SSO Plugin Installation for BMC AR System

J System Solutions http://www.javasystemsolutions.com

SSO Plugin Version 5.1

Introduction.................................................................................................................................. 4

Compatibility................................................................................................................................. 5

Operating systems .................................................................................................................... 5

BMC Action Request System / ITSM ........................................................................................... 5

Java web servers ...................................................................................................................... 5

Single-sign on integrations and mechanisms ............................................................................... 5

Mixing versions of SSO Plugin .................................................................................................... 5

Overview of the SSO Plugin ........................................................................................................... 6

Installation order and high level overview of system changes ...................................................... 6

Installation Order ...................................................................................................................... 7

Licensing .................................................................................................................................. 8

Installing SSO Plugin on the AR Server ......................................................................................... 10

Installing SSO Plugin on the Mid Tier ............................................................................................ 12

Enabling SSO for BMC Innovation Suite / Configuration Manager Dashboard (CMDB 9.1.04 Atrium Core) ......................................................................................................................................... 13

Configuring the Remedy SSO Agent on the AR Server(s) ........................................................... 13

Configuring the SSO Plugin - RSSO Interface on TrueSight AO ................................................... 15

Verify the Cookie Domain Values .............................................................................................. 15

Mid Tier 9.1.04+: Failure when using SAML .............................................................................. 16

Verifying the SSO Plugin RSSO service is working ................................................................. 16

Enabling SSO Plugin logging .................................................................................................... 16

Replacing the BMC Mid Tier login page ..................................................................................... 17

SSO Administration Console ......................................................................................................... 18

SSO Dashboard ....................................................................................................................... 19

ITSM Incident Mapping ............................................................................................................... 20

SSO Authentication Reporting ...................................................................................................... 21

Self-service ITSM user creation .................................................................................................... 23

Manually configuring AR System .................................................................................................. 24

Import workflow ..................................................................................................................... 24

Configuring the AR System plugin server .................................................................................. 25

JSS AREA plugin log file ........................................................................................................... 25

BMC Remedy SSO support ........................................................................................................... 26

Configuring the service ............................................................................................................ 26

Deploying the JSS rsso.war file ................................................................................................ 26

Extensions to AR System authentication ................................................................................... 27

Upgrades .................................................................................................................................... 28

When using current minor release ............................................................................................ 28

Identity Federated Applications: BMC Analytics, Dashboards, etc. .............................................. 28

Uninstalling SSO Plugin ............................................................................................................... 29

Introduction

This document covers:

• Compatibility matrix and other introductory material for SSO Plugin.

• Installation and configuration of SSO Plugin for BMC AR System.

• Upgrading from previous versions.

Separate documents are available for other BMC components (ie Mid Tier, DWP(C)/SmartIT,

Analytics).

The JSS support website contains all the SSO Plugin documentation and videos covering installation

and configuration.

Compatibility

We strive to support the widest range of products and operating systems. If you require clarification

or feel we've missed anything, get in touch with JSS support

Operating systems

Windows 2008+, Sun Solaris 5.x, HP-UX 11.x, Linux 2.4.x+, AIX 5.3+.

BMC Action Request System / ITSM

From SSO Plugin 5.0, we support all versions of the BMC AR System since version 8.1.02. For earlier

versions of AR System, please deploy SSO Plugin 4.1.

For BMC Remedy AR System 18.08, the minimum SSO Plugin version is 5.1.14.

For BMC Remedy AR System 19.02, the minimum SSO Plugin version is 5.1.23.

Java web servers

SSO Plugin is compiled against Java 11, but will run against Java 8. Tomcat 7+ is supported.

If you use another Java servlet engine, please contact us to confirm supportability.

Single-sign on integrations and mechanisms

Please consult the Configuring Mid Tier document for a full list of supported integrations/mechanisms.

Mixing versions of SSO Plugin

It is not recommended to mix versions of SSO Plugin within your infrastructure.

Overview of the SSO Plugin

The SSO Plugin is invoked by the Mid Tier when a user goes to /arsys/home, /arsys/forms or

/arsys/apps (these paths are configurable).

If the relevant details were available on the incoming request for the SSO Plugin to operate correctly,

then these details are passed back to the Mid Tier, which in turn calls the AR System.

Assuming the JSS AREA plugin does not reject the connection – Mid Tier will login successfully.

Installation order and high level overview of system changes

The following is a high level minimum installation order for any SSO Plugin on BMC Software.

1. BMC Remedy AR System Server

a. jss-sso-area.jar file deployed into the ARSystem\pluginsvr directory

b. pluginsvr_config.xml backed up and modified to include SSO Plugin

c. SSO Administration Console workflow imported to store configuration information.

d. ar.cfg/conf changes to enable AREA

i. Allow-Guest-Users: F

ii. Use-Password-File: F

iii. Crossref-Blank-Password: T

iv. Save-Login: 0

v. External-Authentication-RPC-Socket: 390695

vi. Authentication-Chaining-Mode: 1

vii. External-Authentication-Return-Data-Capabilities: 31

2. Mid Tier

a. jss-sso directory and contents for SSO Plugin configuration copied into the arsys

context path

b. jss-sso.jar and jss-sso-deps.jar copied into the WEB-INF\lib

c. web.xml modified to include the SSO Plugin filters

3. Optional (Digital Workplace, SmartIT, Digital Workplace Catalog, Analytics)

Installation Order

The following flow shows the overall installation order that is covered within this document.

Once the above is complete, the following order of optional installation items are available in separate

documents found on the JSS website: http://www.javasystemsolutions.com/support/download

Licensing

A license is required to complete the installation of SSO Plugin, therefore a new license

will need to be generated for the environment using the licensing tool under "Tools &

licensing" on the JSS website. The values needed to generate a license differ depending

on the configuration of the AR Servers. The table below represents what value to use:

AR Server configuration License value from ar.cfg/conf

Single instance Server-Name

Server Group Server-Connect-Name

Browse to http://www.javasystemsolutions.com/support/tools, making sure the Product

menu has SSO Plugin (5.0 and later) selected. Add the values taken from the ar.cfg/conf

files in the Servers box, making sure each server reference is on a separate line. Finally,

click the Generate button.

To apply the license, click the License & Administration link on the SSO AR System and License

Console:

Click the License > Add/Remove License menu item. Enter the license in the key field and click Save.

Installing SSO Plugin on the AR Server

The following steps will configure the JSS AREA plugin against an AR System server:

1. From the SSO Plugin installation files, copy the jss-sso-area.jar, jss-sso-area-setup.jar and jss-sso-area-setup.bat (Windows) or jss-sso-area-setup.sh (Unix) files to the AR System

pluginsvr directory - in which you will find the pluginsvr_config.xml file.

Windows Example

2. Execute the jss-sso-area-setup.bat or jss-sso-area-setup.sh file.

3. The setup process will execute in a console window and ask for an AR System admin account

so it can login and configure AR System.

4. If the setup process detects no existing JSS workflow in the database, it will import the JSS

workflow. Otherwise, it will ask if you wish to remove existing workflow and re-import - which you should only need to do when upgrading SSO Plugin to a major new version (ie from 5.0

to 5.1).

In the event the workflow import fails, the jss-sso-workflow.def file (from the installation

files) can be manually imported using BMC Developer Studio.

5. The AR System server SSO settings will be configured correctly and you will be asked to

restart AR System.

6. Repeat steps 1-5 for all AR System servers in a server group, and on step 4, do not delete

and re-import workflow.

At any point where by the SSO settings of an AR System server have been modified, the setup

process can be executed to reset them, but do not re-import the workflow file unless you've been

advised to by JSS support.

The setup process generates a log file called jss-arsystem-setup_DATE.txt. If the setup process fails,

please send this log file to JSS support.

Installing SSO Plugin on the Mid Tier

The authentication methods, such as Windows Active Directory, SAML, OAuth etc are configured

within the Mid Tier. A separate highly detailed document exists that explains how to configure those

authentication methods therefore, this section only covers the installation process.

To install the SSO Plugin on the Mid Tier, please follow these steps:

1. Copy the contents of the "2 - Mid Tier/Mid Tier" directory from the installation files into the

root Mid Tier directory.

a. For convenience, A compressed zip file of the Mid Tier directory is provided in the event

you need to copy the files to a server via sftp/etc.

2. Delete the xercesImpl-2.9.1.1.jar jar file that BMC install in the Mid Tier/WEB-INF/lib

directory. This is an ancient version of the library that is not required and presumably shipped

by accident.

3. Edit the following file /arsys/WEB-INF/classes/rsso.yaml with the correct URL to match what

users will enter into the browser

a. ssoServiceUrl: http://<yourMidTier>:<port>/arsys/jss-sso/api/rsso

4. Restart Mid Tier.

5. Browse to the SSO Plugin status page by pointing your browser at http://path-to-Mid

Tier/arsys/jss-sso/index.jsp. You will be presented with a status page. The password field in

the left navigation is used to enable configuration and the default password is jss

6. Locate the document titled Configuring Mid Tier and Web Tier to configure the SSO Plugin.

7. Test the SSO configuration by clicking on the Test SSO link in from the SSO Plugin status

page. This will attempt to perform an SSO login to the authentication server and report any

errors. If the test is successful when you can click on the Mid Tier Home link in the navigation

and you should be taken directly to the Mid Tier Homepage without being asked to login.

8. If SSO fails then review the troubleshooting document or contact JSS support.

Enabling SSO for BMC Innovation Suite / Configuration Manager Dashboard (CMDB 9.1.04 Atrium Core)

Minimum JSS SSO Version is 5.1.24

The above communicates with the new REST interface into the BMC AR System. Therefore the

following is required to SSO enable this functionality.

Please make sure you have the /arsys/WEB-INF/classes/rsso.yaml installed on the MidTier and

configured with the ssoServiceUrl and cookieDomains set.

To check, browse to https:// <yourMidTier>:<port>/arsys/jss-

sso/api/rsso/api/v1.1/check/consumer/config

And the result should show a JSON object like the example below. Check they match with the

rsso.yaml file.

{"oauth2_access_token_ttl":3600,"features":[],"oauth2_refresh_token_ttl":51

84000,"mapping_realms_apps":{"*":["*"]},"cookie_https_only":false,"cookie_d

omain":"calbro.local","last_modified_date":1581527703,"mapping_tenants_apps

":{"*":["calbro.local"]},"max_session_time":1800,"server_version":"19.08.00

","cookie_name":"sso_12345"}

Configuring the Remedy SSO Agent on the AR Server(s)

The following is adapted from the BMC doc site: RSSO

ManuallyintegratingRemedySSOwithRemedyapplications

This requires a file from the Remedy SSO (RSSO) installation. You will have to download the RSSO

version that matches your AR Server or you can contact JSS via support@javasystemsolutions.com

To install the SSO Plugin on the AR Server(s), please follow these steps:

1. Stop the AR Server

2. Copy the rsso-agent.properties and the rsso-log.cfg from our download to the

%ARSystemInstalledDirectory%/conf

3. Edit the %ARSystemInstalledDirectory%/conf/rsso-agent.properties

a. Locate the line sso-external-url and sso-service-url and replace <yourMidTier> with

your specific MidTier address that users will enter into the browser e.g.

sso-external-url=http://<yourMidTier>:8080/arsys/jss-sso/api/rsso and

sso-service-url=http://<yourMidTier>:8080/arsys/jss-sso/api/rsso

4. Edit the %ARSystemInstalledDirectory%/conf/rsso-log.cfg

a. Locate the line rsso.log.dir=/opt/bmc/ARSystem/db and update the directory to

match your AR Server installation.

4. Update % ARSystemInstalledDirectory%/bin/arserverd.conf

a. Add the following line right after JVM the last jvm.option. parameter (line, starting with

jvm.option.number e.g. 21)

jvm.option.21=-Drsso.log.cfg.file=%ISInstalledDirectory%/conf/rsso-log.cfg

b. Note: arserverd.conf may contain arbitrary number of jvm.option.xx lines

initially. So, the general approach is to append the new one jvm.option.xx+1

with specified value after the last jvm.option.xx line.

5. Copy the following JAR file from the BMC RemedySSO download that matches your AR server

version

a. rsso-agent-osgi.jar From: %RSSODistr%/BMCRemedySSO/Disk1/files/rsso-agent/rsso-

agent-osgi.jar

b. To: % ARSystemInstalledDirectory%/deploy

6. Start the AR Server

Configuring the SSO Plugin - RSSO Interface on TrueSight AO

The BMC AR System REST Interface for BMC Innovation Suite / Configuration Manager Dashboard (CMDB 9.1.04 Atrium Core) is unlike other BMC products with regards to how Single Sign On (SSO)

can integrate. The product does not have a flexible SSO interface in which any third party can integrate a solution. BMC require the Remedy SSO (RSSO) Agent. However there are many limitations

to this product which hinder customers deploying it, ie requiring its own database; its own separate

infrastructure; no data driven user name translation, incomplete SSO integrations (full Windows

Authentication implementation) and more.

To address these shortcomings, JSS has developed SSO Plugin to accept authentication requests from

BMC Discovery by acting as an RSSO endpoint.

This means SSO Plugin can behave like RSSO when accepting authentication requests from BMC Innovation Suite / Configuration Manager Dashboard. Customers can continue using SSO Plugin and

all of its features, without installing and deploying RSSO.

Customers can reuse an instance of SSO Plugin already deployed for any other existing application, ie

Mid Tier and MyIT/SmartIT.

To install the SSO Plugin - RSSO Interface on the MidTier(s), please follow these steps:

1. Stop the MidTier Tomcat

2. Copy the rsso.war file from the SSO Plugin download to the MidTier Tomcat\webapps

directory:

a. The rsso.war file can be found in the root of the SSO Plugin download

b. The typical Tomcat webapps directory is: C:\Program Files\Apache Software

Foundation\Tomcat 7.0\webapps

c. Tomcat will automatically extract the war file on startup

3. Start the MidTier Tomcat

Verify the Cookie Domain Values

This value must match the domain name in which your application runs. For example, if a user types

https://discovery.mycorp.com/ao into a browser to access Discovery, the conf-cookie-domain must be

set to .mycorp.com. You can also set it to mycorp.com if you have multiple applications running

within the mycorp.com domain.

This value exists on the Mid Tier installed with SSO Plugin. Open the rsso.properties file which by

default will be in the following directory:

C:\Program Files\Apache Software Foundation\Tomcat 7.0 \webapps\arsys\WEB-

INF\classes\rsso.properties

It is recommended that you only change two of these values.

The rules for these values are:

conf-cookie-domain If you browse to MidTier with

http://yourMidTier.YouDomain.com/arsys/

then the conf-cookie-domain should be se to .YouDomain.com (note the full

stop as the first character).

conf-cookie-name Must be a unique value for this SSO Plugin instance and must start with sso

underscore, ie. sso_midtier1

Full example of the file:

conf-cookie-domain=.YouDomain.local

conf-cookie-name=sso_midtier1

conf-realm-tenant-*=*

conf-realm-domain-*=*

conf-tenant-domain-*=*

rsso.version=9.1.01

If you do not understand how to configure this file, please contact support@javasystemsolutions.com.

Mid Tier 9.1.04+: Failure when using SAML

BMC has started shipping a range of old libraries in the websvc.jar file in WEB-INF/lib directory. One

of these libraries can cause SSO Plugin to fail in some circumstances (ie when using SAML). If you

see this message in the localhost.log file:

13-Apr-2018 08:38:30.767 SEVERE [Thread-6]

org.apache.catalina.core.StandardWrapperValve.invoke Servlet.service()

for servlet [default] in context with path [/arsys] threw exception

[Filter execution threw an exception] with root cause

java.lang.NoSuchMethodError:

org.apache.xml.security.transforms.Transform.setSecureValidation(Z)V

Then follow these steps:

1. Locate the websvcjava91_xxx.jar and open it in WinZip or some other tool.

2. Delete the following directory: org/apache/xml

3. Restart Mid Tier.

Verifying the SSO Plugin RSSO service is working

To verify that the SSO Plugin RSSO service is working, browse to the following:

https://yourMidTierWithSSOPlugin/arsys/jss-sso/api/rsso/rest/version

and the reply should look like this:

{"serverVersion":"9.x.x"}

Enabling SSO Plugin logging

BMC ships some incredibly old libraries with BMC Mid Tier and most recently, a jar file called slf4j-

jdk14-1.5.8.jar which causes the SSO Plugin logging system to not function. Please rename this file to

slf4j-jdk14-1.5.8.jar_.

Replacing the BMC Mid Tier login page

It is common to find users bookmark the BMC login page, ie /arsys/shared/login.jsp. This results in

support enquiries as SSO will not be activated when this page is requested by users.

Therefore, a replacement login page has been provided that is consistent with BMC branding but also

highlights the SSO facility to the user. To install the page, follow these steps:

1. Locate existing Mid Tier login.jsp page under the Mid Tier shared directory.

2. Rename the existing login.jsp to login.jsp.old.

3. Create a new file login.jsp and place the following in it:

<jsp:forward page="/jss-sso/manuallogin" />

SSO Administration Console

JSS provides an AR System Application called SSO Administration V5 which allows customers to

manage SSO licenses and report on the SSO activity of the instance.

There are two Roles that are imported into the system.

Role Name Detail

SSO Administrator -92500 This role should be mapped to the Administrator group and

allows licenses to be managed.

SSO Dashboard Viewer -92500 This role allows access to the SSO Dashboard alone for monitoring purposes. The standard installation maps this role to the

Administrator group

Access to the console is via the Application menu bar > SSO Administration v5 > SSO AR System

License Console

SSO Dashboard

Upon opening the console, the SSO Dashboard will appear. Over time, this will present real time

information regarding SSO authentication within the customers environment.

Some example of the dashboard data includes:

• How many success or failures has accrued

• Among the failures, which product and which IP e.g. X number from Mid Tier with IP

192.168.1.1

• How many users are authenticating using a specific authentication method. E.g. SAML,

Windows NTLM etc

• Number of authentications from which BMC Product e.g. Mid Tier, MyIT, Dashboards etc

• Which browsers and versions are being used

Screenshot example of the SSO Dashboard

ITSM Incident Mapping

The product allows incidents to be raised when a user can not access the product. The configuration

interface is linked from the SSO License and Reporting Console and looks like this:

The event type drop down selects the type of SSO failure event that will be mapped to the incident

and the default event type will be used if a specific type is not configured. When the mapping has

been located, SSO Plugin will submit data to the BMC Incident Management application through the BMC out of the box HPD:IncidentInterface_Create form. This is completely configurable and easily

configured using the Incident Mapping form showed in the screenshot.

The special variables ($SSO_USERNAME$, $SSO_DNS_DOMAIN$, etc), that are also used for the user

aliasing feature, can be used when mapping text to a field.

SSO Authentication Reporting

A standard report is installed for reporting on authentications. This can be accessed from the SSO

License and Reporting Console > License & Administration > Reports > User Access

The BMC Deployable Application cannot allow us to install the report definitions without importing and overwriting the BMC forms, which isn't recommended. Therefore the individual reports are available

for manual import within the SSO Plugin download under the 1 - AR System directory.

There are two sets of data that need to be imported into two forms; Report and Report Definition.

Run the BMC Remedy Data Import

tool. Create a new mapping and select the

JSS_SSO_StandardReports_Report.xml

Select the Target server from the

dropdown and select Report for the

Target Form Name. Click Auto Map. Save the mapping. Finally click Import

menu item.

Repeat for the remaining .xml file(s)

within the directory

Self-service ITSM user creation

This feature removes the need for daily synchronisation with a corporate Active Directory because

new starters can register themselves with ITSM by virtue of passing through the configured SSO

system.

The product provides a feature to allow user accounts to be created when a user does not have an

account in ITSM. To use this feature, a Person Template must be configured in the SSO Plugin Mid Tier interface. The user is asked to supply their first name, last name, email address and phone

number, which when combined with the Person Template, will be used to generate a new entry in the

People form.

Manually configuring AR System

If for any reason the installation program fails, as always, you can contact JSS support. However, you

can manually install the product with the following steps, which assume you have copied the JSS

AREA plugin files to the AR System server pluginsvr directory.

Import workflow

Before doing this, set the AR System cache mode to development. This is to ensure the definition file

loads correctly.

Locate the jss-sso-workflow.def file within the downloaded zip from the evaluation package.

Within BMC Developer Studio, select Import > Application

Locate the jss-sso-workflow.def file within the downloaded zip from the evaluation package.

Select the following checkboxes and menu items exactly as the screenshot below

And click Finish

Configuring the AR System plugin server

To enable the JSS AREA plugin, the AR System plugin server configuration file (pluginsvr_config.xml) must be updated. Open the file in your favourite text editor, locate the XML element <plugins> and

add the following plugin definition, setting the correct file system path to the jss-sso-area.jar file:

<plugin><name>JSS.SSO.AREA</name><classname>com.javasystemsolutions.sso.are

a.JSSAREAPlugin</classname><pathelement type="location">/path/to/jss-sso-

area.jar</pathelement></plugin>

JSS AREA plugin log file

The JSS AREA plugin creates its own log file called jss-ssoplugin.log. It is written to the current working directory when the plugin server starts, which is typically similar to C:\Program Files\BMC

Software\ARSystem on a Windows installation. You can search for the file using a tool such as

Windows Explorer or the Unix find command (ie find /path/to/ARSystem –name jss-*.log).

BMC Remedy SSO support

BMC have produced yet another single-sign on solution using similar principals to the BMC AtriumSSO

(a re-badged open source OpenSSO/OpenAM product), but are struggling with reliability & support.

Despite RemedySSO’s shortcomings, some BMC products (such as Atrium Orchestrator) will not install

without RemedySSO installed – and in some cases, different BMC products require different versions

of RemedySSO!

Each BMC product, such as ITSM, MyIT, AO, Discovery (etc) includes a RemedySSO agent, and this

talks to the RemedySSO service. The agent uses a variety of different HTTP calls to integrate with the

RemedySSO service.

SSO Plugin 5.1 provides a service that is compatible with a RemedySSO server, allowing you to

integrate any BMC application that claims only to support RemedySSO with SSO Plugin.

This service is available when SSO Plugin has been integrated with BMC Mid Tier or MyIT and uses

the AR System database (by storing data within existing JSS forms). The endpoint is located at /jss-

sso/api/rsso, hence an example URL (to configure during application installation) is:

http://host:8080/arsys/jss-sso/api/rsso

Each BMC product that requires RemedySSO has been documented separately, ie BMC Atrium

Orchestrator and BMC Discovery.

Configuring the service

Various configuration options exist within RemedySSO and have been replicated in the SSO Plugin re-

implementation.

One option (conf-cookie-domain) require immediate configuration. To do so, locate the rsso.properties file in the application WEB-INF/classes directory and open it in your favourite text

editor.

The conf-cookie-domain value must include the domain name in which your applications (ie Mid Tier & AO) run. For example, if a user types https://ao.mycorp.com/ao into a browser to access

Atrium Orchestrator and https://midtier.mycorp.com, the conf-cookie-domain must be set to

.mycorp.com. You must include a full stop as the first character of the domain, ie .mycorp.com.

Deploying the JSS rsso.war file

BMC provide a RemedySSO ‘agent’, which is a Java module that communicates with the RemedySSO

service. We discovered a design fault in the agent (version 9.0) which assumed RemedySSO was running under the path /rsso even if a different endpoint had been configured during the installation

of the RemedySSO server, ie /apps/remedysso.

This proved problematic when SSO Plugin’s RemedySSO service was configured with Mid Tier, which

traditionally uses the path /arsys, or MyIT, which uses the path /ux.

To solve this problem, a small redirection application called rsso.war has been included in the SSO

Plugin installation files. This must be deployed in the same Java webserver (ie Tomcat) as the Mid

Tier or MyIT applicaton being used to provide the RemedySSO service.

To do install the redirection application, follow these steps:

1. In the SSO Plugin installation files, locate the rsso.war file.

2. Copy the rsso.war file to the Tomcat webapps directory.

3. Start Tomcat and it will expand the rsso.war file into a directory called rsso.

4. In the rsso directory, locate the file urlrewrite.xml in the WEB-INF directory and open in your

favourite text editor.

5. Locate the following line and configure the endpoint directly, ie enter /arsys or /ux for Mid

Tier or MyIT respectfully – or a custom path if one has been used.

<to type="redirect">/arsys/jss-sso/api/rsso/$1</to>

Extensions to AR System authentication

The AR System User form contains a status field that can be set to current and disabled. AR System

ignores this setting but the SSO Plugin Mid Tier component does not, so you can disable AR System

accounts by using this setting for all authentications passing through an SSO enabled Mid Tier.

Upgrades

A separate document covers the process for upgrading 4.x to 5.x.

When using current minor release

When the current release of SSO Plugin is already deployed, ie you have version 5.0.1 installed and

you wish to update to version 5.0.5, the following steps should be followed unless the

CHANGELOG.txt file states differently:

1. Stop AR System.

2. Copy the jss-sso-area.jar file from the installation files into the AR System server pluginsvr

directory.

3. Start AR System.

4. Stop Tomcat running Mid Tier.

5. Replace the Mid Tier files, ie copy the contents of the Mid Tier directory into the Mid Tier.

6. Delete the Tomcat 'work' directory, which is a temporary cache directory re-created when

Tomcat starts.

7. Start Tomcat.

Identity Federated Applications: BMC Analytics, Dashboards, etc.

Copy the relevant jar files from the installation files to the third party application.

For example, copy the jar files in Identity Federated Applications/businessobjects/WEB-INF/lib (from the installation files) to the relevant location in the Business Objects installation, as per the original

deployment.

Uninstalling SSO Plugin

To uninstall SSO Plugin, follow these steps:

1. Go to the SSO Plugin Mid Tier status page and click the disable Mid Tier button. Mid Tier will

require restarting.

2. Delete the files copied from the installation set to the Mid Tier web application directory. If

you are going to upgrade SSO Plugin, this can be skipped as the new files will overwrite the

old files.

3. Delete the jss-sso-area.jar file from the AR System server pluginsvr directory.

4. Remove the JSS workflow (forms, active links and filters) prefixed with JSS.

5. Restart both AR System and Mid Tier.