.25932 Telephone: +44 20 7426 7000 Internet: http://www.lchclearnet.com * __Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are html___ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
Re: Single Sign On (SSO) Issue
Also the reason I think this is failing is because for some reason with Tomcat it is not get the user name from IIS. I do have integrated windows authentication on. Kevin Begosh, RSP Tech Ops Enterprise Business Services 301-791-3540 Phone 410-422-3623 Cell [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Jiri Pospisil Sent: Tuesday, November 18, 2008 4:20 AM To: arslist@ARSLIST.ORG Subject: Re: Single Sign On (SSO) Issue ** ++ Please Read The Disclaimer At The Bottom Of This Email ++ Kevin, I would look at the code in your custom authenticator jar file located on the mid tier and see how it works out the user name. It seems that after the migration it cannot get the user name. Hope this gets you some idea. Jiri Pospisil IT Services LCH.Clearnet From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Begosh, Kevin Sent: 17 November 2008 23:11 To: arslist@ARSLIST.ORG Subject: Single Sign On (SSO) Issue ** I am having an issue with Single Sign On. I have a current environment for the mid tier, IIS, Servlet Exec where SSO works. We are looking to change from Servlet to Tomcat on our mid tier servers. In doing so it looks like SSO is not working anymore. SSO is not Supported by BMC from what I have been told so my options are limited. I was told by BMC that there should be no issue changing what we have with SSO from Servlet exec to tomcat. We are on mid tier 7.1 patch 4, windows 2003, IIS. All the configurations on the AR Server is fine because it was working before. When I load the mid tier the log in screen pops up and no visible errors appear. From logging I am getting the following issues - Trying to load configuration arsys_api.xml - Could not load optional configuration arsys_api.xml - Trying to load configuration default.xml - constructor(arcatalog) - Trying to load configuration arsys_api.xml - Could not load optional configuration arsys_api.xml - Trying to load configuration default.xml - Connects to ARServer *servername* through [EMAIL PROTECTED] - Api source is identified as: AP675689916919Q6UhSQhwYAAAKQAA SSO: Initialization: Version 2.05e SSO: Property values were loaded. usermethod:remoteuser usercase:lower removedomain:T headername: attname: authmethod:default authcustom: debuglogging:T - Unable to find required classes (javax.activation.DataHandler and javax.mail.internet.MimeMultipart). Attachment support is disabled. SSO ERROR: RemoteUser name is null or empty. Using default login page - Connects to ARServer *servername* through [EMAIL PROTECTED] SSO ERROR: RemoteUser name is null or empty. Using default login page SSO ERROR: RemoteUser name is null or empty. Using default login page it also makes reference to the custom authenticator failed, and that it is using the default one. And for the sake of the email I removed my server name under *servername*, so that part was just my servers name. Kevin Begosh, RSP Tech Ops Enterprise Business Services 301-791-3540 Phone 410-422-3623 Cell [EMAIL PROTECTED] __Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are html___ * This email is intended for the named recipient(s) only. Its contents are confidential and may only be retained by the named recipient(s) and may only be copied or disclosed with the consent of LCH.Clearnet Limited. If you are not an intended recipient please delete this e-mail and notify [EMAIL PROTECTED] The contents of this email are subject to contract in all cases, and LCH.Clearnet Limited makes no contractual commitment save where confirmed by hard copy. LCH.Clearnet Limited accepts no liability, including liability for negligence, in respect of any statement in this email. LCH.Clearnet Limited, Registered Office: Aldgate House, 33 Aldgate High Street, London EC3N 1EA. Recognised as a Clearing House under the Financial Services Markets Act 2000. Reg in England No.25932 Telephone: +44 20 7426 7000 Internet: http://www.lchclearnet.com * __Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are html___ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
Re: Single Sign On (SSO) Issue
Hi Kevin, I am facing the exact same problem with my SSO integration. Let me know in case you make any progress in that case and I will let you know in case I have any updates. Thanks Siva ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
Re: Single Sign On (SSO) Issue
okay sounds good. That is with Tomcat? Kevin Begosh, RSP Tech Ops Enterprise Business Services 301-791-3540 Phone 410-422-3623 Cell [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of sivarama velicheti Sent: Tuesday, November 18, 2008 12:07 PM To: arslist@ARSLIST.ORG Subject: Re: Single Sign On (SSO) Issue ** Hi Kevin, I am facing the exact same problem with my SSO integration. Let me know in case you make any progress in that case and I will let you know in case I have any updates. Thanks Siva __Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are html___ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
Re: Single Sign On (SSO) Issue
Yep IIS Tomcat. Thanks Siva ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
Re: Single Sign On
Have you searched BMC developer network? -Original Message- From: sivarama velicheti [EMAIL PROTECTED] To: arslist@ARSLIST.ORG Sent: Tue, 22 Jul 2008 7:51 pm Subject: Single Sign On ** Hi Guys, ?? I am trying to implement single sign for my current remedy system. Can anyone please guide me as to how to implement that. Any documents that you can forward me to would be good as well. I am having the following setup running. ?OS: Windows 2003 R2 ?Database: MS SQL Server 2005 (Remote) ?AR Server 7.1.00 ?Mid-Tier 7.1.00 hosted on IIS 6 and Tomcat 5.5 servlet engine. Would it require customization to implement single sign on or just making configuration changes, I have no idea whatsoever please guide me. ?Thanks -- Sivarama Velicheti __Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are html___ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
Re: Single Sign On
Roger's suggestion is a good one. After logging in, type SSO into the Search BMC DN field. The first forum hit is a thread on SSO for AR System. You may also wish to use the archive search for ARSList in places where it is available: http://listserv.rbugs.com/cgi-bin/wa.exe?S1=arslistX=- http://www.nabble.com/ARS-(Action-Request-System)-f716.html -David J. Easter Sr. Product Manager, Solution Strategy and Development BMC Software, Inc. The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Roger Justice Sent: Tuesday, July 22, 2008 5:01 PM To: arslist@ARSLIST.ORG Subject: Re: Single Sign On ** Have you searched BMC developer network? -Original Message- From: sivarama velicheti [EMAIL PROTECTED] To: arslist@ARSLIST.ORG Sent: Tue, 22 Jul 2008 7:51 pm Subject: Single Sign On ** Hi Guys, I am trying to implement single sign for my current remedy system. Can anyone please guide me as to how to implement that. Any documents that you can forward me to would be good as well. I am having the following setup running. OS: Windows 2003 R2 Database: MS SQL Server 2005 (Remote) AR Server 7.1.00 Mid-Tier 7.1.00 hosted on IIS 6 and Tomcat 5.5 servlet engine. Would it require customization to implement single sign on or just making configuration changes, I have no idea whatsoever please guide me 's Thanks -- Sivarama Velicheti __Platinum Sponsor: www.rmsportal.com http://www.rmsportal.com/ ARSlist: Where the Answers Are html___ The Famous, the Infamous, the Lame - in your browser. Get the TMZ Toolbar Now http://toolbar.aol.com/tmz/download.html?NCID=aolcmp000514 ! __Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are html___ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
Re: Single Sign On
Hi Sivarama, I would like to suggest integrating the BMC Remedy Mid Tier and BMC Remedy AR System server with the Single Sign On. I have done integration with the Oracle Application Server (OracleAS) Single Sign-On (SSO). Even you can do with BMC Web Access Manager (WAM) Single Sign-On (SSO). To integrate the BMC Remedy Mid Tier and BMC Remedy AR System server with your SSO solution, you must be familiar with all components and know how to Configure them. This includes: * LDAP directory server * Web server * Web application server (servlet container) * SSO solution * AR System server and mid tier After that follow below steps:-- This is for OracleAS Integration.. 1. The OracleAS is installed, configured, and running correctly on a platform BMC supports for BMC Remedy Mid Tier. 2. The Oracle Internet Directory server is installed, configured, and running correctly. 3. The OracleAS SSO is installed, configured, and running correctly. 4. The BMC Remedy Mid Tier is installed, configured, and running correctly on the OracleAS. 5. Add the BMC Remedy Mid Tier to Oracle SSO as an external application as described in the Oracle Application Server Single Sign-On Administrator's Guide. 6. In web app install dir/WEB-INF/classes, edit config.properties. a. Replace: arsystem.authenticator=com.remedy.arsys.session.DefaultAuthenticator with:arsystem.authenticator=com.remedy.arsys.sso.OracleAuthenticator (for OracleAS SSO) b. If required, replace the value of the arsystem.authenticator.sso.enckey entry with the encrypted key you created in step 1. For example: arsystem.authenticator.sso.enckey=105269288E76C311410B6595D6E52791 7. Stop and restart the servlet container running the BMC Remedy Mid Tier. Configuring the SSO LDAP Plug-In 1. Copy the ssoldap.dll or ssoldap.so AREA plug-in file to the AR System server install directory. 2. Edit AR System configuration file (ar.conf or ar.cfg), and add Plugin: ssoldap.dll (for Windows) or Plugin: ssoldap.so (for UNIX) or, if you are using the AREA hub, add AREA-Hub-Plugin: ssoldap.dll (for Windows) or AREA-Hub-Plugin: ssoldap.so (for UNIX) 3. Using the Remedy Administrator a. Import ssoldap.def. b. Make sure you have set up the mapping of LDAP groups to AR System groups on the External Authentication tab of the Server Information dialog box. 4. Stop and restart the AR System server so that the plug-in server loads the plug-ins. 5. Using BMC Remedy User or the mid tier, log in to the AR System server as a user in the Administrator group, open the SSO LDAP Configuration form, and complete it as follows: Encryption Key: arsystem (or the cleartext key you chose when you created the encrypted key value for arsystem.authenticator.sso.enckey) SSO Vendor: (Select your SSO solution.) Group Membership: None Roles List: (Name the LDAP attribute that lists the user roles. For example, the roledn attribute contains role definitions for some LDAP systems. Add any default roles in the Default Value field.) other fields: (Same as those for the AREA LDAP Configuration form. See the section on Configuring the AREA LDAP plug-in in the Integrating with Plug-ins and Third-Party Products guide.) 6. Stop and restart the BMC Remedy AR System server. Hope this helps... Regards, Sandeep Vyom Labs Pvt. Ltd. An ISO 2 certified company. Consulting | Outsourcing | Training || BMC Remedy BSM | ITIL Web : www.vyomlabs.com _ From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of sivarama velicheti Sent: Wednesday, July 23, 2008 5:21 AM To: arslist@ARSLIST.ORG Subject: Single Sign On ** Hi Guys, I am trying to implement single sign for my current remedy system. Can anyone please guide me as to how to implement that. Any documents that you can forward me to would be good as well. I am having the following setup running. OS: Windows 2003 R2 Database: MS SQL Server 2005 (Remote) AR Server 7.1.00 Mid-Tier 7.1.00 hosted on IIS 6 and Tomcat 5.5 servlet engine. Would it require customization to implement single sign on or just making configuration changes, I have no idea whatsoever please guide me. Thanks -- Sivarama Velicheti __Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are html___ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
Re: Single Sign On and Mid-Tier
If you already Trust your Client.. because it is Force to be on the domain and that is fine.. then what you can do instead is to use an ldap authentication.. that has an escalation that imports all AD customers into Remedy Userform.. at the same time embed a Special password into the userform with it.. (you might want to exclude your licensed customers) and then make the JSP - as autologin, with a ldap verify, and the embedded Remedy password. This is one solution I have seen and tested .. and works.. just not very .. Huhummm.. Kosher.. On 10/10/06, Keats Kirsch [EMAIL PROTECTED] wrote: If your client doesn't already have a Web SSO solution in place then they would need to set up one first. There are free and commercial products available, but it is a non-trivial exercise. Once you have that, you need to configure the mid-tier to forward the SSO credentials (in 6.x you use a custom Java authenticator class for this.) and develop a custom AREA plug-in for Remedy to validate them. We have done this using CA's SiteMinder Web SSO. Modifying the sample C++ application was fairly straightforward. Hope this helps. Keats Jason Tuomy wrote: I'm looking to implement a Single Sign On via mid-tier. I searched the archives but couldn't find any details. My customer is wanting to be able to point a user to the mid-tier and get them past the authentication without requiring the user to login. This would mean to somehow get their login and password credentials from their windows environment or something and pass it to the mid-tier and set the user directly to where they need to be. I found that there are plenty of SSO software out there that will get some form of this data and put it into some kind of HTTP token that I could then retrieve (via White Paper) and pass to mid-tier. I was wondering if I have to have SSO software or is there some way to do this without purchasing software. Again, my customer doesn't want to have the user do a login/password process to get to mid-tier. So, using LDAP doesn't seem to be the right process. Unless I can retrive the password and store it locally. Any help would be greatly appreciated. Thanks. Jason Tuomy ___ UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org ___ UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org -- Patrick Zandi ___ UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org
Re: Single Sign On and Mid-Tier
Axton, We have IIS currently doing a SSO with a custom web application. Reading Remedy's white paper on building the bridge via java and c++, it didn't look like it was going to be an easy process to build the code to get the credentials from IIS. If you have any examples or links to follow up on this, I would really appreciate it. Thanks to everyone who wrote back. Jason On Tue, 10 Oct 2006 21:28:21 -0400, Axton [EMAIL PROTECTED] wrote: It all depends on your level of trust for the method of authentication. If you trust that IIS can properly retrieve the user's information, then you can write an SSO solution for that environment, granted all your target users are in an M$ domain and run an M$ OS. If this is not the case, you will need to find an alternative. PKI/Smartcards have been discussed extensively, though I'm not sure if a solution has been developed (maybe someone in that arena could share what type of infrastructure/software they use for that type of authentication, then again, maybe not). From my observations, SSO solutions typically have a server component that resides on the web server. Certain areas of the web server can then be marked as protected, where authentication is required for users to access that portion of the site. The SSO session is established the first time a user authenticates to an SSO protected site and those credentials persist for all/any access across other sites that are protected using the same server side SSO software. The session persistence is accomplished by storing some session information on the SSO policy server, and that is cross-referenced/autheticated using a client-side cookie. For some free (some maybe not so free) alternatives: http://www.josso.org/ http://www3.ca.com/solutions/Product.aspx?ID=166 https://opensso.dev.java.net/ Axton Grams On 9/25/06, Jason Tuomy [EMAIL PROTECTED] wrote: I'm looking to implement a Single Sign On via mid-tier. I searched the archives but couldn't find any details. My customer is wanting to be able to point a user to the mid-tier and get them past the authentication without requiring the user to login. This would mean to somehow get their login and password credentials from their windows environment or something and pass it to the mid-tier and set the user directly to where they need to be. I found that there are plenty of SSO software out there that will get some form of this data and put it into some kind of HTTP token that I could then retrieve (via White Paper) and pass to mid-tier. I was wondering if I have to have SSO software or is there some way to do this without purchasing software. Again, my customer doesn't want to have the user do a login/password process to get to mid-tier. So, using LDAP doesn't seem to be the right process. Unless I can retrive the password and store it locally. Any help would be greatly appreciated. Thanks. Jason Tuomy ___ UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org __ _ UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org = ___ UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org
Re: Single Sign On and Mid-Tier
If your client doesn't already have a Web SSO solution in place then they would need to set up one first. There are free and commercial products available, but it is a non-trivial exercise. Once you have that, you need to configure the mid-tier to forward the SSO credentials (in 6.x you use a custom Java authenticator class for this.) and develop a custom AREA plug-in for Remedy to validate them. We have done this using CA's SiteMinder Web SSO. Modifying the sample C++ application was fairly straightforward. Hope this helps. Keats Jason Tuomy wrote: I'm looking to implement a Single Sign On via mid-tier. I searched the archives but couldn't find any details. My customer is wanting to be able to point a user to the mid-tier and get them past the authentication without requiring the user to login. This would mean to somehow get their login and password credentials from their windows environment or something and pass it to the mid-tier and set the user directly to where they need to be. I found that there are plenty of SSO software out there that will get some form of this data and put it into some kind of HTTP token that I could then retrieve (via White Paper) and pass to mid-tier. I was wondering if I have to have SSO software or is there some way to do this without purchasing software. Again, my customer doesn't want to have the user do a login/password process to get to mid-tier. So, using LDAP doesn't seem to be the right process. Unless I can retrive the password and store it locally. Any help would be greatly appreciated. Thanks. Jason Tuomy ___ UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org ___ UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org
Re: Single Sign On and Mid-Tier
It all depends on your level of trust for the method of authentication. If you trust that IIS can properly retrieve the user's information, then you can write an SSO solution for that environment, granted all your target users are in an M$ domain and run an M$ OS. If this is not the case, you will need to find an alternative. PKI/Smartcards have been discussed extensively, though I'm not sure if a solution has been developed (maybe someone in that arena could share what type of infrastructure/software they use for that type of authentication, then again, maybe not). From my observations, SSO solutions typically have a server component that resides on the web server. Certain areas of the web server can then be marked as protected, where authentication is required for users to access that portion of the site. The SSO session is established the first time a user authenticates to an SSO protected site and those credentials persist for all/any access across other sites that are protected using the same server side SSO software. The session persistence is accomplished by storing some session information on the SSO policy server, and that is cross-referenced/autheticated using a client-side cookie. For some free (some maybe not so free) alternatives: http://www.josso.org/ http://www3.ca.com/solutions/Product.aspx?ID=166 https://opensso.dev.java.net/ Axton Grams On 9/25/06, Jason Tuomy [EMAIL PROTECTED] wrote: I'm looking to implement a Single Sign On via mid-tier. I searched the archives but couldn't find any details. My customer is wanting to be able to point a user to the mid-tier and get them past the authentication without requiring the user to login. This would mean to somehow get their login and password credentials from their windows environment or something and pass it to the mid-tier and set the user directly to where they need to be. I found that there are plenty of SSO software out there that will get some form of this data and put it into some kind of HTTP token that I could then retrieve (via White Paper) and pass to mid-tier. I was wondering if I have to have SSO software or is there some way to do this without purchasing software. Again, my customer doesn't want to have the user do a login/password process to get to mid-tier. So, using LDAP doesn't seem to be the right process. Unless I can retrive the password and store it locally. Any help would be greatly appreciated. Thanks. Jason Tuomy ___ UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org ___ UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org
Re: Single Sign on
Prasad, so you want single signon only for Mid-Tier or also for Remedy server ? If you enable external authentication on Remedy server, you can use the user's Windows network password and/or LDAP/Active Directory. I have only done LDAP so far. It works both on the Remedy server as well as Mid-Tier. Rgds, Chris ___ UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org
Re: Single Sign on
Title: RE: Remedy License Reseller ** Prasad, Here is one way that might work (I have not tried this). Note: This method is not the most secure because it involves storing a clear text copy of the users' passwords in another field on the User form. Create a character field on the User form to hold a copy of a user's password. In your workflow you use to allow users to change their passwords Push the new password to both the Password field and the character field. Create a web application that, when run: - Grabs the NT user name of the user logged into Windows - Retrieves the clear text password from your DBMS from the User_x SQL View. You could use the Remedy API but if you use Windows Authentication (with SQL Server, for example) you would be able to retrieve the user's password from a simple SELECT statement without having to store the Demo password (for example) in the web application or a config file. - Redirect the user to the Remedy form with the username and password in the URL. Since the user is already logged into Windows seeing their Remedy password wouldn't matter. Note: there might be a way to redirect the user to the Remedy URL without displaying it in the browser address bar. Maybe someone else can offer a solution to this part. Variation: You couldencrypt the clear text password in the User form with an algorithm and password that only you know. This would help ensure thatno-one else would be able to figure out what someone's password was if the happen to view the User form (ie. when you step away from your computer). Variation: Update the existing login.jsp web page to retrieve the user's password directly. Then no redirection would be needed. HTH Stephen From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Nunna, PrasadSent: Wednesday, August 23, 2006 2:04 PMTo: arslist@ARSLIST.ORGSubject: Single Sign on ** Hi , We would like to implement single sign on with remedy midtier. When windows users click the login page( mid tier), I will detect who(NT id)is connected on that PC. But I need to authenticate against remedy server. IS there any way I can get the password and authenticate or is there any procedure that I can skip the remedy authentication? Pleasegive me details ifyou know any info on this topic. I appreciate your suggestions. Thanks, Prasad__20060125___This posting was submitted with HTML in it___ __20060125___This posting was submitted with HTML in it___