Re: SAML Integration
Sorry for the late reply on this, not sure how I didn't see it before now. I implemented SAML SSO here at Sony in a against a global authentication system. 1. Remedy OnDemand SaaS (hosted in Phoenix CapGemini) 2. VPN tunnel to our data center at a remote location 3. Appropriate holes punched to our corporate center in another location as they are the keeper of the domains. Our folks have to be on the Sony network (VPN or local) to be authenticated and I asked Remedy OnDemand to filter all non-Sony web traffic out as well to prevent folks from attempting public brute-force or similar probes. If I can be of further help, hit my work email, not reply on ARS List. raymond.gellenb...@am.sony.com ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
SAML Integration
Does anyone know if it's possible to do a SAML integration with ARS/ITSM? We use LDAP for internal customers but trying to find a way to give external customers a single sign on with several of our systems. I am doing my research and hoped someone else has already tried this. Thank you! ~~~ Terri ARS 7.6.03 ITSM 7.6.03 Midtier 7.6.04 Windows 2008 MS SQL 2008 R2 SP2 ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
Re: SAML Integration
Terri, I haven't done the actual integration but I know that's what Remedy on Demand uses to authenticate via Atrium SSO Sent from my iPhone On Aug 5, 2014, at 9:57 AM, Terri Lockwood teresa.lockw...@sungard.com wrote: ** Does anyone know if it’s possible to do a SAML integration with ARS/ITSM? We use LDAP for internal customers but trying to find a way to give external customers a single sign on with several of our systems. I am doing my research and hoped someone else has already tried this. Thank you! ~~~ Terri ARS 7.6.03 ITSM 7.6.03 Midtier 7.6.04 Windows 2008 MS SQL 2008 R2 SP2 _ARSlist: Where the Answers Are and have been for 20 years_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
Re: SAML Integration
We used JSS-SSO for single sign via Kerberos and it is working vey well. I believe the product offers SAML integration as well as several other possibilities. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
Re: SAML Integration
We use the same product and it has been flawless. The problem is that BMC has a different concept of SSO than the rest of the world IMHO. I do believe the 8.0 or 8.1 version does provide SAML support, but the implementation of BMC SSO is not straight forward. Jim Coryat x34655 -Original Message- From: Frank Caruso [mailto:caruso.fr...@gmail.com] Sent: Tuesday, August 05, 2014 9:14 AM Subject: Re: SAML Integration We used JSS-SSO for single sign via Kerberos and it is working vey well. I believe the product offers SAML integration as well as several other possibilities. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
Remedy - SAML Integration
Hello, SAML is one of those 'standards' that isn't entirely followed by each vendor. We've integrated SSO Plugin with a few different types of SAML Identity Provider, ie ADFSv2, Ping Federate, Symphony Identity Manager, and a Juniper device. Each one has required some level of engineering effort. For example, some IDPs only support a single 'target' URL (ie http://host/arsys/home) through a single service provider configuration, hence one has problems when you may want to support another entry point (ie http://host/arsys/forms/*). Others require slightly oddly formed HTTP requests, which OpenSSO (probably) isn't going to support out of the box. SAML is also a very high level description of the problem: different SAML profiles exist (POST/Redirect/Artifact) and different ways to deploy the profiles, ie SP - POST - IDP - Artifact - SP, or SP - Artifact - IDP - Artifact - SP. (Have a read of the SAML2 Wiki page.) While AtriumSSO/OpenSSO8 has supported SAML for years, it doesn't mean it'll actually work or BMC can deploy/support it. OpenSSO aspired to be the we support everything solution and the world moved on. Ping Identity are the current cool kids on the block with respect to a SAML IDP/SP (the Ping Federate product). I've used it a few times and while it really does seem to have a feature for everything, it can be a little complicated. When someone asks JSS if we support SAML IDP X, unless we've done it before, we do our homework to ensure it'll work. I would expect any other vendor to do exactly the same. And when you've deployed your SAML solution, what happens when users don't exist in ITSM? It's another one of those issues people tend to forget when deploying an SSO solution. Authenticating a user who doesn't exist in ITSM is of no use to anyone. On the subject of BMC AREA LDAP: One has to be careful with respect to multiple un-trusted third parties because sending usernames and passwords for company X to company Y is considered less than secure. It is however perfectly adequate in a single organisation. John ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: Where the Answers Are
Re: Remedy - SAML Integration
SAML over Atrium SSO is supported on 7.6.04 as well. You need to install Atrium SSO on your Mid Tier and then configure SAML based authentication over it. Regards, Aditya On Sat, Oct 27, 2012 at 6:34 AM, Brian Pancia panc...@finityit.com wrote: ** For authentication you have a few options: - Internal Remedy/ARS authentication - Simple LDAP integration using ARDBC LDAP - AREA Plugin, which could be designed to integrate Remedy and SAML - Atrium SSO, which as David said will integrate in 8.0 - Another 3rd party app, such as what java solutions has LDAP is by far the easiest authentication integration. I haven't played with Atrium SSO 8.0 yet, but 7.6.04 was fairly easy to integrate with external authentication sources. There were issues with 7,6,04 and the add on BMC encryption packages, so if you are using added layers of encryption this will add some challenges. Brian On Fri, Oct 26, 2012 at 2:28 PM, Prakash Kodali kprakash...@gmail.comwrote: ** Helloo Listers, My company wants to integrate the Remedy system with the company portal. So, I want to know the details, how to integrate the Remedy with SAML. I would appreciate, anybody has any idea about this. It would be great if any body share the Remedy-SAML integration document OR at least point me in the right direction. we are using ARS Server 7.6 Happy Friday. Prakash. _attend WWRUG12 www.wwrug.com ARSlist: Where the Answers Are_ _attend WWRUG12 www.wwrug.com ARSlist: Where the Answers Are_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: Where the Answers Are
Remedy - SAML Integration
Helloo Listers, My company wants to integrate the Remedy system with the company portal. So, I want to know the details, how to integrate the Remedy with SAML. I would appreciate, anybody has any idea about this. It would be great if any body share the Remedy-SAML integration document OR at least point me in the right direction. we are using ARS Server 7.6 Happy Friday. Prakash. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: Where the Answers Are
Re: Remedy - SAML Integration
Helloo Friends, Anybody is having any idea? Please let me know, if anybody having any questions/clarifications. Thanks, Prakash. On Friday, October 26, 2012 12:28:10 PM UTC-6, Prakash Kodali wrote: ** Helloo Listers, My company wants to integrate the Remedy system with the company portal. So, I want to know the details, how to integrate the Remedy with SAML. I would appreciate, anybody has any idea about this. It would be great if any body share the Remedy-SAML integration document OR at least point me in the right direction. we are using ARS Server 7.6 Happy Friday. Prakash. _attend WWRUG12 www.wwrug.com ARSlist: Where the Answers Are_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: Where the Answers Are
Re: Remedy - SAML Integration
I'm an idiot. Can you clarify on what SAML is? As far as integrations go, Remedy has various methods. Are you looking for a vendor integration? Sent from my iPhone On Oct 26, 2012, at 5:25 PM, Prakash Kodali kprakash...@gmail.com wrote: ** Helloo Friends, Anybody is having any idea? Please let me know, if anybody having any questions/clarifications. Thanks, Prakash. On Friday, October 26, 2012 12:28:10 PM UTC-6, Prakash Kodali wrote: ** Helloo Listers, My company wants to integrate the Remedy system with the company portal. So, I want to know the details, how to integrate the Remedy with SAML. I would appreciate, anybody has any idea about this. It would be great if any body share the Remedy-SAML integration document OR at least point me in the right direction. we are using ARS Server 7.6 Happy Friday. Prakash. _attend WWRUG12 www.wwrug.com ARSlist: Where the Answers Are_ _attend WWRUG12 www.wwrug.com ARSlist: Where the Answers Are_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: Where the Answers Are
Re: Remedy - SAML Integration
It involves a custom plugin at the midtier level. Column Technologies helped us implement it here, and I know the guys at Java Systems Solutions have an offering. You can find out info on both via the below URLs. Nate. www.columnit.comhttp://www.columnit.com www.javasystemsolutions.comhttp://www.javasystemsolutions.com Nathan Aker ITSM Solution Architect McAfee, Inc. From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Prakash Kodali Sent: Friday, October 26, 2012 4:25 PM To: arslist@ARSLIST.ORG Subject: Re: Remedy - SAML Integration ** Helloo Friends, Anybody is having any idea? Please let me know, if anybody having any questions/clarifications. Thanks, Prakash. On Friday, October 26, 2012 12:28:10 PM UTC-6, Prakash Kodali wrote: ** Helloo Listers, My company wants to integrate the Remedy system with the company portal. So, I want to know the details, how to integrate the Remedy with SAML. I would appreciate, anybody has any idea about this. It would be great if any body share the Remedy-SAML integration document OR at least point me in the right direction. we are using ARS Server 7.6 Happy Friday. Prakash. _attend WWRUG12 www.wwrug.comhttp://www.wwrug.com ARSlist: Where the Answers Are_ _attend WWRUG12 www.wwrug.comhttp://www.wwrug.com ARSlist: Where the Answers Are_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: Where the Answers Are
Re: Remedy - SAML Integration
If you’re referring to Single Sign-On authentication, Atrium SSO also supports SAML in version 8.0.00: https://docs.bmc.com/docs/display/public/sso80/Using+SAMLv2+for+authentication -David J. Easter Manager of Product Management, AR System BSM Atrium Solutions Management BMC Software, Inc. The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Nathan Aker Sent: Friday, October 26, 2012 2:32 PM To: arslist@ARSLIST.ORG Subject: Re: Remedy - SAML Integration ** It involves a custom plugin at the midtier level. Column Technologies helped us implement it here, and I know the guys at Java Systems Solutions have an offering. You can find out info on both via the below URLs. Nate. www.columnit.comhttp://www.columnit.com www.javasystemsolutions.comhttp://www.javasystemsolutions.com Nathan Aker ITSM Solution Architect McAfee, Inc. From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Prakash Kodali Sent: Friday, October 26, 2012 4:25 PM To: arslist@ARSLIST.ORG Subject: Re: Remedy - SAML Integration ** Helloo Friends, Anybody is having any idea? Please let me know, if anybody having any questions/clarifications. Thanks, Prakash. On Friday, October 26, 2012 12:28:10 PM UTC-6, Prakash Kodali wrote: ** Helloo Listers, My company wants to integrate the Remedy system with the company portal. So, I want to know the details, how to integrate the Remedy with SAML. I would appreciate, anybody has any idea about this. It would be great if any body share the Remedy-SAML integration document OR at least point me in the right direction. we are using ARS Server 7.6 Happy Friday. Prakash. _attend WWRUG12 www.wwrug.comhttp://www.wwrug.com ARSlist: Where the Answers Are_ _attend WWRUG12 www.wwrug.comhttp://www.wwrug.com ARSlist: Where the Answers Are_ _attend WWRUG12 www.wwrug.com ARSlist: Where the Answers Are_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: Where the Answers Are
Re: Remedy - SAML Integration
For authentication you have a few options: - Internal Remedy/ARS authentication - Simple LDAP integration using ARDBC LDAP - AREA Plugin, which could be designed to integrate Remedy and SAML - Atrium SSO, which as David said will integrate in 8.0 - Another 3rd party app, such as what java solutions has LDAP is by far the easiest authentication integration. I haven't played with Atrium SSO 8.0 yet, but 7.6.04 was fairly easy to integrate with external authentication sources. There were issues with 7,6,04 and the add on BMC encryption packages, so if you are using added layers of encryption this will add some challenges. Brian On Fri, Oct 26, 2012 at 2:28 PM, Prakash Kodali kprakash...@gmail.comwrote: ** Helloo Listers, My company wants to integrate the Remedy system with the company portal. So, I want to know the details, how to integrate the Remedy with SAML. I would appreciate, anybody has any idea about this. It would be great if any body share the Remedy-SAML integration document OR at least point me in the right direction. we are using ARS Server 7.6 Happy Friday. Prakash. _attend WWRUG12 www.wwrug.com ARSlist: Where the Answers Are_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: Where the Answers Are