Re: Single Sign On (SSO) with CAS
Excellent thanks! -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Alex Agle Sent: Thursday, May 28, 2015 10:37 PM To: arslist@ARSLIST.ORG Subject: Re: Single Sign On (SSO) with CAS I went ahead and wrote a 10 page guide on implementing SSO with CAS. I hope it is helpful. If anyone has any corrections, please feel free to send them my way. Thanks, Alex On Tue, May 26, 2015 at 04:20:18PM -0600, LJ LongWing wrote: Alex, Anybody that is willing to provide help to the community is appreciatedso, while I don't currently have any use for that information, I never quite know where I'm going to be next month/year, and I might find the information useful, so, if you don't mind, please, post :) On Tue, May 26, 2015 at 4:16 PM, Alex Agle alex.a...@oit.gatech.edu wrote: Hi everyone, I haven't posted in years, because I was spending most of my time working with a different BMC product. Now I'm circling back to the BMC Remedy Action Request System. We're on 6.3 (on Solaris), moving to 8.1.2p1 on Linux next month. I documented the upgrade of our test environment. It didn't go the most smoothly, and I couldn't have completed it without BMC Support's help. We had to manually update some of the table structures. Perhaps this is because we totally skipped 7.0, 7.1, 7.5, 7.6, and 8.0. We also had a duplicate index on one table, according to the data dictionary, so we had to delete it. In any case, my last technical challenge was to get single sign on working. I never tried to get it working before, and I thought it would be a bonus if I could get it working as part of this upgrade. I did a lot of google searching, and I saw a few other posts where other people were trying to accomplish what I wanted to do. Either nobody responded, or some people gave some general pointers, or javasystemsolutions.com chimed in to tout their product. In any case, after a long 14 hour day, I finally got it working. We have the following environment: Linux RHEL 6.6 / Apache 2.2 / Tomcat 7.0 / mod_ssl / mod_auth_cas 1.0.9 / areasso 7.0 If there is any interest, I will write up a guide on how to implement SSO with CAS and share it with the list. Thanks, Alex -- O--O--O-O | Alex Agle \/ Lead Application Developer | O---/\ Georgia Institute of Technology | |(404)894-6165 //\\ EIS - Applications Support | | Atlanta, GA //\/\\ alex.agle(@)oit.gatech.edu| OO-\/\/-O---O ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years __ _ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years -- O--O--O-O | Alex Agle \/ Lead Application Developer | O---/\ Georgia Institute of Technology | |(404)894-6165 //\\ EIS - Applications Support | | Atlanta, GA //\/\\ alex.agle(@)oit.gatech.edu| OO-\/\/-O---O ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
Re: Single Sign On (SSO) with CAS
Very nice! Thanks, rp On 5/28/2015 1:36 PM, Alex Agle wrote: I went ahead and wrote a 10 page guide on implementing SSO with CAS. I hope it is helpful. If anyone has any corrections, please feel free to send them my way. Thanks, Alex On Tue, May 26, 2015 at 04:20:18PM -0600, LJ LongWing wrote: Alex, Anybody that is willing to provide help to the community is appreciatedso, while I don't currently have any use for that information, I never quite know where I'm going to be next month/year, and I might find the information useful, so, if you don't mind, please, post :) On Tue, May 26, 2015 at 4:16 PM, Alex Agle alex.a...@oit.gatech.edu wrote: Hi everyone, I haven't posted in years, because I was spending most of my time working with a different BMC product. Now I'm circling back to the BMC Remedy Action Request System. We're on 6.3 (on Solaris), moving to 8.1.2p1 on Linux next month. I documented the upgrade of our test environment. It didn't go the most smoothly, and I couldn't have completed it without BMC Support's help. We had to manually update some of the table structures. Perhaps this is because we totally skipped 7.0, 7.1, 7.5, 7.6, and 8.0. We also had a duplicate index on one table, according to the data dictionary, so we had to delete it. In any case, my last technical challenge was to get single sign on working. I never tried to get it working before, and I thought it would be a bonus if I could get it working as part of this upgrade. I did a lot of google searching, and I saw a few other posts where other people were trying to accomplish what I wanted to do. Either nobody responded, or some people gave some general pointers, or javasystemsolutions.com chimed in to tout their product. In any case, after a long 14 hour day, I finally got it working. We have the following environment: Linux RHEL 6.6 / Apache 2.2 / Tomcat 7.0 / mod_ssl / mod_auth_cas 1.0.9 / areasso 7.0 If there is any interest, I will write up a guide on how to implement SSO with CAS and share it with the list. Thanks, Alex -- O--O--O-O | Alex Agle \/ Lead Application Developer | O---/\ Georgia Institute of Technology | |(404)894-6165 //\\ EIS - Applications Support | | Atlanta, GA //\/\\ alex.agle(@)oit.gatech.edu| OO-\/\/-O---O ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
Re: Single Sign On (SSO) with CAS
Hi, Yes please do post the info. I’ve implemented the SSO with CAS and have the same environment you described except instead of Linux we still have an old “SunOS Generic_147440-09 sun4v sparc sun4v” We shall move to Linux in a couple of months. So your info could be very much appreciated. Best From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of LJ LongWing Sent: Wednesday, May 27, 2015 12:20 AM To: arslist@ARSLIST.ORG Subject: Re: Single Sign On (SSO) with CAS ** Alex, Anybody that is willing to provide help to the community is appreciatedso, while I don't currently have any use for that information, I never quite know where I'm going to be next month/year, and I might find the information useful, so, if you don't mind, please, post :) On Tue, May 26, 2015 at 4:16 PM, Alex Agle alex.a...@oit.gatech.edumailto:alex.a...@oit.gatech.edu wrote: Hi everyone, I haven't posted in years, because I was spending most of my time working with a different BMC product. Now I'm circling back to the BMC Remedy Action Request System. We're on 6.3 (on Solaris), moving to 8.1.2p1 on Linux next month. I documented the upgrade of our test environment. It didn't go the most smoothly, and I couldn't have completed it without BMC Support's help. We had to manually update some of the table structures. Perhaps this is because we totally skipped 7.0, 7.1, 7.5, 7.6, and 8.0. We also had a duplicate index on one table, according to the data dictionary, so we had to delete it. In any case, my last technical challenge was to get single sign on working. I never tried to get it working before, and I thought it would be a bonus if I could get it working as part of this upgrade. I did a lot of google searching, and I saw a few other posts where other people were trying to accomplish what I wanted to do. Either nobody responded, or some people gave some general pointers, or javasystemsolutions.comhttp://javasystemsolutions.com chimed in to tout their product. In any case, after a long 14 hour day, I finally got it working. We have the following environment: Linux RHEL 6.6 / Apache 2.2 / Tomcat 7.0 / mod_ssl / mod_auth_cas 1.0.9 / areasso 7.0 If there is any interest, I will write up a guide on how to implement SSO with CAS and share it with the list. Thanks, Alex -- O--O--O-O | Alex Agle \/ Lead Application Developer | O---/\ Georgia Institute of Technology | |(404)894-6165tel:%28404%29894-6165 //\\ EIS - Applications Support | | Atlanta, GA //\/\\ alex.agle(@)oit.gatech.eduhttp://oit.gatech.edu| OO-\/\/-O---O ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.orghttp://www.arslist.org Where the Answers Are, and have been for 20 years _ARSlist: Where the Answers Are and have been for 20 years_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
Single Sign On (SSO) with CAS
Hi everyone, I haven't posted in years, because I was spending most of my time working with a different BMC product. Now I'm circling back to the BMC Remedy Action Request System. We're on 6.3 (on Solaris), moving to 8.1.2p1 on Linux next month. I documented the upgrade of our test environment. It didn't go the most smoothly, and I couldn't have completed it without BMC Support's help. We had to manually update some of the table structures. Perhaps this is because we totally skipped 7.0, 7.1, 7.5, 7.6, and 8.0. We also had a duplicate index on one table, according to the data dictionary, so we had to delete it. In any case, my last technical challenge was to get single sign on working. I never tried to get it working before, and I thought it would be a bonus if I could get it working as part of this upgrade. I did a lot of google searching, and I saw a few other posts where other people were trying to accomplish what I wanted to do. Either nobody responded, or some people gave some general pointers, or javasystemsolutions.com chimed in to tout their product. In any case, after a long 14 hour day, I finally got it working. We have the following environment: Linux RHEL 6.6 / Apache 2.2 / Tomcat 7.0 / mod_ssl / mod_auth_cas 1.0.9 / areasso 7.0 If there is any interest, I will write up a guide on how to implement SSO with CAS and share it with the list. Thanks, Alex -- O--O--O-O | Alex Agle \/ Lead Application Developer | O---/\ Georgia Institute of Technology | |(404)894-6165 //\\ EIS - Applications Support | | Atlanta, GA //\/\\ alex.agle(@)oit.gatech.edu| OO-\/\/-O---O ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
Re: Single Sign On (SSO) with CAS
Alex, Anybody that is willing to provide help to the community is appreciatedso, while I don't currently have any use for that information, I never quite know where I'm going to be next month/year, and I might find the information useful, so, if you don't mind, please, post :) On Tue, May 26, 2015 at 4:16 PM, Alex Agle alex.a...@oit.gatech.edu wrote: Hi everyone, I haven't posted in years, because I was spending most of my time working with a different BMC product. Now I'm circling back to the BMC Remedy Action Request System. We're on 6.3 (on Solaris), moving to 8.1.2p1 on Linux next month. I documented the upgrade of our test environment. It didn't go the most smoothly, and I couldn't have completed it without BMC Support's help. We had to manually update some of the table structures. Perhaps this is because we totally skipped 7.0, 7.1, 7.5, 7.6, and 8.0. We also had a duplicate index on one table, according to the data dictionary, so we had to delete it. In any case, my last technical challenge was to get single sign on working. I never tried to get it working before, and I thought it would be a bonus if I could get it working as part of this upgrade. I did a lot of google searching, and I saw a few other posts where other people were trying to accomplish what I wanted to do. Either nobody responded, or some people gave some general pointers, or javasystemsolutions.com chimed in to tout their product. In any case, after a long 14 hour day, I finally got it working. We have the following environment: Linux RHEL 6.6 / Apache 2.2 / Tomcat 7.0 / mod_ssl / mod_auth_cas 1.0.9 / areasso 7.0 If there is any interest, I will write up a guide on how to implement SSO with CAS and share it with the list. Thanks, Alex -- O--O--O-O | Alex Agle \/ Lead Application Developer | O---/\ Georgia Institute of Technology | |(404)894-6165 //\\ EIS - Applications Support | | Atlanta, GA //\/\\ alex.agle(@)oit.gatech.edu| OO-\/\/-O---O ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
Re: Single Sign-On (SSO)
John, thanks alot for your suggest ! You say to use BMC community code, but where i can find this code ? i would like to realize the solution myself without include other people (i.e. Column or similar). can you help me to indicate the 'right street' ? i try to read 'Integrating BMC® Remedy®Action Request System® with Single Sign-On (SSO) Authentication Systems and Other Client-Side Login Intercept Technologies' but i understand just a little ! thx Peter ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: Where the Answers Are
Single Sign-On (SSO)
Hi all, i would like to log to Requester Console bypassing the login page of Mid Tier. the User could access to the system using his Web portal and i try to interface the RQC by Single Sign-On (SSO) of BMC Remedy. Is it possible ? i don't understand if Single Sign-On (SSO) needs of regular license by BMC ! any Idea ? can you help me to solve this requirement ? thx Peter ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: Where the Answers Are
Re: Single Sign-On (SSO)
Yes, this can be done. Column Technologies helped us set this up, they have a packaged custom plugin they've written to perform the pass-through SSO solution which basically gets applied to your Miditer server and intercepts traffic to the web server and authenticates to your Identity Mgt solution then passes you through into Remedy. The licensing does not change with an SSO solution, based on function the user would still need to the appropriate license for the functionality used. If you are talking about the basic Requester Console, this interface does not require a license, but if you are referring to the full Service Request Management module, that is a licensed component and they would require a license. Hope this helps, contact Column Technologies (www.columnit.com) for info on their SSO solution, they were able to get us up and running in short order on it. Thanks. Nate. Nathan Aker ITSM Solution Architect McAfee, Inc. -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Team Remedy Sent: Thursday, May 31, 2012 4:31 AM To: arslist@ARSLIST.ORG Subject: Single Sign-On (SSO) Hi all, i would like to log to Requester Console bypassing the login page of Mid Tier. the User could access to the system using his Web portal and i try to interface the RQC by Single Sign-On (SSO) of BMC Remedy. Is it possible ? i don't understand if Single Sign-On (SSO) needs of regular license by BMC ! any Idea ? can you help me to solve this requirement ? thx Peter ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: Where the Answers Are ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: Where the Answers Are
Single Sign-On (SSO)
Nathan The Column SSO solution is little more than the BMC community code repackaged, but last time I checked, rather less secure. I actually sent Column a video demonstrating how to login to AR System as any user and never received a response demonstrating the problem has been fixed. Instead, I received a lecture on AD integration technology from someone who (a) didn't know that I'm somewhat familiar in this area, and (b) didn't know what they were talking about. So if you want a do it yourself kit, you can use the BMC community code. If you want a real product supported by people who are industry experts, consult Google or ask some of BMC's biggest clients. But the answer to SSO is not Column. John ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: Where the Answers Are
Want to implement Single Sign-On(SSO)
Brian Ref: Single user repository I think BMC believe OpenSSO gives them a single user repository but it doesn't. Each product still requires user management, so a user that exists in AR System must be manually managed in SAP BOXI (BMC Analytics). One of the many features in SSO Plugin is the ability to automatically manage these third party repositories. John ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: Where the Answers Are
Re: Want to implement Single Sign-On(SSO)
Can I ask what is your plan or method for doing it? Like do you need CAC? Certs, or just AD authentication? Do you require secure methods? 686 vice 389 (or what ever)? Just wondering Sent from my iPhone On May 15, 2012, at 2:51, John Baker jba...@javasystemsolutions.com wrote: Brian Ref: Single user repository I think BMC believe OpenSSO gives them a single user repository but it doesn't. Each product still requires user management, so a user that exists in AR System must be manually managed in SAP BOXI (BMC Analytics). One of the many features in SSO Plugin is the ability to automatically manage these third party repositories. John ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: Where the Answers Are ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: Where the Answers Are
Re: Want to implement Single Sign-On(SSO)
John Didn't state single user repository just authentication repository. SSO will allow you to setup multiple repositories (LDAP, RSA, CAC, Local, etc.). That's why my original question was what exactly is SSO going to be used for. If it is to provide LDAP capabilities for Mid-tier then there are better ways to handle this. If you are looking at implementing both Analytics and ITSM then SSO could work, but it is not without a lot of work to get it working right. If you are looking at SSO to automagically authenticate you to various apps based on your network login when you logged into the box then BMC SSO will not work for that. I have successfully setup SSO in a dev environment against multiple repositories. However, we pulled the plug on production because at the time it was not compatible with encryption and I didn't feel it was ready for prime time. This was for a 7.6.04 environment. Looking at Hari's original questions: 1. Hard to answer without knowing exactly what you are trying to do. 2. Java System Solutions is a third party that has designed a SSO plugin for AR System 3. Upgrading can be a good and bad thing for many reasons. SSO probably shouldn't be your driving force to upgrading to 7.6.04. Other queries: a. License questions are probably best asked to your BMC Account Manager. They know your account structure best. b. validation parameter? Not sure what you're looking for here c. BMC SSO has its own access manager/administration tool and doesn't require the use of Oracle Access Manager. BMC SSO is loaded on a separate web server from the mid-tier. It uses 32 bit were as Mid-tier can use 64 bit. No you can try to get these working on the same web server, but it is not recommended. I still would need a better understanding of the requirements to provide decent answers. Brian -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of John Baker Sent: Tuesday, May 15, 2012 2:51 AM To: arslist@ARSLIST.ORG Subject: Want to implement Single Sign-On(SSO) Brian Ref: Single user repository I think BMC believe OpenSSO gives them a single user repository but it doesn't. Each product still requires user management, so a user that exists in AR System must be manually managed in SAP BOXI (BMC Analytics). One of the many features in SSO Plugin is the ability to automatically manage these third party repositories. John ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: Where the Answers Are ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: Where the Answers Are
Want to implement Single Sign-On(SSO)
Hi All, Hope you all are doing well, this is with reference to one of my requirement of implementing SSO in Remedy environment. My Current Remedy Setup is : Platform: OS= Windows 2003 Server Database= SQL Server 2005 Remedy AR Server = 7.5.004 Remedy ITSM Apps Version= 7.6.001 Users were LDAP authenticated. Midtier Env: OS= Windows 2003 Server Web Server= Apache Tomcat I want to implement SSO in my environment with my current setup. But i am not getting the clear picture of how to implement this.Till date, what i found that: 1. Can be achieved through customized SSO: In this, we need to write some external java class which will authenticate the users.Here, my question is Is there any need of any extra web server depending on my current environment. I heard of web access manager by BMC,Oracle,etc.Plz suggest. 2. Third party provided SSO solutions. 3. To upgrade my existing version to 7.6.04, where BMC has provided the SSO solution. Other queries of mine are: a. SSO requires license or not, if yes, then shall we need to take a call with BMC for license. b. what validation parameter should i consider while implementing SSO. c. Shall we need any Web access manager for implementing SSO.And if i am going for Oracle web access manager, will it create some compatibility issue with SQL server 2005. Any help or any suggestions will contribute a lot. Thanks Regards Hari E-mail:- hsvishwaka...@gmail.com ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: Where the Answers Are
Re: Want to implement Single Sign-On(SSO)
What exactly are you looking to use SSO for? You can do LDAP authentication without SSO in place. If you're looking for the user to automatically be authenticated to Remedy Mid-tier based on their network login, BMC SSO will not do this to my knowledge. What the BMC SSO piece will give you is a authentication repository if you will of user accounts and passwords, which other BMC products can utilize (ITSM and Analytics). Theoretically if your logged into one you can use all without re-authenticating. I believe there are a few people on the thread that have used javasystems SSO tool and could chime in on its capabilities. Brian From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Hari Vishwakarma Sent: Monday, May 14, 2012 6:40 PM To: arslist@ARSLIST.ORG Subject: Want to implement Single Sign-On(SSO) ** Hi All, Hope you all are doing well, this is with reference to one of my requirement of implementing SSO in Remedy environment. My Current Remedy Setup is : Platform: OS= Windows 2003 Server Database= SQL Server 2005 Remedy AR Server = 7.5.004 Remedy ITSM Apps Version= 7.6.001 Users were LDAP authenticated. Midtier Env: OS= Windows 2003 Server Web Server= Apache Tomcat I want to implement SSO in my environment with my current setup. But i am not getting the clear picture of how to implement this.Till date, what i found that: 1. Can be achieved through customized SSO: In this, we need to write some external java class which will authenticate the users.Here, my question is Is there any need of any extra web server depending on my current environment. I heard of web access manager by BMC,Oracle,etc.Plz suggest. 2. Third party provided SSO solutions. 3. To upgrade my existing version to 7.6.04, where BMC has provided the SSO solution. Other queries of mine are: a. SSO requires license or not, if yes, then shall we need to take a call with BMC for license. b. what validation parameter should i consider while implementing SSO. c. Shall we need any Web access manager for implementing SSO.And if i am going for Oracle web access manager, will it create some compatibility issue with SQL server 2005. Any help or any suggestions will contribute a lot. Thanks Regards Hari E-mail:- hsvishwaka...@gmail.com _attend WWRUG12 www.wwrug.com ARSlist: Where the Answers Are_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: Where the Answers Are
Single Sign On and Remedy
Hello All, I have been tasked with coming up with a Single Sign On solution using Remedy as the source. I think the People form would be the obvious place to start. I am curious to know if anyone else has done anything similar or if there is some Out of the Box solution available that integrates easily with Remedy. Thanks in Advance, Jase Brandon Remedy Developer Quality Technology Services 7.1 Patch 004 SQL Server Windows 2003 ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are
Re: Single Sign On and Remedy
The classic doc on SSO is on the BMC support site. Here's the link I turn up (this is valid for ARS 7.1): http://documents.bmc.com/supportu/documents/57/12/65712/65712.pdf This directs you through the free option, which essentially is allowing the customer to use their domain password to login to Remedy. If you want to have complete passthrough without any login, you'll need a customized solution. There are a few out there, or the doc above will direct you how to develop your own. (I see that Mr. Gill is presenting one of the vendor options now. :^) Kelly Logan Office : 763-764-2375 Mobile: 313-645-4552 From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Jase Brandon Sent: Wednesday, May 26, 2010 2:33 PM To: arslist@ARSLIST.ORG Subject: Single Sign On and Remedy ** Hello All, I have been tasked with coming up with a Single Sign On solution using Remedy as the source. I think the People form would be the obvious place to start. I am curious to know if anyone else has done anything similar or if there is some Out of the Box solution available that integrates easily with Remedy. Thanks in Advance, Jase Brandon Remedy Developer Quality Technology Services 7.1 Patch 004 SQL Server Windows 2003 _attend WWRUG10 www.wwrug.com ARSlist: Where the Answers Are_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are
Single Sign On and RKM
Dear Listers, As I'm sure many of you are aware, JSS is the only provider of a true Single Sign On plugin for the AR System, as detailed by BMC. At JSS, we believe in listening to customers and letting them shape our products, hence the SSO Plugin contains many features that were suggested by customers. With RKM now becoming a popular tool, we'd like to know if there's interest in an SSO Plugin for RKM? If you could send me your feedback (email or to the list) then I'd be most grateful. Happy Christmas and New Year! John Baker -- Java System Solutions http://www.javasystemsolutions.com ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are
Single sign-in
We are looking into implementing single sign-in for our users (I have gotten the BMC documentation to review). I was wondering if anyone else has implemented this and would be willing to share if you had any issues implementing or since implementation and also see if you could provide any pointers. Any information would be greatly appreciated. Thanks! ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are
Re: Single sign-in
Hi Dawn. Would you be able to share the documentation with me? This is something a client of mine would like to do. Thanks. Steve Date: Thu, 17 Dec 2009 06:01:13 -0500 From: dawn.brumb...@perdue.com Subject: Single sign-in To: arslist@ARSLIST.ORG ** We are looking into implementing single sign-in for our users (I have gotten the BMC documentation to review). I was wondering if anyone else has implemented this and would be willing to share if you had any issues implementing or since implementation and also see if you could provide any pointers. Any information would be greatly appreciated. Thanks!_Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers Are_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are
Re: Single sign-in
Dawn, We tried to implement BMC's solution, and while I got it working, it didn't work for everyone, and there was no good way to troubleshoot it. We also tried another product from JSS that did work, but management decided not to proceed with purchasing it at this time. Shawn Pierson From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Brumbley, Dawn Sent: Thursday, December 17, 2009 5:01 AM To: arslist@ARSLIST.ORG Subject: Single sign-in ** We are looking into implementing single sign-in for our users (I have gotten the BMC documentation to review). I was wondering if anyone else has implemented this and would be willing to share if you had any issues implementing or since implementation and also see if you could provide any pointers. Any information would be greatly appreciated. Thanks! _Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers Are_ Private and confidential as detailed here: http://www.sug.com/disclaimers/default.htm#Mail . If you cannot access the link, please e-mail sender. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are
Re: Single sign-in
Documentation is found here: 16-Oct-2006 Integrating BMC Remedy Action Request System with Single Sign-On (SSO) and Other Client-Side Login Intercept Technologies PDFhttp://documents.bmc.com/supportu/documents/57/12/65712/65712.pdf -David J. Easter Sr. Product Manager, Solution Strategy and Development BMC Software, Inc. The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Steven Iocco Sent: Thursday, December 17, 2009 8:01 AM To: arslist@ARSLIST.ORG Subject: Re: Single sign-in ** Hi Dawn. Would you be able to share the documentation with me? This is something a client of mine would like to do. Thanks. Steve Date: Thu, 17 Dec 2009 06:01:13 -0500 From: dawn.brumb...@perdue.com Subject: Single sign-in To: arslist@ARSLIST.ORG ** We are looking into implementing single sign-in for our users (I have gotten the BMC documentation to review). I was wondering if anyone else has implemented this and would be willing to share if you had any issues implementing or since implementation and also see if you could provide any pointers. Any information would be greatly appreciated. Thanks! _Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers Are_ _Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers Are_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are
Re: Single sign-in
you should use the Free one Devtechnology Group has We have it working at DLA, Marines, and other locations.. It is configurable.. Silly to pay money.. On Thu, Dec 17, 2009 at 1:17 PM, Pierson, Shawn shawn.pier...@sug.comwrote: ** Dawn, We tried to implement BMC’s solution, and while I got it working, it didn’t work for everyone, and there was no good way to troubleshoot it. We also tried another product from JSS that did work, but management decided not to proceed with purchasing it at this time. Shawn Pierson *From:* Action Request System discussion list(ARSList) [mailto: arsl...@arslist.org] *On Behalf Of *Brumbley, Dawn *Sent:* Thursday, December 17, 2009 5:01 AM *To:* arslist@ARSLIST.ORG *Subject:* Single sign-in ** We are looking into implementing single sign-in for our users (I have gotten the BMC documentation to review). I was wondering if anyone else has implemented this and would be willing to share if you had any issues implementing or since implementation and also see if you could provide any pointers. Any information would be greatly appreciated. Thanks! _Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers Are_ Private and confidential as detailed herehttp://www.sug.com/disclaimers/default.htm#Mail. If you cannot access hyperlink, please e-mail sender. _Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers Are_ -- Patrick Zandi ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are
Re: Single sign-in
I like the sound of Free, where do I get it? Thanks, Doug From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of patrick zandi Sent: Thursday, December 17, 2009 2:37 PM To: arslist@ARSLIST.ORG Subject: Re: Single sign-in ** you should use the Free one Devtechnology Group has We have it working at DLA, Marines, and other locations.. It is configurable.. Silly to pay money.. On Thu, Dec 17, 2009 at 1:17 PM, Pierson, Shawn shawn.pier...@sug.commailto:shawn.pier...@sug.com wrote: ** Dawn, We tried to implement BMC's solution, and while I got it working, it didn't work for everyone, and there was no good way to troubleshoot it. We also tried another product from JSS that did work, but management decided not to proceed with purchasing it at this time. Shawn Pierson From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORGmailto:arslist@ARSLIST.ORG] On Behalf Of Brumbley, Dawn Sent: Thursday, December 17, 2009 5:01 AM To: arslist@ARSLIST.ORGmailto:arslist@ARSLIST.ORG Subject: Single sign-in ** We are looking into implementing single sign-in for our users (I have gotten the BMC documentation to review). I was wondering if anyone else has implemented this and would be willing to share if you had any issues implementing or since implementation and also see if you could provide any pointers. Any information would be greatly appreciated. Thanks! _Platinum Sponsor: rmisoluti...@verizon.netmailto:rmisoluti...@verizon.net ARSlist: Where the Answers Are_ Private and confidential as detailed herehttp://www.sug.com/disclaimers/default.htm#Mail. If you cannot access hyperlink, please e-mail sender. _Platinum Sponsor: rmisoluti...@verizon.netmailto:rmisoluti...@verizon.net ARSlist: Where the Answers Are_ -- Patrick Zandi _Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers Are_ DISCLAIMER Important! This message is intended for the above named person(s) only and is CONFIDENTIAL AND PROPRIETARY. If you are not the intended recipient of this e-mail and have received it in error, please immediately notify the sender by return email and then delete it from your mailbox. This message may be protected by the attorney-client privilege and/or work product doctrine. Accessing, copying, disseminating or re-using any of the information contained in this e-mail by anyone other than the intended recipient is strictly prohibited. Finally, you should check this email and any attachments for the presence of viruses, as the sender accepts no liability for any damage caused by any virus transmitted by this email. Thank you. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are
Re: Single sign-in
Do you have a link? Tony Worthington | Sr. Technical Analyst | Kohl?s Department Stores N56 W17000 Ridgewood Drive | Menomonee Falls, WI 53051 | office: (262) 703-7763 | e-mail: tony.worthing...@kohls.com From: patrick zandi remedy...@gmail.com To: arslist@ARSLIST.ORG Date: 12/17/2009 01:37 PM Subject: Re: Single sign-in Sent by: Action Request System discussion list(ARSList) arslist@ARSLIST.ORG ** you should use the Free one Devtechnology Group has We have it working at DLA, Marines, and other locations.. It is configurable.. Silly to pay money.. On Thu, Dec 17, 2009 at 1:17 PM, Pierson, Shawn shawn.pier...@sug.com wrote: ** Dawn, We tried to implement BMC?s solution, and while I got it working, it didn?t work for everyone, and there was no good way to troubleshoot it. We also tried another product from JSS that did work, but management decided not to proceed with purchasing it at this time. Shawn Pierson From: Action Request System discussion list(ARSList) [mailto: arsl...@arslist.org] On Behalf Of Brumbley, Dawn Sent: Thursday, December 17, 2009 5:01 AM To: arslist@ARSLIST.ORG Subject: Single sign-in ** We are looking into implementing single sign-in for our users (I have gotten the BMC documentation to review). I was wondering if anyone else has implemented this and would be willing to share if you had any issues implementing or since implementation and also see if you could provide any pointers. Any information would be greatly appreciated. Thanks! _Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers Are_ Private and confidential as detailed here. If you cannot access hyperlink, please e-mail sender. _Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers Are_ -- Patrick Zandi _Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers Are_ ** CONFIDENTIALITY NOTICE: This is a transmission from Kohl's Department Stores, Inc. and may contain information which is confidential and proprietary. If you are not the addressee, any disclosure, copying or distribution or use of the contents of this message is expressly prohibited. If you have received this transmission in error, please destroy it and notify us immediately at 262-703-7000. CAUTION: Internet and e-mail communications are Kohl's property and Kohl's reserves the right to retrieve and read any message created, sent and received. Kohl's reserves the right to monitor messages by authorized Kohl's Associates at any time without any further consent. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are
Re: Single sign-in
michael.campb...@devtechnology.com Sent from my iPhone On Dec 17, 2009, at 4:01 PM, Tony Worthington tony.worthing...@kohls.com wrote: ** Do you have a link? Tony Worthington | Sr. Technical Analyst | Kohl’s Department Stores N56 W17000 Ridgewood Drive | Menomonee Falls, WI 53051 | office: (262) 703-7763 | e-mail: tony.worthing...@kohls.com From: patrick zandi remedy...@gmail.com To: arslist@ARSLIST.ORG Date: 12/17/2009 01:37 PM Subject:Re: Single sign-in Sent by: Action Request System discussion list(ARSList) arslist@ARSLIST.ORG ** you should use the Free one Devtechnology Group has We have it working at DLA, Marines, and other locations.. It is configurable.. Silly to pay money.. On Thu, Dec 17, 2009 at 1:17 PM, Pierson, Shawn shawn.pier...@sug.com wrote: ** Dawn, We tried to implement BMC’s solution, and while I got it working, it didn’t work for everyone, and there was no good way to troubleshoot it. We also tried another product from JSS that did work, but mana gement decided not to proceed with purchasing it at this time. Shawn Pierson From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Brumbley, Dawn Sent: Thursday, December 17, 2009 5:01 AM To: arslist@ARSLIST.ORG Subject: Single sign-in ** We are looking into implementing single sign-in for our users (I have gotten the BMC documentation to review). I was wondering if anyone else has implemented this and would be willing to share if you had any issues implementing or since implementation and also see if you could provide any pointers. Any information would be greatly appreciated. Thanks! _Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers Are_ Private and confidential as detailed here. If you cannot access hyperlink, please e-mail sender. _Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers Are_ -- Patrick Zandi _Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers Are_ CONFIDENTIALITY NOTICE: This is a transmission from Kohl's Department Stores, Inc. and may contain information which is confidential and proprietary. If you are not the addressee, any disclosure, copying or distribution or use of the contents of this message is expressly prohibited. If you have received this transmission in error, please destroy it and notify us immediately at 262-703-7000. CAUTION: Internet and e-mail communications are Kohl's property and Kohl's reserves the right to retrieve and read any message created, sent and received. Kohl's reserves the right to monitor messages by authorized Kohl's Associates at any time without any further consent. _Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers Are_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are
Re: Single sign-in
Michael has also graciously posted the Common Access Card (CAC) integration utilizing the SSO interface on the BMC Developer Network. The integration is provided for the Remedy User client. It can be found here: http://communities.bmc.com/communities/docs/DOC-7066 -David J. Easter Sr. Product Manager, Solution Strategy and Development BMC Software, Inc. The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Pat Zandi Sent: Thursday, December 17, 2009 1:08 PM To: arslist@ARSLIST.ORG Subject: Re: Single sign-in ** michael.campb...@devtechnology.commailto:michael.campb...@devtechnology.com Sent from my iPhone On Dec 17, 2009, at 4:01 PM, Tony Worthington tony.worthing...@kohls.commailto:tony.worthing...@kohls.com wrote: ** Do you have a link? Tony Worthington | Sr. Technical Analyst | Kohl’s Department Stores N56 W17000 Ridgewood Drive | Menomonee Falls, WI 53051 | office: (262) 703-7763 | e-mail: tony.worthing...@kohls.commailto:tony.worthing...@kohls.com From: patrick zandi remedy...@gmail.commailto:remedy...@gmail.com To: arslist@ARSLIST.ORGmailto:arslist@ARSLIST.ORG Date: 12/17/2009 01:37 PM Subject: Re: Single sign-in Sent by: Action Request System discussion list(ARSList) arslist@ARSLIST.ORGmailto:arslist@ARSLIST.ORG ** you should use the Free one Devtechnology Group has We have it working at DLA, Marines, and other locations.. It is configurable.. Silly to pay money.. On Thu, Dec 17, 2009 at 1:17 PM, Pierson, Shawn shawn.pier...@sug.commailto:shawn.pier...@sug.com wrote: ** Dawn, We tried to implement BMC’s solution, and while I got it working, it didn’t work for everyone, and there was no good way to troubleshoot it. We also tried another product from JSS that did work, but management decided not to proceed with purchasing it at this time. Shawn Pierson From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORGmailto:arslist@ARSLIST.ORG] On Behalf Of Brumbley, Dawn Sent: Thursday, December 17, 2009 5:01 AM To: arslist@ARSLIST.ORGmailto:arslist@ARSLIST.ORG Subject: Single sign-in ** We are looking into implementing single sign-in for our users (I have gotten the BMC documentation to review). I was wondering if anyone else has implemented this and would be willing to share if you had any issues implementing or since implementation and also see if you could provide any pointers. Any information would be greatly appreciated. Thanks! _Platinum Sponsor: rmisoluti...@verizon.netmailto:rmisoluti...@verizon.net ARSlist: Where the Answers Are_ Private and confidential as detailed herehttp://www.sug.com/disclaimers/default.htm#Mail. If you cannot access hyperlink, please e-mail sender. _Platinum Sponsor: rmisoluti...@verizon.netmailto:rmisoluti...@verizon.net ARSlist: Where the Answers Are_ -- Patrick Zandi _Platinum Sponsor: rmisoluti...@verizon.netmailto:rmisoluti...@verizon.net ARSlist: Where the Answers Are_ CONFIDENTIALITY NOTICE: This is a transmission from Kohl's Department Stores, Inc. and may contain information which is confidential and proprietary. If you are not the addressee, any disclosure, copying or distribution or use of the contents of this message is expressly prohibited. If you have received this transmission in error, please destroy it and notify us immediately at 262-703-7000. CAUTION: Internet and e-mail communications are Kohl's property and Kohl's reserves the right to retrieve and read any message created, sent and received. Kohl's reserves the right to monitor messages by authorized Kohl's Associates at any time without any further consent. _Platinum Sponsor: rmisoluti...@verizon.netmailto:rmisoluti...@verizon.net ARSlist: Where the Answers Are_ _Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers Are_
Re: Remedy Single Sign ON
Nice advertisement, but do you really just leave your main password in plain-text? That doesn't seem terribly secure. You could at the very, very least use a Remedy control panel to set the password in the config file using Remedy encryption. Kelly Logan Senior Remedy Developer Cybernetic Solutions, Inc. Office: (313) 586-8334 Mobile: (313) 645-4552 -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of General Information Sent: Friday, October 09, 2009 3:58 PM To: arslist@ARSLIST.ORG Subject: Remedy Single Sign ON Dear listers, The lack of authentication to the system caused by incorrect entering a user name or a password and revoked access are a reason for constant employees frustration. The users who have not logged in successfully to the system are constantly sending emails to the IT help desk asking for the password change. Employees whose access to the system has been revoked are not able to fulfil their duties. Using many passwords to the various systems and forcing employees to change them on a regular basis in accordance with a safety policy causes that employees write down their passwords on self stick note sheets and stick them to a screen. It has a negative impact on the information safety in the company. You've heard the AR System can support Single Sign On, but have you seen it in action? We've made a movie showing how quick and easy it is (assuming you have the relevant configuration information) to add Single Sign On to your AR System. You've heard the AR System can support Single Sign On, but have you seen it in action? We've made a movie showing how quick and easy you can add Single Sign On to your AR System. http://www.remedy-sso.com/media/flash/sso1024x768/sso1024x768.html For more information on the new version of this product, or to get a free evaluation version, please visit this page: http://www.remedy-sso.com Enjoy. Remedy Single Sign On Team ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are
Remedy Single Sign ON
Dear listers, As I'm sure many of you have already noticed, the SSO product brought to market by Remedy SSO seems very similar to the product launched by Java System Solutions in 2006. Indeed, it's more than a little similar, it's almost the same product - right down to the installation manual, which is a largely a copy of the installation manual shipped with the JSS SSO Plugin. Further to the above, we've already discovered that the Midtier plugin is a copy of our own. The licensing code has been present in our XML Gateway product since 2005! Not only is the product mostly the same, the marketing material is almost a complete copy of our own. It's really quite amazing that someone could do this and believe they'd get away with it! We've now collected a variety of evidence and will be putting together a report for the BMC Community on this product, however we hope by that point, the site will be pulled. The good news is, we collected the information before Remedy SSO started pulling parts of the website after realising that Remedy users aren't stupid. On a brighter note, look out for the newest release of the Java System Solutions SSO Plugin - still the only bespoke SSO Plugin for the AR System, complete with Windows User Tool support! John Baker http://www.javasystemsolutions.com ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are
Re: Remedy Single Sign ON
Hi John, Who is/was Remedy SSO? Or perhaps you are referring to remedy-sso.com which appears to be someone In Poland? I did a google search and got only a white paper from BMC from July 2006. There appears to be the stub of a opensource solution called that with details removed? Your posting might be missinterpreted to imply that you are accusing BMC (Remedy) of doing this, could you please clarify? Thanks ... Daniel -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of John Baker Sent: October 12, 2009 5:20 PM To: arslist@ARSLIST.ORG Subject: Remedy Single Sign ON Dear listers, As I'm sure many of you have already noticed, the SSO product brought to market by Remedy SSO seems very similar to the product launched by Java System Solutions in 2006. Indeed, it's more than a little similar, it's almost the same product - right down to the installation manual, which is a largely a copy of the installation manual shipped with the JSS SSO Plugin. Further to the above, we've already discovered that the Midtier plugin is a copy of our own. The licensing code has been present in our XML Gateway product since 2005! Not only is the product mostly the same, the marketing material is almost a complete copy of our own. It's really quite amazing that someone could do this and believe they'd get away with it! We've now collected a variety of evidence and will be putting together a report for the BMC Community on this product, however we hope by that point, the site will be pulled. The good news is, we collected the information before Remedy SSO started pulling parts of the website after realising that Remedy users aren't stupid. On a brighter note, look out for the newest release of the Java System Solutions SSO Plugin - still the only bespoke SSO Plugin for the AR System, complete with Windows User Tool support! John Baker http://www.javasystemsolutions.com ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are
Re: Remedy Single Sign ON
Daniel, I believe the email he is referring to was sent by General Information [k...@gazeta.pl] Sent at 1:58 PM MT Friday 10/9/09 with a subject of 'Remedy Single Sign ON' It was a blatant add pointing to http://www.remedy-sso.com. -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Daniel Bloom Sent: Monday, October 12, 2009 6:40 PM To: arslist@ARSLIST.ORG Subject: Re: Remedy Single Sign ON Hi John, Who is/was Remedy SSO? Or perhaps you are referring to remedy-sso.com which appears to be someone In Poland? I did a google search and got only a white paper from BMC from July 2006. There appears to be the stub of a opensource solution called that with details removed? Your posting might be missinterpreted to imply that you are accusing BMC (Remedy) of doing this, could you please clarify? Thanks ... Daniel -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of John Baker Sent: October 12, 2009 5:20 PM To: arslist@ARSLIST.ORG Subject: Remedy Single Sign ON Dear listers, As I'm sure many of you have already noticed, the SSO product brought to market by Remedy SSO seems very similar to the product launched by Java System Solutions in 2006. Indeed, it's more than a little similar, it's almost the same product - right down to the installation manual, which is a largely a copy of the installation manual shipped with the JSS SSO Plugin. Further to the above, we've already discovered that the Midtier plugin is a copy of our own. The licensing code has been present in our XML Gateway product since 2005! Not only is the product mostly the same, the marketing material is almost a complete copy of our own. It's really quite amazing that someone could do this and believe they'd get away with it! We've now collected a variety of evidence and will be putting together a report for the BMC Community on this product, however we hope by that point, the site will be pulled. The good news is, we collected the information before Remedy SSO started pulling parts of the website after realising that Remedy users aren't stupid. On a brighter note, look out for the newest release of the Java System Solutions SSO Plugin - still the only bespoke SSO Plugin for the AR System, complete with Windows User Tool support! John Baker http://www.javasystemsolutions.com ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are
Remedy Single Sign ON
Dear listers, The lack of authentication to the system caused by incorrect entering a user name or a password and revoked access are a reason for constant employees frustration. The users who have not logged in successfully to the system are constantly sending emails to the IT help desk asking for the password change. Employees whose access to the system has been revoked are not able to fulfil their duties. Using many passwords to the various systems and forcing employees to change them on a regular basis in accordance with a safety policy causes that employees write down their passwords on self stick note sheets and stick them to a screen. It has a negative impact on the information safety in the company. You've heard the AR System can support Single Sign On, but have you seen it in action? We've made a movie showing how quick and easy it is (assuming you have the relevant configuration information) to add Single Sign On to your AR System. You've heard the AR System can support Single Sign On, but have you seen it in action? We've made a movie showing how quick and easy you can add Single Sign On to your AR System. http://www.remedy-sso.com/media/flash/sso1024x768/sso1024x768.html For more information on the new version of this product, or to get a free evaluation version, please visit this page: http://www.remedy-sso.com Enjoy. Remedy Single Sign On Team ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are
Re: AD Remedy Single Sign ON
Please let us know up front that you're trying to sell a product. Dave - dave.shell...@tycoelectronics.com (Wireless) - Original Message - From: Action Request System discussion list(ARSList) arslist@ARSLIST.ORG To: arslist@ARSLIST.ORG arslist@ARSLIST.ORG Sent: Fri Oct 09 15:57:50 2009 Subject: Remedy Single Sign ON Dear listers, The lack of authentication to the system caused by incorrect entering a user name or a password and revoked access are a reason for constant employees frustration. The users who have not logged in successfully to the system are constantly sending emails to the IT help desk asking for the password change. Employees whose access to the system has been revoked are not able to fulfil their duties. Using many passwords to the various systems and forcing employees to change them on a regular basis in accordance with a safety policy causes that employees write down their passwords on self stick note sheets and stick them to a screen. It has a negative impact on the information safety in the company. You've heard the AR System can support Single Sign On, but have you seen it in action? We've made a movie showing how quick and easy it is (assuming you have the relevant configuration information) to add Single Sign On to your AR System. You've heard the AR System can support Single Sign On, but have you seen it in action? We've made a movie showing how quick and easy you can add Single Sign On to your AR System. http://www.remedy-sso.com/media/flash/sso1024x768/sso1024x768.html For more information on the new version of this product, or to get a free evaluation version, please visit this page: http://www.remedy-sso.com Enjoy. Remedy Single Sign On Team ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are
single sign on with usertool CAC
Anyone out there doing the single sign on with CAC and the USERTOOL? -- What product are you using or are you using a free one, and how many users are on it ? Patrick Zandi ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are
JOB Opportunity: Single-Sign on Integration Specialist
AttivaSoft is an IT Service Management Consultancy and Systems Integrator that focuses on value, speed of delivery, and high performance technology solutions. Our High Performance IT approach combines people, business process and advanced technology solutions. The consultant should have the following skill set: Ability Integrating BMC Remedy Action Request System with Single Sign-On (SSO). Ability to configure the Mid-Tier SSOAuthenticator Ability to configure the SSO.Properties Ability to configure the Mid-Tier Config.Properties Ability to configure the AREA SSO Plugin Ability to configure AR System Server to authenticate to Active Directory Ability to develop and compile code in C and Java Program languages. Strong experience in AR API development Ability to CAC Card enable the Remedy System with SSO AttivaSoft, LLC is a is an Equal Opportunity Employer and does not discriminate on the basis of race, national origin, religion, color, gender, sexual orientation, age, non-disqualifying physical or mental disability or any other basis covered by law. AttivaSoft offers a great Total Compensation Package! This position includes a competitive compensation package with strong base salary (commensurate with experience and qualifications). We have a fantastic and generous training and mentoring program for all employees. We also offer a company sponsored 401K Plan, Medical, Dental, Vision, Life Insurance and Short and Long Term Disability Insurance. For more information, please contact Nicole St. Louis, Human Resources Associate, (410) 715-4446 x115 or recruit...@attivasoft.com. www.attivasoft.com Nicole R. St. Louis Human Resources Associate AttivaSoft, LLC 10440 Little Patuxent Parkway, Suite 200 Columbia, MD 21044 (410) 715-4446 x115 www.attivasoft.com ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are
Re: Single Sign-On (SiteMinder, Identity Manager)
Axton, after looking at the documentation this is exactly what I'm looking for. The BMC white paper was extremely helpful. I will give it a crack and let you know if I run into any issues. Thanks again! Rafael From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Axton Sent: Wednesday, March 04, 2009 1:38 PM To: arslist@ARSLIST.ORG Subject: Re: Single Sign-On (SiteMinder, Identity Manager) ** With the approach I took, yes. Are there other approaches? Yes. Will they require similar changes? Probably. Axton Grams The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. On Wed, Mar 4, 2009 at 12:08 PM, Rodriguez, Rafael J x23718 rafael.rodrig...@broadridge.com wrote: ** Thanks Axton, I will take a look at the docs you provided. So are you saying that in order to use SiteMinder you have to develop a custom AREA plugin and make changes to login.jsp on Mid-Tier. Please bare with me as this is my first exposure to SSO with Mid-tier. From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Axton Sent: Tuesday, March 03, 2009 3:44 PM To: arslist@ARSLIST.ORG Subject: Re: Single Sign-On (SiteMinder, Identity Manager) ** The Java System Solutions page on their sso plugin does the best job I've found of illustrating how I've seen SSO implemented with the mid-tier. http://www.javasystemsolutions.com/jss/ssoplugin http://www.javasystemsolutions.com/img/diagram/ssoplugin-midtier.png Not endorsing the product, as I've never used it, but there is a good write-up/illustrations on the page. It involves writing a custom AREA plug-in as well as customizations to login.jsp and custom servlets on the mid-tier server. There are BMC whitepapers on the subject as well, though I have not used them as we developed the sso solution using a 6.0.1 mid-tier server which did not have the Authenticator hooks the newer versions of mid-tier have. We can keep the discussion on the list; other people may have things to add and things to gain through visibility into the discussion. Axton Grams The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. On Tue, Mar 3, 2009 at 9:42 AM, Rodriguez, Rafael J x23718 rafael.rodrig...@broadridge.com wrote: ** Thanks Axton for the response. I'm aware that this would be a solution just for Mid-Tier. Can you provide any documentation or direction on this? If you would be willing we can have a brief discussion outside of the list? Thanks Rafael Rodriguez Manager Midtier/Remedy Enterprise Broadridge Financial Solutions Inc 201.714.3718 From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Axton Sent: Tuesday, March 03, 2009 10:07 AM To: arslist@ARSLIST.ORG Subject: Re: Single Sign-On (SiteMinder, Identity Manager) ** I have worked with SiteMinder sso integrations. It was an sso solution for the mid-tier; native clients still required a login. Axton Grams The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. On Tue, Mar 3, 2009 at 8:05 AM, Rodriguez, Rafael J x23718 rafael.rodrig...@broadridge.com wrote: Hello, Just wanted to find out if anyone has utilized SiteMinder or Identity Manager to implement Single Sign-On in there environment? Any ideas are welcome Thanks My environment is: IIS 6 Tomcat Servlet for Mid-Tier. ARS 7.0.1 Patch 6 SQL 2000 This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are __Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are html___ This message
Re: Single Sign-On (SiteMinder, Identity Manager)
Thanks Axton, I will take a look at the docs you provided. So are you saying that in order to use SiteMinder you have to develop a custom AREA plugin and make changes to login.jsp on Mid-Tier. Please bare with me as this is my first exposure to SSO with Mid-tier. From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Axton Sent: Tuesday, March 03, 2009 3:44 PM To: arslist@ARSLIST.ORG Subject: Re: Single Sign-On (SiteMinder, Identity Manager) ** The Java System Solutions page on their sso plugin does the best job I've found of illustrating how I've seen SSO implemented with the mid-tier. http://www.javasystemsolutions.com/jss/ssoplugin http://www.javasystemsolutions.com/img/diagram/ssoplugin-midtier.png Not endorsing the product, as I've never used it, but there is a good write-up/illustrations on the page. It involves writing a custom AREA plug-in as well as customizations to login.jsp and custom servlets on the mid-tier server. There are BMC whitepapers on the subject as well, though I have not used them as we developed the sso solution using a 6.0.1 mid-tier server which did not have the Authenticator hooks the newer versions of mid-tier have. We can keep the discussion on the list; other people may have things to add and things to gain through visibility into the discussion. Axton Grams The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. On Tue, Mar 3, 2009 at 9:42 AM, Rodriguez, Rafael J x23718 rafael.rodrig...@broadridge.com wrote: ** Thanks Axton for the response. I'm aware that this would be a solution just for Mid-Tier. Can you provide any documentation or direction on this? If you would be willing we can have a brief discussion outside of the list? Thanks Rafael Rodriguez Manager Midtier/Remedy Enterprise Broadridge Financial Solutions Inc 201.714.3718 From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Axton Sent: Tuesday, March 03, 2009 10:07 AM To: arslist@ARSLIST.ORG Subject: Re: Single Sign-On (SiteMinder, Identity Manager) ** I have worked with SiteMinder sso integrations. It was an sso solution for the mid-tier; native clients still required a login. Axton Grams The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. On Tue, Mar 3, 2009 at 8:05 AM, Rodriguez, Rafael J x23718 rafael.rodrig...@broadridge.com wrote: Hello, Just wanted to find out if anyone has utilized SiteMinder or Identity Manager to implement Single Sign-On in there environment? Any ideas are welcome Thanks My environment is: IIS 6 Tomcat Servlet for Mid-Tier. ARS 7.0.1 Patch 6 SQL 2000 This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are __Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are html___ This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system. __Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are html___ __Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are html___ This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication
Re: Single Sign-On (SiteMinder, Identity Manager)
With the approach I took, yes. Are there other approaches? Yes. Will they require similar changes? Probably. Axton Grams The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. On Wed, Mar 4, 2009 at 12:08 PM, Rodriguez, Rafael J x23718 rafael.rodrig...@broadridge.com wrote: ** Thanks Axton, I will take a look at the docs you provided. So are you saying that in order to use SiteMinder you have to develop a custom AREA plugin and make changes to login.jsp on Mid-Tier. Please bare with me as this is my first exposure to SSO with Mid-tier. -- *From:* Action Request System discussion list(ARSList) [mailto: arsl...@arslist.org] *On Behalf Of *Axton *Sent:* Tuesday, March 03, 2009 3:44 PM *To:* arslist@ARSLIST.ORG *Subject:* Re: Single Sign-On (SiteMinder, Identity Manager) ** The Java System Solutions page on their sso plugin does the best job I've found of illustrating how I've seen SSO implemented with the mid-tier. http://www.javasystemsolutions.com/jss/ssoplugin http://www.javasystemsolutions.com/img/diagram/ssoplugin-midtier.png Not endorsing the product, as I've never used it, but there is a good write-up/illustrations on the page. It involves writing a custom AREA plug-in as well as customizations to login.jsp and custom servlets on the mid-tier server. There are BMC whitepapers on the subject as well, though I have not used them as we developed the sso solution using a 6.0.1 mid-tier server which did not have the Authenticator hooks the newer versions of mid-tier have. We can keep the discussion on the list; other people may have things to add and things to gain through visibility into the discussion. Axton Grams The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. On Tue, Mar 3, 2009 at 9:42 AM, Rodriguez, Rafael J x23718 rafael.rodrig...@broadridge.com wrote: ** Thanks Axton for the response. I'm aware that this would be a solution just for Mid-Tier. Can you provide any documentation or direction on this? If you would be willing we can have a brief discussion outside of the list? Thanks *Rafael Rodriguez*** *Manager Midtier/Remedy Enterprise* *Broadridge Financial Solutions Inc* *201.714.3718* -- *From:* Action Request System discussion list(ARSList) [mailto: arsl...@arslist.org] *On Behalf Of *Axton *Sent:* Tuesday, March 03, 2009 10:07 AM *To:* arslist@ARSLIST.ORG *Subject:* Re: Single Sign-On (SiteMinder, Identity Manager) ** I have worked with SiteMinder sso integrations. It was an sso solution for the mid-tier; native clients still required a login. Axton Grams The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. On Tue, Mar 3, 2009 at 8:05 AM, Rodriguez, Rafael J x23718 rafael.rodrig...@broadridge.com wrote: Hello, Just wanted to find out if anyone has utilized SiteMinder or Identity Manager to implement Single Sign-On in there environment? Any ideas are welcome Thanks My environment is: IIS 6 Tomcat Servlet for Mid-Tier. ARS 7.0.1 Patch 6 SQL 2000 This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are __Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are html___ This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly
Re: Single Sign-On (SiteMinder, Identity Manager)
In any instance you will have to create your own AREA plugin From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Axton Sent: 04 March 2009 18:38 To: arslist@ARSLIST.ORG Subject: Re: Single Sign-On (SiteMinder, Identity Manager) ** With the approach I took, yes. Are there other approaches? Yes. Will they require similar changes? Probably. Axton Grams The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. On Wed, Mar 4, 2009 at 12:08 PM, Rodriguez, Rafael J x23718 rafael.rodrig...@broadridge.com wrote: ** Thanks Axton, I will take a look at the docs you provided. So are you saying that in order to use SiteMinder you have to develop a custom AREA plugin and make changes to login.jsp on Mid-Tier. Please bare with me as this is my first exposure to SSO with Mid-tier. _ From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Axton Sent: Tuesday, March 03, 2009 3:44 PM To: arslist@ARSLIST.ORG Subject: Re: Single Sign-On (SiteMinder, Identity Manager) ** The Java System Solutions page on their sso plugin does the best job I've found of illustrating how I've seen SSO implemented with the mid-tier. http://www.javasystemsolutions.com/jss/ssoplugin http://www.javasystemsolutions.com/img/diagram/ssoplugin-midtier.png Not endorsing the product, as I've never used it, but there is a good write-up/illustrations on the page. It involves writing a custom AREA plug-in as well as customizations to login.jsp and custom servlets on the mid-tier server. There are BMC whitepapers on the subject as well, though I have not used them as we developed the sso solution using a 6.0.1 mid-tier server which did not have the Authenticator hooks the newer versions of mid-tier have. We can keep the discussion on the list; other people may have things to add and things to gain through visibility into the discussion. Axton Grams The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. On Tue, Mar 3, 2009 at 9:42 AM, Rodriguez, Rafael J x23718 rafael.rodrig...@broadridge.com wrote: ** Thanks Axton for the response. I'm aware that this would be a solution just for Mid-Tier. Can you provide any documentation or direction on this? If you would be willing we can have a brief discussion outside of the list? Thanks Rafael Rodriguez Manager Midtier/Remedy Enterprise Broadridge Financial Solutions Inc 201.714.3718 _ From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Axton Sent: Tuesday, March 03, 2009 10:07 AM To: arslist@ARSLIST.ORG Subject: Re: Single Sign-On (SiteMinder, Identity Manager) ** I have worked with SiteMinder sso integrations. It was an sso solution for the mid-tier; native clients still required a login. Axton Grams The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. On Tue, Mar 3, 2009 at 8:05 AM, Rodriguez, Rafael J x23718 rafael.rodrig...@broadridge.com wrote: Hello, Just wanted to find out if anyone has utilized SiteMinder or Identity Manager to implement Single Sign-On in there environment? Any ideas are welcome Thanks My environment is: IIS 6 Tomcat Servlet for Mid-Tier. ARS 7.0.1 Patch 6 SQL 2000 This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are __Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are html___ This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized
Single Sign-On (SiteMinder, Identity Manager)
Hello, Just wanted to find out if anyone has utilized SiteMinder or Identity Manager to implement Single Sign-On in there environment? Any ideas are welcome Thanks My environment is: IIS 6 Tomcat Servlet for Mid-Tier. ARS 7.0.1 Patch 6 SQL 2000 This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are
Re: Single Sign-On (SiteMinder, Identity Manager)
Thanks Axton for the response. I'm aware that this would be a solution just for Mid-Tier. Can you provide any documentation or direction on this? If you would be willing we can have a brief discussion outside of the list? Thanks Rafael Rodriguez Manager Midtier/Remedy Enterprise Broadridge Financial Solutions Inc 201.714.3718 From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Axton Sent: Tuesday, March 03, 2009 10:07 AM To: arslist@ARSLIST.ORG Subject: Re: Single Sign-On (SiteMinder, Identity Manager) ** I have worked with SiteMinder sso integrations. It was an sso solution for the mid-tier; native clients still required a login. Axton Grams The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. On Tue, Mar 3, 2009 at 8:05 AM, Rodriguez, Rafael J x23718 rafael.rodrig...@broadridge.com wrote: Hello, Just wanted to find out if anyone has utilized SiteMinder or Identity Manager to implement Single Sign-On in there environment? Any ideas are welcome Thanks My environment is: IIS 6 Tomcat Servlet for Mid-Tier. ARS 7.0.1 Patch 6 SQL 2000 This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are __Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are html___ This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are
Re: Single Sign-On (SiteMinder, Identity Manager)
The Java System Solutions page on their sso plugin does the best job I've found of illustrating how I've seen SSO implemented with the mid-tier. http://www.javasystemsolutions.com/jss/ssoplugin http://www.javasystemsolutions.com/img/diagram/ssoplugin-midtier.png Not endorsing the product, as I've never used it, but there is a good write-up/illustrations on the page. It involves writing a custom AREA plug-in as well as customizations to login.jsp and custom servlets on the mid-tier server. There are BMC whitepapers on the subject as well, though I have not used them as we developed the sso solution using a 6.0.1 mid-tier server which did not have the Authenticator hooks the newer versions of mid-tier have. We can keep the discussion on the list; other people may have things to add and things to gain through visibility into the discussion. Axton Grams The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. On Tue, Mar 3, 2009 at 9:42 AM, Rodriguez, Rafael J x23718 rafael.rodrig...@broadridge.com wrote: ** Thanks Axton for the response. I'm aware that this would be a solution just for Mid-Tier. Can you provide any documentation or direction on this? If you would be willing we can have a brief discussion outside of the list? Thanks * Rafael Rodriguez Manager Midtier/Remedy Enterprise Broadridge Financial Solutions Inc 201.714.3718 * -- *From:* Action Request System discussion list(ARSList) [mailto: arsl...@arslist.org] *On Behalf Of *Axton *Sent:* Tuesday, March 03, 2009 10:07 AM *To:* arslist@ARSLIST.ORG *Subject:* Re: Single Sign-On (SiteMinder, Identity Manager) ** I have worked with SiteMinder sso integrations. It was an sso solution for the mid-tier; native clients still required a login. Axton Grams The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. On Tue, Mar 3, 2009 at 8:05 AM, Rodriguez, Rafael J x23718 rafael.rodrig...@broadridge.com wrote: Hello, Just wanted to find out if anyone has utilized SiteMinder or Identity Manager to implement Single Sign-On in there environment? Any ideas are welcome Thanks My environment is: IIS 6 Tomcat Servlet for Mid-Tier. ARS 7.0.1 Patch 6 SQL 2000 This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are __Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are html___ This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system. __Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are html___ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are
Re: Single Sign-on...
David, Consider the following scenario: A client implements an SSO integration and naturally has to make various modifications to the out of the box sample code. Question 1: Will BMC rubber stamp the SSO implementation as secure and fit for purpose? The solution is deployed in an enterprise with thousands of users and after a while they discover that some users are being asked to provide Windows login credentials when accessing the Midtier. A call is placed to BMC support who can not diagnose the situation. Question 2. Can the user escalate the problem and get a priority resolution from BMC? Thanks !! Regards...Gidd _ From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Easter, David Sent: Wednesday, January 14, 2009 10:19 AM To: arslist@ARSLIST.ORG Subject: Re: Single Sign-on... ** Sample code is provided as is without warranty. However, if an issue is found with a supported portion of AR System (the AREA plug-in server, Mid-Tier, DLL integration with Remedy User, etc.) while using the sample code - and the issue can be isolated from the sample code or customer generated code - then, of course, BMC Support would treat the issue as a supported one. As has been the tradition in Support, most Support technicians will also attempt to provide best effort in answering questions or helping customers with issues even if not officially supported. -David J. Easter Sr. Product Manager, Solution Strategy and Development BMC Software, Inc. The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. _ From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Danny Kellett Sent: Wednesday, January 14, 2009 9:53 AM To: arslist@ARSLIST.ORG Subject: Re: Single Sign-on... ** David, What is the BMC Support standpoint if a customer uses the sample code from the support site and has issues with it? E.g. compiling, crashes the arplugin server etc? Thanks Danny From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Easter, David Sent: 14 January 2009 17:31 To: arslist@ARSLIST.ORG Subject: Re: Single Sign-on... ** The ability to integrate with SSO through either the WUT or the Mid-Tier was provided as part of AR System 7.0.01 back in 2006. This capability is still supported an the white paper provides additional information to individuals wishing to take advantage of the interface. I'm not sure what your question is asking, but the interface continues to be supported. No major changes have been made to the interfaces since AR System 7.0.01. -David J. Easter Sr. Product Manager, Solution Strategy and Development BMC Software, Inc. The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. _ From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of patrick zandi Sent: Tuesday, January 13, 2009 5:38 PM To: arslist@ARSLIST.ORG Subject: Re: Single Sign-on... ** Dave, Are you saying BMC is starting to provide additional support for this application? Are there any updates? to the code ? On Tue, Jan 13, 2009 at 4:42 PM, Easter, David david_eas...@bmc.com wrote: ** There is also a white paper available on BMC Support Central on how to integrate an SSO solution with AR System. 16-Oct-2006 Integrating BMC Remedy Action Request System with Single Sign-On (SSO) and Other Client-Side Login Intercept Technologies PDF http://www.bmc.com/supportu/documents/57/12/65712/65712.pdf -David J. Easter Sr. Product Manager, Solution Strategy and Development BMC Software, Inc. The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. _ From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Richard Copits Sent: Tuesday, January 13, 2009 12:44 PM To: arslist@ARSLIST.ORG Subject: Single Sign-on... ** Has anyone implemented a single signon in a 7.1 system and XP clients? How difficult is it? Any information on how to proceed would be appreciated... Thanks! The fact that someone owns a hammer and a saw doesn't make them a carpenter Portions
Re: Single Sign-on...
Thanks Dave!! The fact that someone owns a hammer and a saw doesn't make them a carpenter From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Easter, David Sent: Tuesday, January 13, 2009 4:43 PM To: arslist@ARSLIST.ORG Subject: Re: Single Sign-on... ** There is also a white paper available on BMC Support Central on how to integrate an SSO solution with AR System. 16-Oct-2006 Integrating BMC Remedy Action Request System with Single Sign-On (SSO) and Other Client-Side Login Intercept Technologies PDF http://www.bmc.com/supportu/documents/57/12/65712/65712.pdf -David J. Easter Sr. Product Manager, Solution Strategy and Development BMC Software, Inc. The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Richard Copits Sent: Tuesday, January 13, 2009 12:44 PM To: arslist@ARSLIST.ORG Subject: Single Sign-on... ** Has anyone implemented a single signon in a 7.1 system and XP clients? How difficult is it? Any information on how to proceed would be appreciated... Thanks! The fact that someone owns a hammer and a saw doesn't make them a carpenter Portions of this message may be confidential under an exemption to Ohio's public records law or under a legal privilege. If you have received this message in error or due to an unauthorized transmission or interception, please delete all copies from your system without disclosing, copying, or transmitting this message. __Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are html___ __Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are html___ Portions of this message may be confidential under an exemption to Ohio's public records law or under a legal privilege. If you have received this message in error or due to an unauthorized transmission or interception, please delete all copies from your system without disclosing, copying, or transmitting this message. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are
Re: Single Sign-on...
The ability to integrate with SSO through either the WUT or the Mid-Tier was provided as part of AR System 7.0.01 back in 2006. This capability is still supported an the white paper provides additional information to individuals wishing to take advantage of the interface. I'm not sure what your question is asking, but the interface continues to be supported. No major changes have been made to the interfaces since AR System 7.0.01. -David J. Easter Sr. Product Manager, Solution Strategy and Development BMC Software, Inc. The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of patrick zandi Sent: Tuesday, January 13, 2009 5:38 PM To: arslist@ARSLIST.ORG Subject: Re: Single Sign-on... ** Dave, Are you saying BMC is starting to provide additional support for this application? Are there any updates? to the code ? On Tue, Jan 13, 2009 at 4:42 PM, Easter, David david_eas...@bmc.com wrote: ** There is also a white paper available on BMC Support Central on how to integrate an SSO solution with AR System. 16-Oct-2006 Integrating BMC Remedy Action Request System with Single Sign-On (SSO) and Other Client-Side Login Intercept Technologies PDF http://www.bmc.com/supportu/documents/57/12/65712/65712.pdf -David J. Easter Sr. Product Manager, Solution Strategy and Development BMC Software, Inc. The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Richard Copits Sent: Tuesday, January 13, 2009 12:44 PM To: arslist@ARSLIST.ORG Subject: Single Sign-on... ** Has anyone implemented a single signon in a 7.1 system and XP clients? How difficult is it? Any information on how to proceed would be appreciated... Thanks! The fact that someone owns a hammer and a saw doesn't make them a carpenter Portions of this message may be confidential under an exemption to Ohio's public records law or under a legal privilege. If you have received this message in error or due to an unauthorized transmission or interception, please delete all copies from your system without disclosing, copying, or transmitting this message. __Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are html___ __Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are html___ -- Patrick Zandi __Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are html___ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are
Re: Single Sign-on...
David, What is the BMC Support standpoint if a customer uses the sample code from the support site and has issues with it? E.g. compiling, crashes the arplugin server etc? Thanks Danny From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Easter, David Sent: 14 January 2009 17:31 To: arslist@ARSLIST.ORG Subject: Re: Single Sign-on... ** The ability to integrate with SSO through either the WUT or the Mid-Tier was provided as part of AR System 7.0.01 back in 2006. This capability is still supported an the white paper provides additional information to individuals wishing to take advantage of the interface. I'm not sure what your question is asking, but the interface continues to be supported. No major changes have been made to the interfaces since AR System 7.0.01. -David J. Easter Sr. Product Manager, Solution Strategy and Development BMC Software, Inc. The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. _ From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of patrick zandi Sent: Tuesday, January 13, 2009 5:38 PM To: arslist@ARSLIST.ORG Subject: Re: Single Sign-on... ** Dave, Are you saying BMC is starting to provide additional support for this application? Are there any updates? to the code ? On Tue, Jan 13, 2009 at 4:42 PM, Easter, David david_eas...@bmc.com wrote: ** There is also a white paper available on BMC Support Central on how to integrate an SSO solution with AR System. 16-Oct-2006 Integrating BMC Remedy Action Request System with Single Sign-On (SSO) and Other Client-Side Login Intercept Technologies PDF http://www.bmc.com/supportu/documents/57/12/65712/65712.pdf -David J. Easter Sr. Product Manager, Solution Strategy and Development BMC Software, Inc. The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. _ From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Richard Copits Sent: Tuesday, January 13, 2009 12:44 PM To: arslist@ARSLIST.ORG Subject: Single Sign-on... ** Has anyone implemented a single signon in a 7.1 system and XP clients? How difficult is it? Any information on how to proceed would be appreciated... Thanks! The fact that someone owns a hammer and a saw doesn't make them a carpenter Portions of this message may be confidential under an exemption to Ohio's public records law or under a legal privilege. If you have received this message in error or due to an unauthorized transmission or interception, please delete all copies from your system without disclosing, copying, or transmitting this message. __Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are html___ __Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are html___ -- Patrick Zandi __Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are html___ __Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are html___ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are
Re: Single Sign-on...
Richard, Java Systems has an OOTB SSO solution that is sweet. Here is a link to their products: http://www.javasystemsolutions.com/jss/solutions You might like to ping Tim Widowfield, he has done a few integrations for them. HTH Regards...Gidd _ From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Richard Copits Sent: Tuesday, January 13, 2009 12:44 PM To: arslist@ARSLIST.ORG Subject: Single Sign-on... ** Has anyone implemented a single signon in a 7.1 system and XP clients? How difficult is it? Any information on how to proceed would be appreciated... Thanks! The fact that someone owns a hammer and a saw doesn't make them a carpenter Portions of this message may be confidential under an exemption to Ohio's public records law or under a legal privilege. If you have received this message in error or due to an unauthorized transmission or interception, please delete all copies from your system without disclosing, copying, or transmitting this message. __Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are html___ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are
Re: Single Sign-on...
Thanks! The fact that someone owns a hammer and a saw doesn't make them a carpenter From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Gidd Sent: Tuesday, January 13, 2009 3:52 PM To: arslist@ARSLIST.ORG Subject: Re: Single Sign-on... ** Richard, Java Systems has an OOTB SSO solution that is sweet. Here is a link to their products: http://www.javasystemsolutions.com/jss/solutions You might like to ping Tim Widowfield, he has done a few integrations for them. HTH Regards...Gidd From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Richard Copits Sent: Tuesday, January 13, 2009 12:44 PM To: arslist@ARSLIST.ORG Subject: Single Sign-on... ** Has anyone implemented a single signon in a 7.1 system and XP clients? How difficult is it? Any information on how to proceed would be appreciated... Thanks! The fact that someone owns a hammer and a saw doesn't make them a carpenter Portions of this message may be confidential under an exemption to Ohio's public records law or under a legal privilege. If you have received this message in error or due to an unauthorized transmission or interception, please delete all copies from your system without disclosing, copying, or transmitting this message. __Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are html___ __Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are html___ Portions of this message may be confidential under an exemption to Ohio's public records law or under a legal privilege. If you have received this message in error or due to an unauthorized transmission or interception, please delete all copies from your system without disclosing, copying, or transmitting this message. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are
Re: Single Sign-on...
There is also a white paper available on BMC Support Central on how to integrate an SSO solution with AR System. 16-Oct-2006 Integrating BMC Remedy Action Request System with Single Sign-On (SSO) and Other Client-Side Login Intercept Technologies PDF http://www.bmc.com/supportu/documents/57/12/65712/65712.pdf -David J. Easter Sr. Product Manager, Solution Strategy and Development BMC Software, Inc. The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Richard Copits Sent: Tuesday, January 13, 2009 12:44 PM To: arslist@ARSLIST.ORG Subject: Single Sign-on... ** Has anyone implemented a single signon in a 7.1 system and XP clients? How difficult is it? Any information on how to proceed would be appreciated... Thanks! The fact that someone owns a hammer and a saw doesn't make them a carpenter Portions of this message may be confidential under an exemption to Ohio's public records law or under a legal privilege. If you have received this message in error or due to an unauthorized transmission or interception, please delete all copies from your system without disclosing, copying, or transmitting this message. __Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are html___ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are
Re: Single Sign-on...
Dave, Are you saying BMC is starting to provide additional support for this application? Are there any updates? to the code ? On Tue, Jan 13, 2009 at 4:42 PM, Easter, David david_eas...@bmc.com wrote: ** There is also a white paper available on BMC Support Central on how to integrate an SSO solution with AR System. 16-Oct-2006 Integrating BMC Remedy Action Request System with Single Sign-On (SSO) and Other Client-Side Login Intercept Technologies PDFhttp://www.bmc.com/supportu/documents/57/12/65712/65712.pdf -David J. Easter Sr. Product Manager, Solution Strategy and Development BMC Software, Inc. The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. -- *From:* Action Request System discussion list(ARSList) [mailto: arsl...@arslist.org] *On Behalf Of *Richard Copits *Sent:* Tuesday, January 13, 2009 12:44 PM *To:* arslist@ARSLIST.ORG *Subject:* Single Sign-on... ** Has anyone implemented a single signon in a 7.1 system and XP clients? How difficult is it? Any information on how to proceed would be appreciated... Thanks! * * * * *The fact that someone owns a hammer and a saw doesn't make them a carpenter** * Portions of this message may be confidential under an exemption to Ohio's public records law or under a legal privilege. If you have received this message in error or due to an unauthorized transmission or interception, please delete all copies from your system without disclosing, copying, or transmitting this message. __Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are html___ __Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are html___ -- Patrick Zandi ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: RMI Solutions ARSlist: Where the Answers Are
Re: Single Sign On (SSO) Issue
Well one error message you are getting is this - Connects to ARServer servername through Java Rpc failed with: ERROR (90): Cannot establish a network connection to the AR System server; Connection refused: connect servername When you bring up the mid tier what error message do you get. Are you sure your mid tier is configured with the correct server name, mid tier password, etc... From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of sivarama velicheti Sent: Friday, November 21, 2008 4:05 PM To: arslist@ARSLIST.ORG Subject: Re: Single Sign On (SSO) Issue ** Hi Kevin, I am attaching my log files. Let me know in case you find anything. I have hit a dead end and do not know what more to do. Thanks Sivarama __Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are html___ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
Re: Single Sign On (SSO) Issue
Hi Kevin, The servername and password has been set up correctly for the Mid-Tier because if it was not then I would not be able to login and access the server tables which I am able to right now (once I provide the credentials). I am able to perform all the operations that I am able to with the user tool. I am concerned that the plugin server might be giving some problems. But then again the server is currently set up to authenticate users against the LDAP server and it is working fine. So it does not seem to be the problem with the plugin server either. Thanks Sivarama ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
Re: Single Sign On (SSO) Issue
The issue I was having with this was related to Tomcat using authentication and not letting IIS handle it. It was fixed but added the following line to the server.xml file under tomcat for the connector I was using, tomcatAuthentication=false that way it uses IIS and not tomcat. SSO is working for me now. Kevin Begosh, RSP Tech Ops Enterprise Business Services 301-791-3540 Phone 410-422-3623 Cell [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of sivarama velicheti Sent: Wednesday, November 19, 2008 1:52 PM To: arslist@ARSLIST.ORG Subject: Re: Single Sign On (SSO) Issue ** Hi Kevin, Did you make any progress in the issue. I sat the entire day yesterday but I have nothing to share from my side. Thanks Sivarama __Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are html___ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
Re: Single Sign On (SSO) Issue
Hi Kevin, I had that in tomcat before you mentioned it. But still does not seem to be working for me. What do you have as your authentication chaning mode I wonder?? I have IIS to use the integrated windows login but somehow it does not seem to pick that up. Thanks Siva - ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
Re: Single Sign On (SSO) Issue
well there are a slew of things that could be wrong. If you could send me some logs that might help. Kevin Begosh, RSP Tech Ops Enterprise Business Services 301-791-3540 Phone 410-422-3623 Cell [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of sivarama velicheti Sent: Friday, November 21, 2008 12:53 PM To: arslist@ARSLIST.ORG Subject: Re: Single Sign On (SSO) Issue ** Hi Kevin, I had that in tomcat before you mentioned it. But still does not seem to be working for me. What do you have as your authentication chaning mode I wonder?? I have IIS to use the integrated windows login but somehow it does not seem to pick that up. Thanks Siva - __Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are html___ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
Re: Single Sign On (SSO) Issue
I was on travel all day yesterday so I did not have time to work on it. I hopefully will in the next couple of days. Kevin Begosh, RSP Tech Ops Enterprise Business Services 301-791-3540 Phone 410-422-3623 Cell [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of sivarama velicheti Sent: Wednesday, November 19, 2008 1:52 PM To: arslist@ARSLIST.ORG Subject: Re: Single Sign On (SSO) Issue ** Hi Kevin, Did you make any progress in the issue. I sat the entire day yesterday but I have nothing to share from my side. Thanks Sivarama __Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are html___ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
Re: Single Sign On (SSO) Issue
Hi Kevin, Did you make any progress in the issue. I sat the entire day yesterday but I have nothing to share from my side. Thanks Sivarama ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
Re: Single Sign On (SSO) Issue
++ Please Read The Disclaimer At The Bottom Of This Email ++ Kevin, I would look at the code in your custom authenticator jar file located on the mid tier and see how it works out the user name. It seems that after the migration it cannot get the user name. Hope this gets you some idea. Jiri Pospisil IT Services LCH.Clearnet From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Begosh, Kevin Sent: 17 November 2008 23:11 To: arslist@ARSLIST.ORG Subject: Single Sign On (SSO) Issue ** I am having an issue with Single Sign On. I have a current environment for the mid tier, IIS, Servlet Exec where SSO works. We are looking to change from Servlet to Tomcat on our mid tier servers. In doing so it looks like SSO is not working anymore. SSO is not Supported by BMC from what I have been told so my options are limited. I was told by BMC that there should be no issue changing what we have with SSO from Servlet exec to tomcat. We are on mid tier 7.1 patch 4, windows 2003, IIS. All the configurations on the AR Server is fine because it was working before. When I load the mid tier the log in screen pops up and no visible errors appear. From logging I am getting the following issues - Trying to load configuration arsys_api.xml - Could not load optional configuration arsys_api.xml - Trying to load configuration default.xml - constructor(arcatalog) - Trying to load configuration arsys_api.xml - Could not load optional configuration arsys_api.xml - Trying to load configuration default.xml - Connects to ARServer *servername* through [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] - Api source is identified as: AP675689916919Q6UhSQhwYAAAKQAA SSO: Initialization: Version 2.05e SSO: Property values were loaded. usermethod:remoteuser usercase:lower removedomain:T headername: attname: authmethod:default authcustom: debuglogging:T - Unable to find required classes (javax.activation.DataHandler and javax.mail.internet.MimeMultipart). Attachment support is disabled. SSO ERROR: RemoteUser name is null or empty. Using default login page - Connects to ARServer *servername* through [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] SSO ERROR: RemoteUser name is null or empty. Using default login page SSO ERROR: RemoteUser name is null or empty. Using default login page it also makes reference to the custom authenticator failed, and that it is using the default one. And for the sake of the email I removed my server name under *servername*, so that part was just my servers name. Kevin Begosh, RSP Tech Ops Enterprise Business Services 301-791-3540 Phone 410-422-3623 Cell [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] __Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are html___ * This email is intended for the named recipient(s) only. Its contents are confidential and may only be retained by the named recipient(s) and may only be copied or disclosed with the consent of LCH.Clearnet Limited. If you are not an intended recipient please delete this e-mail and notify [EMAIL PROTECTED] The contents of this email are subject to contract in all cases, and LCH.Clearnet Limited makes no contractual commitment save where confirmed by hard copy. LCH.Clearnet Limited accepts no liability, including liability for negligence, in respect of any statement in this email. LCH.Clearnet Limited, Registered Office: Aldgate House, 33 Aldgate High Street, London EC3N 1EA.Recognised as a Clearing House under the Financial Services Markets Act 2000. Reg in England No.25932 Telephone: +44 20 7426 7000 Internet: http://www.lchclearnet.com * ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
Re: Single Sign On (SSO) Issue
well according to BMC the mid tier plug-in jar file I have should work for both, it is not specific to Tomcat or Servlet Exec Kevin Begosh, RSP Tech Ops Enterprise Business Services 301-791-3540 Phone 410-422-3623 Cell [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Jiri Pospisil Sent: Tuesday, November 18, 2008 4:20 AM To: arslist@ARSLIST.ORG Subject: Re: Single Sign On (SSO) Issue ** ++ Please Read The Disclaimer At The Bottom Of This Email ++ Kevin, I would look at the code in your custom authenticator jar file located on the mid tier and see how it works out the user name. It seems that after the migration it cannot get the user name. Hope this gets you some idea. Jiri Pospisil IT Services LCH.Clearnet From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Begosh, Kevin Sent: 17 November 2008 23:11 To: arslist@ARSLIST.ORG Subject: Single Sign On (SSO) Issue ** I am having an issue with Single Sign On. I have a current environment for the mid tier, IIS, Servlet Exec where SSO works. We are looking to change from Servlet to Tomcat on our mid tier servers. In doing so it looks like SSO is not working anymore. SSO is not Supported by BMC from what I have been told so my options are limited. I was told by BMC that there should be no issue changing what we have with SSO from Servlet exec to tomcat. We are on mid tier 7.1 patch 4, windows 2003, IIS. All the configurations on the AR Server is fine because it was working before. When I load the mid tier the log in screen pops up and no visible errors appear. From logging I am getting the following issues - Trying to load configuration arsys_api.xml - Could not load optional configuration arsys_api.xml - Trying to load configuration default.xml - constructor(arcatalog) - Trying to load configuration arsys_api.xml - Could not load optional configuration arsys_api.xml - Trying to load configuration default.xml - Connects to ARServer *servername* through [EMAIL PROTECTED] - Api source is identified as: AP675689916919Q6UhSQhwYAAAKQAA SSO: Initialization: Version 2.05e SSO: Property values were loaded. usermethod:remoteuser usercase:lower removedomain:T headername: attname: authmethod:default authcustom: debuglogging:T - Unable to find required classes (javax.activation.DataHandler and javax.mail.internet.MimeMultipart). Attachment support is disabled. SSO ERROR: RemoteUser name is null or empty. Using default login page - Connects to ARServer *servername* through [EMAIL PROTECTED] SSO ERROR: RemoteUser name is null or empty. Using default login page SSO ERROR: RemoteUser name is null or empty. Using default login page it also makes reference to the custom authenticator failed, and that it is using the default one. And for the sake of the email I removed my server name under *servername*, so that part was just my servers name. Kevin Begosh, RSP Tech Ops Enterprise Business Services 301-791-3540 Phone 410-422-3623 Cell [EMAIL PROTECTED] __Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are html___ * This email is intended for the named recipient(s) only. Its contents are confidential and may only be retained by the named recipient(s) and may only be copied or disclosed with the consent of LCH.Clearnet Limited. If you are not an intended recipient please delete this e-mail and notify [EMAIL PROTECTED] The contents of this email are subject to contract in all cases, and LCH.Clearnet Limited makes no contractual commitment save where confirmed by hard copy. LCH.Clearnet Limited accepts no liability, including liability for negligence, in respect of any statement in this email. LCH.Clearnet Limited, Registered Office: Aldgate House, 33 Aldgate High Street, London EC3N 1EA. Recognised as a Clearing House under the Financial Services Markets Act 2000. Reg in England No.25932 Telephone: +44 20 7426 7000 Internet: http://www.lchclearnet.com * __Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are html___ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
Re: Single Sign On (SSO) Issue
Also the reason I think this is failing is because for some reason with Tomcat it is not get the user name from IIS. I do have integrated windows authentication on. Kevin Begosh, RSP Tech Ops Enterprise Business Services 301-791-3540 Phone 410-422-3623 Cell [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Jiri Pospisil Sent: Tuesday, November 18, 2008 4:20 AM To: arslist@ARSLIST.ORG Subject: Re: Single Sign On (SSO) Issue ** ++ Please Read The Disclaimer At The Bottom Of This Email ++ Kevin, I would look at the code in your custom authenticator jar file located on the mid tier and see how it works out the user name. It seems that after the migration it cannot get the user name. Hope this gets you some idea. Jiri Pospisil IT Services LCH.Clearnet From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Begosh, Kevin Sent: 17 November 2008 23:11 To: arslist@ARSLIST.ORG Subject: Single Sign On (SSO) Issue ** I am having an issue with Single Sign On. I have a current environment for the mid tier, IIS, Servlet Exec where SSO works. We are looking to change from Servlet to Tomcat on our mid tier servers. In doing so it looks like SSO is not working anymore. SSO is not Supported by BMC from what I have been told so my options are limited. I was told by BMC that there should be no issue changing what we have with SSO from Servlet exec to tomcat. We are on mid tier 7.1 patch 4, windows 2003, IIS. All the configurations on the AR Server is fine because it was working before. When I load the mid tier the log in screen pops up and no visible errors appear. From logging I am getting the following issues - Trying to load configuration arsys_api.xml - Could not load optional configuration arsys_api.xml - Trying to load configuration default.xml - constructor(arcatalog) - Trying to load configuration arsys_api.xml - Could not load optional configuration arsys_api.xml - Trying to load configuration default.xml - Connects to ARServer *servername* through [EMAIL PROTECTED] - Api source is identified as: AP675689916919Q6UhSQhwYAAAKQAA SSO: Initialization: Version 2.05e SSO: Property values were loaded. usermethod:remoteuser usercase:lower removedomain:T headername: attname: authmethod:default authcustom: debuglogging:T - Unable to find required classes (javax.activation.DataHandler and javax.mail.internet.MimeMultipart). Attachment support is disabled. SSO ERROR: RemoteUser name is null or empty. Using default login page - Connects to ARServer *servername* through [EMAIL PROTECTED] SSO ERROR: RemoteUser name is null or empty. Using default login page SSO ERROR: RemoteUser name is null or empty. Using default login page it also makes reference to the custom authenticator failed, and that it is using the default one. And for the sake of the email I removed my server name under *servername*, so that part was just my servers name. Kevin Begosh, RSP Tech Ops Enterprise Business Services 301-791-3540 Phone 410-422-3623 Cell [EMAIL PROTECTED] __Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are html___ * This email is intended for the named recipient(s) only. Its contents are confidential and may only be retained by the named recipient(s) and may only be copied or disclosed with the consent of LCH.Clearnet Limited. If you are not an intended recipient please delete this e-mail and notify [EMAIL PROTECTED] The contents of this email are subject to contract in all cases, and LCH.Clearnet Limited makes no contractual commitment save where confirmed by hard copy. LCH.Clearnet Limited accepts no liability, including liability for negligence, in respect of any statement in this email. LCH.Clearnet Limited, Registered Office: Aldgate House, 33 Aldgate High Street, London EC3N 1EA. Recognised as a Clearing House under the Financial Services Markets Act 2000. Reg in England No.25932 Telephone: +44 20 7426 7000 Internet: http://www.lchclearnet.com * __Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are html___ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
Re: Single Sign On (SSO) Issue
Hi Kevin, I am facing the exact same problem with my SSO integration. Let me know in case you make any progress in that case and I will let you know in case I have any updates. Thanks Siva ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
Re: Single Sign On (SSO) Issue
okay sounds good. That is with Tomcat? Kevin Begosh, RSP Tech Ops Enterprise Business Services 301-791-3540 Phone 410-422-3623 Cell [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of sivarama velicheti Sent: Tuesday, November 18, 2008 12:07 PM To: arslist@ARSLIST.ORG Subject: Re: Single Sign On (SSO) Issue ** Hi Kevin, I am facing the exact same problem with my SSO integration. Let me know in case you make any progress in that case and I will let you know in case I have any updates. Thanks Siva __Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are html___ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
Re: Single Sign On (SSO) Issue
Yep IIS Tomcat. Thanks Siva ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
Single Sign On (SSO) Issue
I am having an issue with Single Sign On. I have a current environment for the mid tier, IIS, Servlet Exec where SSO works. We are looking to change from Servlet to Tomcat on our mid tier servers. In doing so it looks like SSO is not working anymore. SSO is not Supported by BMC from what I have been told so my options are limited. I was told by BMC that there should be no issue changing what we have with SSO from Servlet exec to tomcat. We are on mid tier 7.1 patch 4, windows 2003, IIS. All the configurations on the AR Server is fine because it was working before. When I load the mid tier the log in screen pops up and no visible errors appear. From logging I am getting the following issues - Trying to load configuration arsys_api.xml - Could not load optional configuration arsys_api.xml - Trying to load configuration default.xml - constructor(arcatalog) - Trying to load configuration arsys_api.xml - Could not load optional configuration arsys_api.xml - Trying to load configuration default.xml - Connects to ARServer *servername* through [EMAIL PROTECTED] - Api source is identified as: AP675689916919Q6UhSQhwYAAAKQAA SSO: Initialization: Version 2.05e SSO: Property values were loaded. usermethod:remoteuser usercase:lower removedomain:T headername: attname: authmethod:default authcustom: debuglogging:T - Unable to find required classes (javax.activation.DataHandler and javax.mail.internet.MimeMultipart). Attachment support is disabled. SSO ERROR: RemoteUser name is null or empty. Using default login page - Connects to ARServer *servername* through [EMAIL PROTECTED] SSO ERROR: RemoteUser name is null or empty. Using default login page SSO ERROR: RemoteUser name is null or empty. Using default login page it also makes reference to the custom authenticator failed, and that it is using the default one. And for the sake of the email I removed my server name under *servername*, so that part was just my servers name. Kevin Begosh, RSP Tech Ops Enterprise Business Services 301-791-3540 Phone 410-422-3623 Cell [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
Single Sign On
Hi Guys, I am trying to implement single sign for my current remedy system. Can anyone please guide me as to how to implement that. Any documents that you can forward me to would be good as well. I am having the following setup running. OS: Windows 2003 R2 Database: MS SQL Server 2005 (Remote) AR Server 7.1.00 Mid-Tier 7.1.00 hosted on IIS 6 and Tomcat 5.5 servlet engine. Would it require customization to implement single sign on or just making configuration changes, I have no idea whatsoever please guide me. Thanks -- Sivarama Velicheti ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
Re: Single Sign On
Have you searched BMC developer network? -Original Message- From: sivarama velicheti [EMAIL PROTECTED] To: arslist@ARSLIST.ORG Sent: Tue, 22 Jul 2008 7:51 pm Subject: Single Sign On ** Hi Guys, ?? I am trying to implement single sign for my current remedy system. Can anyone please guide me as to how to implement that. Any documents that you can forward me to would be good as well. I am having the following setup running. ?OS: Windows 2003 R2 ?Database: MS SQL Server 2005 (Remote) ?AR Server 7.1.00 ?Mid-Tier 7.1.00 hosted on IIS 6 and Tomcat 5.5 servlet engine. Would it require customization to implement single sign on or just making configuration changes, I have no idea whatsoever please guide me. ?Thanks -- Sivarama Velicheti __Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are html___ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
Re: Single Sign On
Roger's suggestion is a good one. After logging in, type SSO into the Search BMC DN field. The first forum hit is a thread on SSO for AR System. You may also wish to use the archive search for ARSList in places where it is available: http://listserv.rbugs.com/cgi-bin/wa.exe?S1=arslistX=- http://www.nabble.com/ARS-(Action-Request-System)-f716.html -David J. Easter Sr. Product Manager, Solution Strategy and Development BMC Software, Inc. The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Roger Justice Sent: Tuesday, July 22, 2008 5:01 PM To: arslist@ARSLIST.ORG Subject: Re: Single Sign On ** Have you searched BMC developer network? -Original Message- From: sivarama velicheti [EMAIL PROTECTED] To: arslist@ARSLIST.ORG Sent: Tue, 22 Jul 2008 7:51 pm Subject: Single Sign On ** Hi Guys, I am trying to implement single sign for my current remedy system. Can anyone please guide me as to how to implement that. Any documents that you can forward me to would be good as well. I am having the following setup running. OS: Windows 2003 R2 Database: MS SQL Server 2005 (Remote) AR Server 7.1.00 Mid-Tier 7.1.00 hosted on IIS 6 and Tomcat 5.5 servlet engine. Would it require customization to implement single sign on or just making configuration changes, I have no idea whatsoever please guide me 's Thanks -- Sivarama Velicheti __Platinum Sponsor: www.rmsportal.com http://www.rmsportal.com/ ARSlist: Where the Answers Are html___ The Famous, the Infamous, the Lame - in your browser. Get the TMZ Toolbar Now http://toolbar.aol.com/tmz/download.html?NCID=aolcmp000514 ! __Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are html___ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
Re: Single Sign On
Hi Sivarama, I would like to suggest integrating the BMC Remedy Mid Tier and BMC Remedy AR System server with the Single Sign On. I have done integration with the Oracle Application Server (OracleAS) Single Sign-On (SSO). Even you can do with BMC Web Access Manager (WAM) Single Sign-On (SSO). To integrate the BMC Remedy Mid Tier and BMC Remedy AR System server with your SSO solution, you must be familiar with all components and know how to Configure them. This includes: * LDAP directory server * Web server * Web application server (servlet container) * SSO solution * AR System server and mid tier After that follow below steps:-- This is for OracleAS Integration.. 1. The OracleAS is installed, configured, and running correctly on a platform BMC supports for BMC Remedy Mid Tier. 2. The Oracle Internet Directory server is installed, configured, and running correctly. 3. The OracleAS SSO is installed, configured, and running correctly. 4. The BMC Remedy Mid Tier is installed, configured, and running correctly on the OracleAS. 5. Add the BMC Remedy Mid Tier to Oracle SSO as an external application as described in the Oracle Application Server Single Sign-On Administrator's Guide. 6. In web app install dir/WEB-INF/classes, edit config.properties. a. Replace: arsystem.authenticator=com.remedy.arsys.session.DefaultAuthenticator with:arsystem.authenticator=com.remedy.arsys.sso.OracleAuthenticator (for OracleAS SSO) b. If required, replace the value of the arsystem.authenticator.sso.enckey entry with the encrypted key you created in step 1. For example: arsystem.authenticator.sso.enckey=105269288E76C311410B6595D6E52791 7. Stop and restart the servlet container running the BMC Remedy Mid Tier. Configuring the SSO LDAP Plug-In 1. Copy the ssoldap.dll or ssoldap.so AREA plug-in file to the AR System server install directory. 2. Edit AR System configuration file (ar.conf or ar.cfg), and add Plugin: ssoldap.dll (for Windows) or Plugin: ssoldap.so (for UNIX) or, if you are using the AREA hub, add AREA-Hub-Plugin: ssoldap.dll (for Windows) or AREA-Hub-Plugin: ssoldap.so (for UNIX) 3. Using the Remedy Administrator a. Import ssoldap.def. b. Make sure you have set up the mapping of LDAP groups to AR System groups on the External Authentication tab of the Server Information dialog box. 4. Stop and restart the AR System server so that the plug-in server loads the plug-ins. 5. Using BMC Remedy User or the mid tier, log in to the AR System server as a user in the Administrator group, open the SSO LDAP Configuration form, and complete it as follows: Encryption Key: arsystem (or the cleartext key you chose when you created the encrypted key value for arsystem.authenticator.sso.enckey) SSO Vendor: (Select your SSO solution.) Group Membership: None Roles List: (Name the LDAP attribute that lists the user roles. For example, the roledn attribute contains role definitions for some LDAP systems. Add any default roles in the Default Value field.) other fields: (Same as those for the AREA LDAP Configuration form. See the section on Configuring the AREA LDAP plug-in in the Integrating with Plug-ins and Third-Party Products guide.) 6. Stop and restart the BMC Remedy AR System server. Hope this helps... Regards, Sandeep Vyom Labs Pvt. Ltd. An ISO 2 certified company. Consulting | Outsourcing | Training || BMC Remedy BSM | ITIL Web : www.vyomlabs.com _ From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of sivarama velicheti Sent: Wednesday, July 23, 2008 5:21 AM To: arslist@ARSLIST.ORG Subject: Single Sign On ** Hi Guys, I am trying to implement single sign for my current remedy system. Can anyone please guide me as to how to implement that. Any documents that you can forward me to would be good as well. I am having the following setup running. OS: Windows 2003 R2 Database: MS SQL Server 2005 (Remote) AR Server 7.1.00 Mid-Tier 7.1.00 hosted on IIS 6 and Tomcat 5.5 servlet engine. Would it require customization to implement single sign on or just making configuration changes, I have no idea whatsoever please guide me. Thanks -- Sivarama Velicheti __Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are html___ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
Re: IIS remoteuser for Single-Sign On
I added the mid tier ip address as well as 127.0.0.1 just in case. -Original Message- From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Roney Varghese Sent: Monday, April 28, 2008 4:18 PM To: arslist@ARSLIST.ORG Subject: Re: IIS remoteuser for Single-Sign On Dear Shawn, Have you added the midtier ip address to the areasso.cfg file in the AR Server/conf folder? Regards, Roney Varghese Sent from my iPhone On Apr 28, 2008, at 3:34 PM, Pierson, Shawn [EMAIL PROTECTED] wrote: Thanks Jarl, That got me much further, and I can see that my login name is being passed now. However, I'm still having issues which I'll bring up below. The output log says: SSO: Remote User Name (including domain): energy\spierson SSO: Remote User Name (no domain): spierson SSO: Setting username to lower case... SSO: Authenticating with username: spierson SSO: Using AuthString: Qk1DIFJlbWVkeSBBUlN5c3RlbQ== ARERR [623] Authentication failed So now it's clear that it is trying to pass my information, but for some reason the authentication is still failing. Any ideas on what the next step in troubleshooting this should be? Thanks again, Shawn Pierson -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG ] On Behalf Of Jarl Grøneng Sent: Monday, April 28, 2008 3:10 PM To: arslist@ARSLIST.ORG Subject: Re: IIS remoteuser for Single-Sign On Try change this in ..\Tomcat 5.5\conf\server.xml to this: Connector port=8009 tomcatAuthentication=false enableLookups=false redirectPort=8443 protocol=AJP/1.3 / The one you change is: tomcatAuthentication=true to tomcatAuthentication=false -- Jarl On Mon, Apr 28, 2008 at 8:33 PM, Pierson, Shawn [EMAIL PROTECTED] wrote: ** Good afternoon, I'm trying to set up single sign on for the mid tier and have almost everything working. The one thing that still seems to be a problem is getting IIS to pass the authenticated user to Jakarta. When I try to log into Remedy, I get the following in my tomcat logs: SSO: Initialization: Version 2.04 SSO: Property values were loaded. usermethod:remoteuser usercase:lower removedomain:T headername: attname: authmethod:default authcustom: debuglogging:T SSO ERROR: RemoteUser name is null or empty. Using default login page This doesn't really help explain why it's happening, so in the debug log file but it does at least show that the sso.properties file is being read correctly. Within IIS I have it set only to Integrated Windows Authentication and nothing else on the Authentication Methods form. I think IIS isn't passing the Remote_User variable over to Jakarta, but I'm not really sure where I can verify that. Does anyone else have any suggestions for me to try? I'm on Mid Tier 7.0.1 p6 with Apache Tomcat and IIS authenticating against Active Directory. Thanks, Shawn Pierson Private and confidential as detailed here. If you cannot access hyperlink, please e-mail sender. __Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are html___ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are Private and confidential as detailed here: http://www.sug.com/disclaimers/default.htm#Mail . If you cannot access the link, please e-mail sender. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are Private and confidential as detailed here: http://www.sug.com/disclaimers/default.htm#Mail . If you cannot access the link, please e-mail sender.
Re: IIS remoteuser for Single-Sign On
Turn on ur plugin logs(fine) and let me know what auth error u see in there? Regards, Roney Varghese Sent from my iPhone On Apr 29, 2008, at 7:12 AM, Pierson, Shawn [EMAIL PROTECTED] wrote: I added the mid tier ip address as well as 127.0.0.1 just in case. -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG ] On Behalf Of Roney Varghese Sent: Monday, April 28, 2008 4:18 PM To: arslist@ARSLIST.ORG Subject: Re: IIS remoteuser for Single-Sign On Dear Shawn, Have you added the midtier ip address to the areasso.cfg file in the AR Server/conf folder? Regards, Roney Varghese Sent from my iPhone On Apr 28, 2008, at 3:34 PM, Pierson, Shawn [EMAIL PROTECTED] wrote: Thanks Jarl, That got me much further, and I can see that my login name is being passed now. However, I'm still having issues which I'll bring up below. The output log says: SSO: Remote User Name (including domain): energy\spierson SSO: Remote User Name (no domain): spierson SSO: Setting username to lower case... SSO: Authenticating with username: spierson SSO: Using AuthString: Qk1DIFJlbWVkeSBBUlN5c3RlbQ== ARERR [623] Authentication failed So now it's clear that it is trying to pass my information, but for some reason the authentication is still failing. Any ideas on what the next step in troubleshooting this should be? Thanks again, Shawn Pierson -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG ] On Behalf Of Jarl Grøneng Sent: Monday, April 28, 2008 3:10 PM To: arslist@ARSLIST.ORG Subject: Re: IIS remoteuser for Single-Sign On Try change this in ..\Tomcat 5.5\conf\server.xml to this: Connector port=8009 tomcatAuthentication=false enableLookups=false redirectPort=8443 protocol=AJP/1.3 / The one you change is: tomcatAuthentication=true to tomcatAuthentication=false -- Jarl On Mon, Apr 28, 2008 at 8:33 PM, Pierson, Shawn [EMAIL PROTECTED] wrote: ** Good afternoon, I'm trying to set up single sign on for the mid tier and have almost everything working. The one thing that still seems to be a problem is getting IIS to pass the authenticated user to Jakarta. When I try to log into Remedy, I get the following in my tomcat logs: SSO: Initialization: Version 2.04 SSO: Property values were loaded. usermethod:remoteuser usercase:lower removedomain:T headername: attname: authmethod:default authcustom: debuglogging:T SSO ERROR: RemoteUser name is null or empty. Using default login page This doesn't really help explain why it's happening, so in the debug log file but it does at least show that the sso.properties file is being read correctly. Within IIS I have it set only to Integrated Windows Authentication and nothing else on the Authentication Methods form. I think IIS isn't passing the Remote_User variable over to Jakarta, but I'm not really sure where I can verify that. Does anyone else have any suggestions for me to try? I'm on Mid Tier 7.0.1 p6 with Apache Tomcat and IIS authenticating against Active Directory. Thanks, Shawn Pierson Private and confidential as detailed here. If you cannot access hyperlink, please e-mail sender. __Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are html___ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are Private and confidential as detailed here: http://www.sug.com/disclaimers/default.htm#Mail . If you cannot access the link, please e-mail sender. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are Private and confidential as detailed here: http://www.sug.com/disclaimers/default.htm#Mail . If you cannot access the link, please e-mail sender. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
Re: IIS remoteuser for Single-Sign On
You must also check whether the areasso plugin is running (see arplugin log file) on the arsystem server. - Original Message From: Pierson, Shawn [EMAIL PROTECTED] To: arslist@ARSLIST.ORG Sent: Tuesday, April 29, 2008 7:42:45 AM Subject: Re: IIS remoteuser for Single-Sign On I added the mid tier ip address as well as 127.0.0.1 just in case. -Original Message- From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Roney Varghese Sent: Monday, April 28, 2008 4:18 PM To: arslist@ARSLIST.ORG Subject: Re: IIS remoteuser for Single-Sign On Dear Shawn, Have you added the midtier ip address to the areasso.cfg file in the AR Server/conf folder? Regards, Roney Varghese Sent from my iPhone On Apr 28, 2008, at 3:34 PM, Pierson, Shawn [EMAIL PROTECTED] wrote: Thanks Jarl, That got me much further, and I can see that my login name is being passed now. However, I'm still having issues which I'll bring up below. The output log says: SSO: Remote User Name (including domain): energy\spierson SSO: Remote User Name (no domain): spierson SSO: Setting username to lower case... SSO: Authenticating with username: spierson SSO: Using AuthString: Qk1DIFJlbWVkeSBBUlN5c3RlbQ== ARERR [623] Authentication failed So now it's clear that it is trying to pass my information, but for some reason the authentication is still failing. Any ideas on what the next step in troubleshooting this should be? Thanks again, Shawn Pierson -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG ] On Behalf Of Jarl Grøneng Sent: Monday, April 28, 2008 3:10 PM To: arslist@ARSLIST.ORG Subject: Re: IIS remoteuser for Single-Sign On Try change this in ..\Tomcat 5.5\conf\server.xml to this: Connector port=8009 tomcatAuthentication=false enableLookups=false redirectPort=8443 protocol=AJP/1.3 / The one you change is: tomcatAuthentication=true to tomcatAuthentication=false -- Jarl On Mon, Apr 28, 2008 at 8:33 PM, Pierson, Shawn [EMAIL PROTECTED] wrote: ** Good afternoon, I'm trying to set up single sign on for the mid tier and have almost everything working. The one thing that still seems to be a problem is getting IIS to pass the authenticated user to Jakarta. When I try to log into Remedy, I get the following in my tomcat logs: SSO: Initialization: Version 2.04 SSO: Property values were loaded. usermethod:remoteuser usercase:lower removedomain:T headername: attname: authmethod:default authcustom: debuglogging:T SSO ERROR: RemoteUser name is null or empty. Using default login page This doesn't really help explain why it's happening, so in the debug log file but it does at least show that the sso.properties file is being read correctly. Within IIS I have it set only to Integrated Windows Authentication and nothing else on the Authentication Methods form. I think IIS isn't passing the Remote_User variable over to Jakarta, but I'm not really sure where I can verify that. Does anyone else have any suggestions for me to try? I'm on Mid Tier 7.0.1 p6 with Apache Tomcat and IIS authenticating against Active Directory. Thanks, Shawn Pierson Private and confidential as detailed here. If you cannot access hyperlink, please e-mail sender. __Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are html___ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are Private and confidential as detailed here: http://www.sug.com/disclaimers/default.htm#Mail . If you cannot access the link, please e-mail sender. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are Private and confidential as detailed here: http://www.sug.com/disclaimers/default.htm#Mail . If you cannot access the link, please e-mail sender. Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
Re: IIS remoteuser for Single-Sign On
Actually there everything seems to be working ok. In the areasso.cfg file I also have DEBUG-LOGGING: 1 so it will show everything, but I don't see where it's even trying to use the sso plugin there after it loads areasso.cfg. It does, however, show that it is trying to log me onto the system in the Tomcat logs. Any other suggestions? Thanks, Shawn Pierson -Original Message- From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Roney Varghese Sent: Tuesday, April 29, 2008 9:24 AM To: arslist@ARSLIST.ORG Subject: Re: IIS remoteuser for Single-Sign On Turn on ur plugin logs(fine) and let me know what auth error u see in there? Regards, Roney Varghese Sent from my iPhone On Apr 29, 2008, at 7:12 AM, Pierson, Shawn [EMAIL PROTECTED] wrote: I added the mid tier ip address as well as 127.0.0.1 just in case. -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG ] On Behalf Of Roney Varghese Sent: Monday, April 28, 2008 4:18 PM To: arslist@ARSLIST.ORG Subject: Re: IIS remoteuser for Single-Sign On Dear Shawn, Have you added the midtier ip address to the areasso.cfg file in the AR Server/conf folder? Regards, Roney Varghese Sent from my iPhone On Apr 28, 2008, at 3:34 PM, Pierson, Shawn [EMAIL PROTECTED] wrote: Thanks Jarl, That got me much further, and I can see that my login name is being passed now. However, I'm still having issues which I'll bring up below. The output log says: SSO: Remote User Name (including domain): energy\spierson SSO: Remote User Name (no domain): spierson SSO: Setting username to lower case... SSO: Authenticating with username: spierson SSO: Using AuthString: Qk1DIFJlbWVkeSBBUlN5c3RlbQ== ARERR [623] Authentication failed So now it's clear that it is trying to pass my information, but for some reason the authentication is still failing. Any ideas on what the next step in troubleshooting this should be? Thanks again, Shawn Pierson -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG ] On Behalf Of Jarl Grøneng Sent: Monday, April 28, 2008 3:10 PM To: arslist@ARSLIST.ORG Subject: Re: IIS remoteuser for Single-Sign On Try change this in ..\Tomcat 5.5\conf\server.xml to this: Connector port=8009 tomcatAuthentication=false enableLookups=false redirectPort=8443 protocol=AJP/1.3 / The one you change is: tomcatAuthentication=true to tomcatAuthentication=false -- Jarl On Mon, Apr 28, 2008 at 8:33 PM, Pierson, Shawn [EMAIL PROTECTED] wrote: ** Good afternoon, I'm trying to set up single sign on for the mid tier and have almost everything working. The one thing that still seems to be a problem is getting IIS to pass the authenticated user to Jakarta. When I try to log into Remedy, I get the following in my tomcat logs: SSO: Initialization: Version 2.04 SSO: Property values were loaded. usermethod:remoteuser usercase:lower removedomain:T headername: attname: authmethod:default authcustom: debuglogging:T SSO ERROR: RemoteUser name is null or empty. Using default login page This doesn't really help explain why it's happening, so in the debug log file but it does at least show that the sso.properties file is being read correctly. Within IIS I have it set only to Integrated Windows Authentication and nothing else on the Authentication Methods form. I think IIS isn't passing the Remote_User variable over to Jakarta, but I'm not really sure where I can verify that. Does anyone else have any suggestions for me to try? I'm on Mid Tier 7.0.1 p6 with Apache Tomcat and IIS authenticating against Active Directory. Thanks, Shawn Pierson Private and confidential as detailed here. If you cannot access hyperlink, please e-mail sender. __Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are html___ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are Private and confidential as detailed here: http://www.sug.com/disclaimers/default.htm#Mail . If you cannot access the link, please e-mail sender. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are Private and confidential as detailed here: http://www.sug.com/disclaimers/default.htm#Mail . If you cannot access the link, please e-mail sender
Re: IIS remoteuser for Single-Sign On
Jiri, I can see the user name coming across successfully, but the authentication string is basically nonsense. I assume it is some sort of encrypted value, but without really understanding what it should look like, I'm not sure of what to make of it. For example, I see it coming across like this in the Tomcat logs: SSO: Remote User Name (including domain): energy\spierson SSO: Remote User Name (no domain): spierson SSO: Setting username to lower case... SSO: Authenticating with username: spierson SSO: Using AuthString: Qk1DIFJlbWVkeSBBUlN5c3RlbQ== It appears to be working, except that the AuthString value I guess doesn't work. When I look in my browser, it's giving me the standard ARERR 8908 Unknown User or Invalid Password error message. -Original Message- From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Jiri Pospisil Sent: Tuesday, April 29, 2008 10:23 AM To: arslist@ARSLIST.ORG Subject: Re: IIS remoteuser for Single-Sign On ++ Please Read The Disclaimer At The Bottom Of This Email ++ Shawn, we are on version 7.0.1 and I managed to configure SSO authentication on the mid-tier without changing/setting any configuration on the Remedy server side. I would look at your code which interrogates the HTTP request for the user name and authentication string. You can add some debugging messages there that would write into a file on the mid-tier server to see what is actually being passed to the Remedy authenticator. Regards Jiri Pospisil Remedy Administrator LCH.Clearnet -Original Message- From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] Behalf Of Pierson, Shawn Sent: 29 April 2008 16:10 To: arslist@ARSLIST.ORG Subject: Re: IIS remoteuser for Single-Sign On Actually there everything seems to be working ok. In the areasso.cfg file I also have DEBUG-LOGGING: 1 so it will show everything, but I don't see where it's even trying to use the sso plugin there after it loads areasso.cfg. It does, however, show that it is trying to log me onto the system in the Tomcat logs. Any other suggestions? Thanks, Shawn Pierson -Original Message- From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Roney Varghese Sent: Tuesday, April 29, 2008 9:24 AM To: arslist@ARSLIST.ORG Subject: Re: IIS remoteuser for Single-Sign On Turn on ur plugin logs(fine) and let me know what auth error u see in there? Regards, Roney Varghese Sent from my iPhone On Apr 29, 2008, at 7:12 AM, Pierson, Shawn [EMAIL PROTECTED] wrote: I added the mid tier ip address as well as 127.0.0.1 just in case. -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG ] On Behalf Of Roney Varghese Sent: Monday, April 28, 2008 4:18 PM To: arslist@ARSLIST.ORG Subject: Re: IIS remoteuser for Single-Sign On Dear Shawn, Have you added the midtier ip address to the areasso.cfg file in the AR Server/conf folder? Regards, Roney Varghese Sent from my iPhone On Apr 28, 2008, at 3:34 PM, Pierson, Shawn [EMAIL PROTECTED] wrote: Thanks Jarl, That got me much further, and I can see that my login name is being passed now. However, I'm still having issues which I'll bring up below. The output log says: SSO: Remote User Name (including domain): energy\spierson SSO: Remote User Name (no domain): spierson SSO: Setting username to lower case... SSO: Authenticating with username: spierson SSO: Using AuthString: Qk1DIFJlbWVkeSBBUlN5c3RlbQ== ARERR [623] Authentication failed So now it's clear that it is trying to pass my information, but for some reason the authentication is still failing. Any ideas on what the next step in troubleshooting this should be? Thanks again, Shawn Pierson -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG ] On Behalf Of Jarl Grøneng Sent: Monday, April 28, 2008 3:10 PM To: arslist@ARSLIST.ORG Subject: Re: IIS remoteuser for Single-Sign On Try change this in ..\Tomcat 5.5\conf\server.xml to this: Connector port=8009 tomcatAuthentication=false enableLookups=false redirectPort=8443 protocol=AJP/1.3 / The one you change is: tomcatAuthentication=true to tomcatAuthentication=false -- Jarl On Mon, Apr 28, 2008 at 8:33 PM, Pierson, Shawn [EMAIL PROTECTED] wrote: ** Good afternoon, I'm trying to set up single sign on for the mid tier and have almost everything working. The one thing that still seems to be a problem is getting IIS to pass the authenticated user to Jakarta. When I try to log into Remedy, I get the following in my tomcat logs: SSO: Initialization: Version 2.04 SSO: Property values were loaded. usermethod:remoteuser usercase:lower removedomain:T headername: attname
Re: IIS remoteuser for Single-Sign On
You are missing AREA Hub plugin, set that up with the areasso plugin as the first plugin and then the AREA LDAP plugin. Restart ARS and you should be good to go. Regards, Roney Varghese Sent from my iPhone On Apr 29, 2008, at 10:10 AM, Pierson, Shawn [EMAIL PROTECTED] wrote: Actually there everything seems to be working ok. In the areasso.cfg file I also have DEBUG-LOGGING: 1 so it will show everything, but I don't see where it's even trying to use the sso plugin there after it loads areasso.cfg. It does, however, show that it is trying to log me onto the system in the Tomcat logs. Any other suggestions? Thanks, Shawn Pierson -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG ] On Behalf Of Roney Varghese Sent: Tuesday, April 29, 2008 9:24 AM To: arslist@ARSLIST.ORG Subject: Re: IIS remoteuser for Single-Sign On Turn on ur plugin logs(fine) and let me know what auth error u see in there? Regards, Roney Varghese Sent from my iPhone On Apr 29, 2008, at 7:12 AM, Pierson, Shawn [EMAIL PROTECTED] wrote: I added the mid tier ip address as well as 127.0.0.1 just in case. -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG ] On Behalf Of Roney Varghese Sent: Monday, April 28, 2008 4:18 PM To: arslist@ARSLIST.ORG Subject: Re: IIS remoteuser for Single-Sign On Dear Shawn, Have you added the midtier ip address to the areasso.cfg file in the AR Server/conf folder? Regards, Roney Varghese Sent from my iPhone On Apr 28, 2008, at 3:34 PM, Pierson, Shawn [EMAIL PROTECTED] wrote: Thanks Jarl, That got me much further, and I can see that my login name is being passed now. However, I'm still having issues which I'll bring up below. The output log says: SSO: Remote User Name (including domain): energy\spierson SSO: Remote User Name (no domain): spierson SSO: Setting username to lower case... SSO: Authenticating with username: spierson SSO: Using AuthString: Qk1DIFJlbWVkeSBBUlN5c3RlbQ== ARERR [623] Authentication failed So now it's clear that it is trying to pass my information, but for some reason the authentication is still failing. Any ideas on what the next step in troubleshooting this should be? Thanks again, Shawn Pierson -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG ] On Behalf Of Jarl Grøneng Sent: Monday, April 28, 2008 3:10 PM To: arslist@ARSLIST.ORG Subject: Re: IIS remoteuser for Single-Sign On Try change this in ..\Tomcat 5.5\conf\server.xml to this: Connector port=8009 tomcatAuthentication=false enableLookups=false redirectPort=8443 protocol=AJP/1.3 / The one you change is: tomcatAuthentication=true to tomcatAuthentication=false -- Jarl On Mon, Apr 28, 2008 at 8:33 PM, Pierson, Shawn [EMAIL PROTECTED] wrote: ** Good afternoon, I'm trying to set up single sign on for the mid tier and have almost everything working. The one thing that still seems to be a problem is getting IIS to pass the authenticated user to Jakarta. When I try to log into Remedy, I get the following in my tomcat logs: SSO: Initialization: Version 2.04 SSO: Property values were loaded. usermethod:remoteuser usercase:lower removedomain:T headername: attname: authmethod:default authcustom: debuglogging:T SSO ERROR: RemoteUser name is null or empty. Using default login page This doesn't really help explain why it's happening, so in the debug log file but it does at least show that the sso.properties file is being read correctly. Within IIS I have it set only to Integrated Windows Authentication and nothing else on the Authentication Methods form. I think IIS isn't passing the Remote_User variable over to Jakarta, but I'm not really sure where I can verify that. Does anyone else have any suggestions for me to try? I'm on Mid Tier 7.0.1 p6 with Apache Tomcat and IIS authenticating against Active Directory. Thanks, Shawn Pierson Private and confidential as detailed here. If you cannot access hyperlink, please e-mail sender. __Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are html___ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are Private and confidential as detailed here: http://www.sug.com/disclaimers/default.htm#Mail . If you cannot access the link, please e-mail sender. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are Private
Re: IIS remoteuser for Single-Sign On
++ Please Read The Disclaimer At The Bottom Of This Email ++ Shawn, the authentication string is a token generated for the user session when the user originally authenticates to the domain. The token is then passed around rather than user password. From my experience when I was setting this up, the authentication string was much much longer, something like this: NTLM HTCNTVNTUAADGAAYAHAYABgAiAgACABAGgAaAEAOAA4AYgAABQKAAEMATwBSAFAASgBpAHIAaQAuAFAAbwBzAHAAaQBzAGkAbABXADIAVwAxADIAOAAzAE0g14rtdJfdVeO6oYXVB1nz9SPr3lERvY/snjit2PixS+1HSCrHd8UuoXHIdUCR5E== As you can see, the string is also prefixed by the type of the authentication method. What you are getting looks more like encrypted password, but that is just a wild guess. I know that tomcat has some sample servlets that can be accessed through http://server_name/servlets-examples/ One of them prints all headers of the request including the authorization string. You can amend it so that it also prints the user name. Hope this helps. Jiri -Original Message- From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] Behalf Of Pierson, Shawn Sent: 29 April 2008 16:48 To: arslist@ARSLIST.ORG Subject: Re: IIS remoteuser for Single-Sign On Jiri, I can see the user name coming across successfully, but the authentication string is basically nonsense. I assume it is some sort of encrypted value, but without really understanding what it should look like, I'm not sure of what to make of it. For example, I see it coming across like this in the Tomcat logs: SSO: Remote User Name (including domain): energy\spierson SSO: Remote User Name (no domain): spierson SSO: Setting username to lower case... SSO: Authenticating with username: spierson SSO: Using AuthString: Qk1DIFJlbWVkeSBBUlN5c3RlbQ== It appears to be working, except that the AuthString value I guess doesn't work. When I look in my browser, it's giving me the standard ARERR 8908 Unknown User or Invalid Password error message. -Original Message- From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Jiri Pospisil Sent: Tuesday, April 29, 2008 10:23 AM To: arslist@ARSLIST.ORG Subject: Re: IIS remoteuser for Single-Sign On ++ Please Read The Disclaimer At The Bottom Of This Email ++ Shawn, we are on version 7.0.1 and I managed to configure SSO authentication on the mid-tier without changing/setting any configuration on the Remedy server side. I would look at your code which interrogates the HTTP request for the user name and authentication string. You can add some debugging messages there that would write into a file on the mid-tier server to see what is actually being passed to the Remedy authenticator. Regards Jiri Pospisil Remedy Administrator LCH.Clearnet -Original Message- From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] Behalf Of Pierson, Shawn Sent: 29 April 2008 16:10 To: arslist@ARSLIST.ORG Subject: Re: IIS remoteuser for Single-Sign On Actually there everything seems to be working ok. In the areasso.cfg file I also have DEBUG-LOGGING: 1 so it will show everything, but I don't see where it's even trying to use the sso plugin there after it loads areasso.cfg. It does, however, show that it is trying to log me onto the system in the Tomcat logs. Any other suggestions? Thanks, Shawn Pierson -Original Message- From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Roney Varghese Sent: Tuesday, April 29, 2008 9:24 AM To: arslist@ARSLIST.ORG Subject: Re: IIS remoteuser for Single-Sign On Turn on ur plugin logs(fine) and let me know what auth error u see in there? Regards, Roney Varghese Sent from my iPhone On Apr 29, 2008, at 7:12 AM, Pierson, Shawn [EMAIL PROTECTED] wrote: I added the mid tier ip address as well as 127.0.0.1 just in case. -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG ] On Behalf Of Roney Varghese Sent: Monday, April 28, 2008 4:18 PM To: arslist@ARSLIST.ORG Subject: Re: IIS remoteuser for Single-Sign On Dear Shawn, Have you added the midtier ip address to the areasso.cfg file in the AR Server/conf folder? Regards, Roney Varghese Sent from my iPhone On Apr 28, 2008, at 3:34 PM, Pierson, Shawn [EMAIL PROTECTED] wrote: Thanks Jarl, That got me much further, and I can see that my login name is being passed now. However, I'm still having issues which I'll bring up below. The output log says: SSO: Remote User Name (including domain): energy\spierson SSO: Remote User Name (no domain): spierson SSO: Setting username to lower case... SSO: Authenticating
Re: IIS remoteuser for Single-Sign On
Jiri, is another term for the token an NTLM hash? Just curious. Shawn, unless I have this wrong, in the context of Remedy authentication, I belive what you are getting from your SSO in the AuthString parameter would correspond to the 4th field on the OOB login screen (Authentication). Typically this is unused, except in cases where it might be needed to specify a domain or other information when configuring AREA LDAP login. In the AREA LDAP Configuration form, the contents of AuthString can be passed into the LDAP search base using the syntax $\AUTHSTRING$, for example. I don't know why you have data there, but you can probably ignore it. In your case, how is authentication supposed to be handled on the server? In the context of Midtier using IWA, normally you would not then go to the AD/LDAP server, because a valid IWA login is implicity trusted, so instead you would simply connect the user using a server side AREA plugin. When you ran plugin logging did you see the failed authentication attempt there? Does that shed any light? Hope that helps, Davin -Original Message- From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Jiri Pospisil Sent: Tuesday, April 29, 2008 10:10 AM To: arslist@ARSLIST.ORG Subject: Re: IIS remoteuser for Single-Sign On ++ Please Read The Disclaimer At The Bottom Of This Email ++ Shawn, the authentication string is a token generated for the user session when the user originally authenticates to the domain. The token is then passed around rather than user password. From my experience when I was setting this up, the authentication string was much much longer, something like this: NTLM HTCNTVNTUAADGAAYAHAYABgAiAgACABAGgAaAEAOAA4AYgAABQKAAEMATwBSAFAASgBpAHIAaQAuAFAAbwBzAHAAaQBzAGkAbABXADIAVwAxADIAOAAzAE0g14rtdJfdVeO6oYXVB1nz9SPr3lERvY/snjit2PixS+1HSCrHd8UuoXHIdUCR5E== As you can see, the string is also prefixed by the type of the authentication method. What you are getting looks more like encrypted password, but that is just a wild guess. I know that tomcat has some sample servlets that can be accessed through http://server_name/servlets-examples/ One of them prints all headers of the request including the authorization string. You can amend it so that it also prints the user name. Hope this helps. Jiri -Original Message- From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] Behalf Of Pierson, Shawn Sent: 29 April 2008 16:48 To: arslist@ARSLIST.ORG Subject: Re: IIS remoteuser for Single-Sign On Jiri, I can see the user name coming across successfully, but the authentication string is basically nonsense. I assume it is some sort of encrypted value, but without really understanding what it should look like, I'm not sure of what to make of it. For example, I see it coming across like this in the Tomcat logs: SSO: Remote User Name (including domain): energy\spierson SSO: Remote User Name (no domain): spierson SSO: Setting username to lower case... SSO: Authenticating with username: spierson SSO: Using AuthString: Qk1DIFJlbWVkeSBBUlN5c3RlbQ== It appears to be working, except that the AuthString value I guess doesn't work. When I look in my browser, it's giving me the standard ARERR 8908 Unknown User or Invalid Password error message. -Original Message- From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Jiri Pospisil Sent: Tuesday, April 29, 2008 10:23 AM To: arslist@ARSLIST.ORG Subject: Re: IIS remoteuser for Single-Sign On ++ Please Read The Disclaimer At The Bottom Of This Email ++ Shawn, we are on version 7.0.1 and I managed to configure SSO authentication on the mid-tier without changing/setting any configuration on the Remedy server side. I would look at your code which interrogates the HTTP request for the user name and authentication string. You can add some debugging messages there that would write into a file on the mid-tier server to see what is actually being passed to the Remedy authenticator. Regards Jiri Pospisil Remedy Administrator LCH.Clearnet -Original Message- From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] Behalf Of Pierson, Shawn Sent: 29 April 2008 16:10 To: arslist@ARSLIST.ORG Subject: Re: IIS remoteuser for Single-Sign On Actually there everything seems to be working ok. In the areasso.cfg file I also have DEBUG-LOGGING: 1 so it will show everything, but I don't see where it's even trying to use the sso plugin there after it loads areasso.cfg. It does, however, show that it is trying to log me onto the system in the Tomcat logs. Any other suggestions? Thanks, Shawn Pierson -Original
Re: IIS remoteuser for Single-Sign On
Davin, You gave me some ideas, although I still haven't resolved the issue. Currently, we are authenticating against AD for the username and passwords. We have multiple ways people can log into the system, and we want the User Tool to allow people to authenticate with their domain password, while the Mid Tier will automatically log in based on their domain credentials with SSO. Also, by not using the Cross-reference blank password option, I get ARERROR 623 and the AuthString value still gets passed. When I have it enabled, I get the 8908 message and the authstring is passed. I might take some of the other suggestions in that other people have given as far as seeing examples of other JSP pages that do authentication. I'm not sure if I'm having this much difficulty because of something in my environment or if I am too dense at the moment. It's probably a combination of the two, so thanks for your help. If you have any other ideas I'll be glad to try to them out. Thanks, Shawn Pierson -Original Message- From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Davin Lindner-Green Sent: Tuesday, April 29, 2008 1:17 PM To: arslist@ARSLIST.ORG Subject: Re: IIS remoteuser for Single-Sign On Jiri, is another term for the token an NTLM hash? Just curious. Shawn, unless I have this wrong, in the context of Remedy authentication, I belive what you are getting from your SSO in the AuthString parameter would correspond to the 4th field on the OOB login screen (Authentication). Typically this is unused, except in cases where it might be needed to specify a domain or other information when configuring AREA LDAP login. In the AREA LDAP Configuration form, the contents of AuthString can be passed into the LDAP search base using the syntax $\AUTHSTRING$, for example. I don't know why you have data there, but you can probably ignore it. In your case, how is authentication supposed to be handled on the server? In the context of Midtier using IWA, normally you would not then go to the AD/LDAP server, because a valid IWA login is implicity trusted, so instead you would simply connect the user using a server side AREA plugin. When you ran plugin logging did you see the failed authentication attempt there? Does that shed any light? Hope that helps, Davin Private and confidential as detailed here: http://www.sug.com/disclaimers/default.htm#Mail . If you cannot access the link, please e-mail sender. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
IIS remoteuser for Single-Sign On
Good afternoon, I'm trying to set up single sign on for the mid tier and have almost everything working. The one thing that still seems to be a problem is getting IIS to pass the authenticated user to Jakarta. When I try to log into Remedy, I get the following in my tomcat logs: SSO: Initialization: Version 2.04 SSO: Property values were loaded. usermethod:remoteuser usercase:lower removedomain:T headername: attname: authmethod:default authcustom: debuglogging:T SSO ERROR: RemoteUser name is null or empty. Using default login page This doesn't really help explain why it's happening, so in the debug log file but it does at least show that the sso.properties file is being read correctly. Within IIS I have it set only to Integrated Windows Authentication and nothing else on the Authentication Methods form. I think IIS isn't passing the Remote_User variable over to Jakarta, but I'm not really sure where I can verify that. Does anyone else have any suggestions for me to try? I'm on Mid Tier 7.0.1 p6 with Apache Tomcat and IIS authenticating against Active Directory. Thanks, Shawn Pierson Private and confidential as detailed here: http://www.sug.com/disclaimers/default.htm#Mail . If you cannot access the link, please e-mail sender. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
Re: IIS remoteuser for Single-Sign On
Try change this in ..\Tomcat 5.5\conf\server.xml to this: Connector port=8009 tomcatAuthentication=false enableLookups=false redirectPort=8443 protocol=AJP/1.3 / The one you change is: tomcatAuthentication=true to tomcatAuthentication=false -- Jarl On Mon, Apr 28, 2008 at 8:33 PM, Pierson, Shawn [EMAIL PROTECTED] wrote: ** Good afternoon, I'm trying to set up single sign on for the mid tier and have almost everything working. The one thing that still seems to be a problem is getting IIS to pass the authenticated user to Jakarta. When I try to log into Remedy, I get the following in my tomcat logs: SSO: Initialization: Version 2.04 SSO: Property values were loaded. usermethod:remoteuser usercase:lower removedomain:T headername: attname: authmethod:default authcustom: debuglogging:T SSO ERROR: RemoteUser name is null or empty. Using default login page This doesn't really help explain why it's happening, so in the debug log file but it does at least show that the sso.properties file is being read correctly. Within IIS I have it set only to Integrated Windows Authentication and nothing else on the Authentication Methods form. I think IIS isn't passing the Remote_User variable over to Jakarta, but I'm not really sure where I can verify that. Does anyone else have any suggestions for me to try? I'm on Mid Tier 7.0.1 p6 with Apache Tomcat and IIS authenticating against Active Directory. Thanks, Shawn Pierson Private and confidential as detailed here. If you cannot access hyperlink, please e-mail sender. __Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are html___ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
Re: IIS remoteuser for Single-Sign On
Thanks Jarl, That got me much further, and I can see that my login name is being passed now. However, I'm still having issues which I'll bring up below. The output log says: SSO: Remote User Name (including domain): energy\spierson SSO: Remote User Name (no domain): spierson SSO: Setting username to lower case... SSO: Authenticating with username: spierson SSO: Using AuthString: Qk1DIFJlbWVkeSBBUlN5c3RlbQ== ARERR [623] Authentication failed So now it's clear that it is trying to pass my information, but for some reason the authentication is still failing. Any ideas on what the next step in troubleshooting this should be? Thanks again, Shawn Pierson -Original Message- From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Jarl Grøneng Sent: Monday, April 28, 2008 3:10 PM To: arslist@ARSLIST.ORG Subject: Re: IIS remoteuser for Single-Sign On Try change this in ..\Tomcat 5.5\conf\server.xml to this: Connector port=8009 tomcatAuthentication=false enableLookups=false redirectPort=8443 protocol=AJP/1.3 / The one you change is: tomcatAuthentication=true to tomcatAuthentication=false -- Jarl On Mon, Apr 28, 2008 at 8:33 PM, Pierson, Shawn [EMAIL PROTECTED] wrote: ** Good afternoon, I'm trying to set up single sign on for the mid tier and have almost everything working. The one thing that still seems to be a problem is getting IIS to pass the authenticated user to Jakarta. When I try to log into Remedy, I get the following in my tomcat logs: SSO: Initialization: Version 2.04 SSO: Property values were loaded. usermethod:remoteuser usercase:lower removedomain:T headername: attname: authmethod:default authcustom: debuglogging:T SSO ERROR: RemoteUser name is null or empty. Using default login page This doesn't really help explain why it's happening, so in the debug log file but it does at least show that the sso.properties file is being read correctly. Within IIS I have it set only to Integrated Windows Authentication and nothing else on the Authentication Methods form. I think IIS isn't passing the Remote_User variable over to Jakarta, but I'm not really sure where I can verify that. Does anyone else have any suggestions for me to try? I'm on Mid Tier 7.0.1 p6 with Apache Tomcat and IIS authenticating against Active Directory. Thanks, Shawn Pierson Private and confidential as detailed here. If you cannot access hyperlink, please e-mail sender. __Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are html___ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are Private and confidential as detailed here: http://www.sug.com/disclaimers/default.htm#Mail . If you cannot access the link, please e-mail sender. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
Re: IIS remoteuser for Single-Sign On
Dear Shawn, Have you added the midtier ip address to the areasso.cfg file in the AR Server/conf folder? Regards, Roney Varghese Sent from my iPhone On Apr 28, 2008, at 3:34 PM, Pierson, Shawn [EMAIL PROTECTED] wrote: Thanks Jarl, That got me much further, and I can see that my login name is being passed now. However, I'm still having issues which I'll bring up below. The output log says: SSO: Remote User Name (including domain): energy\spierson SSO: Remote User Name (no domain): spierson SSO: Setting username to lower case... SSO: Authenticating with username: spierson SSO: Using AuthString: Qk1DIFJlbWVkeSBBUlN5c3RlbQ== ARERR [623] Authentication failed So now it's clear that it is trying to pass my information, but for some reason the authentication is still failing. Any ideas on what the next step in troubleshooting this should be? Thanks again, Shawn Pierson -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG ] On Behalf Of Jarl Grøneng Sent: Monday, April 28, 2008 3:10 PM To: arslist@ARSLIST.ORG Subject: Re: IIS remoteuser for Single-Sign On Try change this in ..\Tomcat 5.5\conf\server.xml to this: Connector port=8009 tomcatAuthentication=false enableLookups=false redirectPort=8443 protocol=AJP/1.3 / The one you change is: tomcatAuthentication=true to tomcatAuthentication=false -- Jarl On Mon, Apr 28, 2008 at 8:33 PM, Pierson, Shawn [EMAIL PROTECTED] wrote: ** Good afternoon, I'm trying to set up single sign on for the mid tier and have almost everything working. The one thing that still seems to be a problem is getting IIS to pass the authenticated user to Jakarta. When I try to log into Remedy, I get the following in my tomcat logs: SSO: Initialization: Version 2.04 SSO: Property values were loaded. usermethod:remoteuser usercase:lower removedomain:T headername: attname: authmethod:default authcustom: debuglogging:T SSO ERROR: RemoteUser name is null or empty. Using default login page This doesn't really help explain why it's happening, so in the debug log file but it does at least show that the sso.properties file is being read correctly. Within IIS I have it set only to Integrated Windows Authentication and nothing else on the Authentication Methods form. I think IIS isn't passing the Remote_User variable over to Jakarta, but I'm not really sure where I can verify that. Does anyone else have any suggestions for me to try? I'm on Mid Tier 7.0.1 p6 with Apache Tomcat and IIS authenticating against Active Directory. Thanks, Shawn Pierson Private and confidential as detailed here. If you cannot access hyperlink, please e-mail sender. __Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are html___ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are Private and confidential as detailed here: http://www.sug.com/disclaimers/default.htm#Mail . If you cannot access the link, please e-mail sender. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are
CAS Single Sign On
Greetings Listers, Has any of you integrated CAS (Central Authentication Service) with Remedy? From what I can see it is possible, I just wanted to see if anyone could share the their experience with it. ARS 7.1p on Windows 2003 SE Oracle 10g Midtier 7.1p2 on RH 5.0 Thanks. Masha Bench Solutions Engineer Office of Information Technology, BYU 801-422-3323 801-372-6221 [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: Where the Answers Are inline: image001.gif
Mid-Tier, Single Sign-On
Hello All: Just wondering if anyone has successfully implemented single sign-on to mid-tier. I have a customer who wants the user's network account to be used to log into mid-tier and bypass the mid-tier login screen. I already know how to set up the external authentication just need to know how to format the URL Thanx in advance to those who respond. John ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:Where the Answers Are
Single Sign On in Citrix Client
Has anyone implemented this? If so, how is it done? Thanks, Rebecca Hammond ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:Where the Answers Are
Re: Single Sign On and Mid-Tier
If you already Trust your Client.. because it is Force to be on the domain and that is fine.. then what you can do instead is to use an ldap authentication.. that has an escalation that imports all AD customers into Remedy Userform.. at the same time embed a Special password into the userform with it.. (you might want to exclude your licensed customers) and then make the JSP - as autologin, with a ldap verify, and the embedded Remedy password. This is one solution I have seen and tested .. and works.. just not very .. Huhummm.. Kosher.. On 10/10/06, Keats Kirsch [EMAIL PROTECTED] wrote: If your client doesn't already have a Web SSO solution in place then they would need to set up one first. There are free and commercial products available, but it is a non-trivial exercise. Once you have that, you need to configure the mid-tier to forward the SSO credentials (in 6.x you use a custom Java authenticator class for this.) and develop a custom AREA plug-in for Remedy to validate them. We have done this using CA's SiteMinder Web SSO. Modifying the sample C++ application was fairly straightforward. Hope this helps. Keats Jason Tuomy wrote: I'm looking to implement a Single Sign On via mid-tier. I searched the archives but couldn't find any details. My customer is wanting to be able to point a user to the mid-tier and get them past the authentication without requiring the user to login. This would mean to somehow get their login and password credentials from their windows environment or something and pass it to the mid-tier and set the user directly to where they need to be. I found that there are plenty of SSO software out there that will get some form of this data and put it into some kind of HTTP token that I could then retrieve (via White Paper) and pass to mid-tier. I was wondering if I have to have SSO software or is there some way to do this without purchasing software. Again, my customer doesn't want to have the user do a login/password process to get to mid-tier. So, using LDAP doesn't seem to be the right process. Unless I can retrive the password and store it locally. Any help would be greatly appreciated. Thanks. Jason Tuomy ___ UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org ___ UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org -- Patrick Zandi ___ UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org
Re: Single Sign On and Mid-Tier
Axton, We have IIS currently doing a SSO with a custom web application. Reading Remedy's white paper on building the bridge via java and c++, it didn't look like it was going to be an easy process to build the code to get the credentials from IIS. If you have any examples or links to follow up on this, I would really appreciate it. Thanks to everyone who wrote back. Jason On Tue, 10 Oct 2006 21:28:21 -0400, Axton [EMAIL PROTECTED] wrote: It all depends on your level of trust for the method of authentication. If you trust that IIS can properly retrieve the user's information, then you can write an SSO solution for that environment, granted all your target users are in an M$ domain and run an M$ OS. If this is not the case, you will need to find an alternative. PKI/Smartcards have been discussed extensively, though I'm not sure if a solution has been developed (maybe someone in that arena could share what type of infrastructure/software they use for that type of authentication, then again, maybe not). From my observations, SSO solutions typically have a server component that resides on the web server. Certain areas of the web server can then be marked as protected, where authentication is required for users to access that portion of the site. The SSO session is established the first time a user authenticates to an SSO protected site and those credentials persist for all/any access across other sites that are protected using the same server side SSO software. The session persistence is accomplished by storing some session information on the SSO policy server, and that is cross-referenced/autheticated using a client-side cookie. For some free (some maybe not so free) alternatives: http://www.josso.org/ http://www3.ca.com/solutions/Product.aspx?ID=166 https://opensso.dev.java.net/ Axton Grams On 9/25/06, Jason Tuomy [EMAIL PROTECTED] wrote: I'm looking to implement a Single Sign On via mid-tier. I searched the archives but couldn't find any details. My customer is wanting to be able to point a user to the mid-tier and get them past the authentication without requiring the user to login. This would mean to somehow get their login and password credentials from their windows environment or something and pass it to the mid-tier and set the user directly to where they need to be. I found that there are plenty of SSO software out there that will get some form of this data and put it into some kind of HTTP token that I could then retrieve (via White Paper) and pass to mid-tier. I was wondering if I have to have SSO software or is there some way to do this without purchasing software. Again, my customer doesn't want to have the user do a login/password process to get to mid-tier. So, using LDAP doesn't seem to be the right process. Unless I can retrive the password and store it locally. Any help would be greatly appreciated. Thanks. Jason Tuomy ___ UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org __ _ UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org = ___ UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org
Re: Single Sign On and Mid-Tier
If your client doesn't already have a Web SSO solution in place then they would need to set up one first. There are free and commercial products available, but it is a non-trivial exercise. Once you have that, you need to configure the mid-tier to forward the SSO credentials (in 6.x you use a custom Java authenticator class for this.) and develop a custom AREA plug-in for Remedy to validate them. We have done this using CA's SiteMinder Web SSO. Modifying the sample C++ application was fairly straightforward. Hope this helps. Keats Jason Tuomy wrote: I'm looking to implement a Single Sign On via mid-tier. I searched the archives but couldn't find any details. My customer is wanting to be able to point a user to the mid-tier and get them past the authentication without requiring the user to login. This would mean to somehow get their login and password credentials from their windows environment or something and pass it to the mid-tier and set the user directly to where they need to be. I found that there are plenty of SSO software out there that will get some form of this data and put it into some kind of HTTP token that I could then retrieve (via White Paper) and pass to mid-tier. I was wondering if I have to have SSO software or is there some way to do this without purchasing software. Again, my customer doesn't want to have the user do a login/password process to get to mid-tier. So, using LDAP doesn't seem to be the right process. Unless I can retrive the password and store it locally. Any help would be greatly appreciated. Thanks. Jason Tuomy ___ UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org ___ UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org
Re: Single Sign On and Mid-Tier
It all depends on your level of trust for the method of authentication. If you trust that IIS can properly retrieve the user's information, then you can write an SSO solution for that environment, granted all your target users are in an M$ domain and run an M$ OS. If this is not the case, you will need to find an alternative. PKI/Smartcards have been discussed extensively, though I'm not sure if a solution has been developed (maybe someone in that arena could share what type of infrastructure/software they use for that type of authentication, then again, maybe not). From my observations, SSO solutions typically have a server component that resides on the web server. Certain areas of the web server can then be marked as protected, where authentication is required for users to access that portion of the site. The SSO session is established the first time a user authenticates to an SSO protected site and those credentials persist for all/any access across other sites that are protected using the same server side SSO software. The session persistence is accomplished by storing some session information on the SSO policy server, and that is cross-referenced/autheticated using a client-side cookie. For some free (some maybe not so free) alternatives: http://www.josso.org/ http://www3.ca.com/solutions/Product.aspx?ID=166 https://opensso.dev.java.net/ Axton Grams On 9/25/06, Jason Tuomy [EMAIL PROTECTED] wrote: I'm looking to implement a Single Sign On via mid-tier. I searched the archives but couldn't find any details. My customer is wanting to be able to point a user to the mid-tier and get them past the authentication without requiring the user to login. This would mean to somehow get their login and password credentials from their windows environment or something and pass it to the mid-tier and set the user directly to where they need to be. I found that there are plenty of SSO software out there that will get some form of this data and put it into some kind of HTTP token that I could then retrieve (via White Paper) and pass to mid-tier. I was wondering if I have to have SSO software or is there some way to do this without purchasing software. Again, my customer doesn't want to have the user do a login/password process to get to mid-tier. So, using LDAP doesn't seem to be the right process. Unless I can retrive the password and store it locally. Any help would be greatly appreciated. Thanks. Jason Tuomy ___ UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org ___ UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org
Single Sign On and Mid-Tier
I'm looking to implement a Single Sign On via mid-tier. I searched the archives but couldn't find any details. My customer is wanting to be able to point a user to the mid-tier and get them past the authentication without requiring the user to login. This would mean to somehow get their login and password credentials from their windows environment or something and pass it to the mid-tier and set the user directly to where they need to be. I found that there are plenty of SSO software out there that will get some form of this data and put it into some kind of HTTP token that I could then retrieve (via White Paper) and pass to mid-tier. I was wondering if I have to have SSO software or is there some way to do this without purchasing software. Again, my customer doesn't want to have the user do a login/password process to get to mid-tier. So, using LDAP doesn't seem to be the right process. Unless I can retrive the password and store it locally. Any help would be greatly appreciated. Thanks. Jason Tuomy ___ UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org
Re: Single Sign on
Prasad, so you want single signon only for Mid-Tier or also for Remedy server ? If you enable external authentication on Remedy server, you can use the user's Windows network password and/or LDAP/Active Directory. I have only done LDAP so far. It works both on the Remedy server as well as Mid-Tier. Rgds, Chris ___ UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org
Single Sign on
Title: RE: Remedy License Reseller ** Hi , We would like to implement single sign on with remedy midtier. When windows users click the login page( mid tier), I will detect who(NT id)is connected on that PC. But I need to authenticate against remedy server. IS there any way I can get the password and authenticate or is there any procedure that I can skip the remedy authentication? Pleasegive me details ifyou know any info on this topic. I appreciate your suggestions. Thanks, Prasad __20060125___This posting was submitted with HTML in it___
Re: Single Sign on
Title: RE: Remedy License Reseller ** Prasad, Here is one way that might work (I have not tried this). Note: This method is not the most secure because it involves storing a clear text copy of the users' passwords in another field on the User form. Create a character field on the User form to hold a copy of a user's password. In your workflow you use to allow users to change their passwords Push the new password to both the Password field and the character field. Create a web application that, when run: - Grabs the NT user name of the user logged into Windows - Retrieves the clear text password from your DBMS from the User_x SQL View. You could use the Remedy API but if you use Windows Authentication (with SQL Server, for example) you would be able to retrieve the user's password from a simple SELECT statement without having to store the Demo password (for example) in the web application or a config file. - Redirect the user to the Remedy form with the username and password in the URL. Since the user is already logged into Windows seeing their Remedy password wouldn't matter. Note: there might be a way to redirect the user to the Remedy URL without displaying it in the browser address bar. Maybe someone else can offer a solution to this part. Variation: You couldencrypt the clear text password in the User form with an algorithm and password that only you know. This would help ensure thatno-one else would be able to figure out what someone's password was if the happen to view the User form (ie. when you step away from your computer). Variation: Update the existing login.jsp web page to retrieve the user's password directly. Then no redirection would be needed. HTH Stephen From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Nunna, PrasadSent: Wednesday, August 23, 2006 2:04 PMTo: arslist@ARSLIST.ORGSubject: Single Sign on ** Hi , We would like to implement single sign on with remedy midtier. When windows users click the login page( mid tier), I will detect who(NT id)is connected on that PC. But I need to authenticate against remedy server. IS there any way I can get the password and authenticate or is there any procedure that I can skip the remedy authentication? Pleasegive me details ifyou know any info on this topic. I appreciate your suggestions. Thanks, Prasad__20060125___This posting was submitted with HTML in it___ __20060125___This posting was submitted with HTML in it___
Single Sign-On
Hello all, I have a project coming up in the near future trying to integrating a Single Sign-On. The environment is as follows: Solaris 9 ARS 6.3 Patch 14. Oracle 9i LDAP (Sun 1) Active Directory Have anybody tried to integrate a Single Sign-On? Is there any solid documentation on the following? -Creating the API Plug-in for Solaris -Modifying the Jsp pages using multiple forms as the home page. Any help would be greatly appreciated Robert Thomas | BMC/Remedy Professional | Cellular Phone 214-207-6235 ___ UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org