Go to the computer where you installed the Mid Tier.
Stop the mid tier service, if it is already running.
Copy all the jar files from the <MidtierInstallDir>\webagent\dist\jee\WEB-INF\lib directory to the directory.
<MidtierInstallDir>\WEB-INF\lib
For example, copy all the jar files from C:\Program Files\BMC to
Software\ARSystem\midtier\webagent\dist\jee\WEB-INF\lib C:\Program Files\BMC .
Software\ARSystem\midtier\WEB-INF\lib
Go to the <MidtierInstallDir>\Web-Inf directory and open the web.xml file in an editor.
Uncomment the <filter> and <filter-mapping> tags for the Atrium Single Sign-On filter.
These tags should look like the following:
<!--Atrium SSO webagent filter. Un-comment when needed-->
<filter>
<filter-name>Agent</filter-name>
<filter-class>com.bmc.atrium.sso.agents.web.SSOFilter</filter-class>
</filter>
<!--Atrium SSO webagent filter. Un-comment when needed-->
<filter-mapping>
Make sure that you save your changes to the web.xml file.
Go to the <MidtierInstallDir>\Web-Inf\classes directory (for example, C:\Program Files\BMC ) and open the file in an editor.
Software\ARSystem\midtier\WEB-INF\classes config.properties Add an attribute in the config.properties file.
For this, comment the DefaultAuthenticator line (arsystem.authenticator=com.remedy.arsys.
) and add the following line for the Atrium Single Sign-On Authenticator:
session.DefaultAuthenticator
arsystem.authenticator=com.remedy.arsys.sso.AtriumSSOAuthenticator Make sure that you save your changes to the config.properties file.
Go to the computer where you installed the AR System serve and open the ar.cfg (Microsoft Windows) or ( or ) file in an editor.
ar.conf UNIX Linux
The default location for Windows is C:\Program Files\BMC Software\ARSystem\Conf. Add the following SSO AREA plug-in entries to the ar.cfgfile:
10.
11.
12.
13.
(Windows) Plugin — areaatriumsso.dll For example:
Plugin: areaatriumsso.dll
Server Plugin Alias — ARSYS.AREA.ATRIUMSSO ARSYS.AREA.ATRIUMSSOFQDN of AR System server name:PluginPort
For example:
arSystemServer.bmc.
Server-Plugin-Alias: ARSYS.AREA.ATRIUMSSO ARSYS.AREA.ATRIUMSSO com:9999
Make sure that the SSO entries are listed first; otherwise they will not be used by the AR System server.
Go back to the computer where you installed the Mid Tier.
Copy the cacerts file from the JDK installed location to the Tomcat conf folder.
For example, copy cacerts from C:\Program Files\Java\jdk1.7.0_03\jre\lib\security to .
C:\Program Files\Apache Software Foundation\Tomcat6.0\conf
If your Mid Tier installation does not already include the not-enforced.txt file, save the attached file to the Mid Tier folder.
For example, right-click the link, and then select Save link as to the C:\Program Files\BMC folder.
Software\ARSystem\midtier
A typical not-enforced.txt file contains the URIs listed in the code snippet below. URIs listed in this file are
Home BMC Software Confidential
14.
not protected by the agent. Their contents are uploaded into the BMC Atrium Single Sign-On server to become part of the Agent configuration.
When you later finish integration, this file is no longer used or needed. If you must update the agent configuration, access Agent Details on the BMC Atrium SSO Admin Console to modify the Not Enforced URI Processing values.
Execute the deployer script to deploy the WebAgent.
For this, run the following script through command line interface under the deployer directory ( ):
webagent\deployer
java -jar deployer.jar --install --container-type -TOMCATversion --atrium-sso-url AtriumSSOURL<FQDNofAtriumSSOServer>:<port>/atriumsso --web-app-url
MidtierSSOURL<FQDNofMidtierServer>:<port>/arsys --container-base-dir AppServerHome --admin-name AtriumServerAdminUsername --admin-pwd AtriumServerAdminPassword --jvm-truststore "JavaHome
\jre\lib\security\cacerts" --jvm-truststore-password TruststorePassword --truststore
"AppServerHome\conf\cacerts" --truststore-password TruststorePassword --not-enforced-uri-file
"midTierPath\not-enforced.txt" --web-app-logout-uri /shared/loggedout.jsp
For example,
java -jar deployer.jar --install --container-type tomcatv6 --atrium-sso-url
https://ssoServer.bmc.com:8443/atriumsso --web-app-url http://midTierServer:8080/arsys
--container-base-dir "c:\Program Files\Apache Software Foundation\Tomcat6.0" --admin-name amadmin --admin-pwd Let$in09 --jvm-truststore "c:\Program Files\Java\jdk1.7.0_03\jre\lib\security\cacerts"
--jvm-truststore-password changeit --truststore "c:\Program Files\Apache Software
Foundation\Tomcat6.0\conf\cacerts" --truststore-password changeit --not-enforced-uri-file
15.
a.
b.
c.
16.
Make sure that the deployer script successfully finishes execution and is completed.
Tip
If the deployer script fails:
Delete the <containerBaseDir>/atssoAgents folder (for example, C:\Program ).
Files\Apache Software Foundation\Tomcat6.0\atssoAgents
Delete the agent if it exists in Agent Details on the BMC Atrium SSO Admin Console.
Re-run the deployer script after you fixed the problem (for example, added additional parameters).
Start the mid tier service.
By default, this plug-in is configured to work with the native plug-in server (C plug-in). You can also use this plug-in directly with the Java plug-in server. For more information on the configuration settings, see Using the
in the BMC Remedy AR System 8.1 online documentation.
Java plug-in server for dynamic plug-in loading
Note
If the container is not using HTTPS, the truststore and truststore-password parameters can be ignored. For example:
1.
2.
3.
java -jar deployer.jar --install --container-type tomcatv6 --atrium-sso-url
https://ssoServer.bmc.com:8443/atriumsso --web-app-url http://midTierServer:8080/arsys --container-base-dir "C:\Program Files\Apache Software Foundation\Tomcat6.0" --admin-name amAdmin --admin-pwd bmcAdm1n --jvm-truststore "C:\Program
Files\Java\jre6\lib\security\cacerts" --jvm-truststore-password changeit
--not-enforced-uri-file "C:\Program Files\BMC Software\ARSystem\midtier\not-enforced.txt"
--web-app-logout-uri /shared/loggedout.jsp
If the --web-app-logout-uri parameter is not specified, you can specify the parameter value in on the BMC Atrium SSO Admin Console:
Agent Details
On the BMC Atrium SSO Admin Console, click Agent Details. Select the agent and click Edit.
In the Logout Processing section, replace the default value with .
/arsys/shared/loggedout.jsp
When you are using a load balancer or reverse proxy, you must add the --web-app-url and URLs. In this case, the URL must be the load balancer URL and
--notify-url --web-app-url
the --notify-url must be the mid tier URL. For example:
java -jar deployer.jar --install --container-type tomcatv6 --atrium-sso-url
https://ssoServer.bmc.com:8443/atriumsso --web-app-url http://loadbalancerURL:8080/arsys --- --container-base-dir "C:\Program Files\Apache Software
Foundation\Tomcat6.0" --admin-name amAdmin --admin-pwd bmcAdm1n --jvm-truststore
"C:\Program Files\Java\jre6\lib\security\cacerts" --jvm-truststore-password changeit --not-enforced-uri-file "C:\Program Files\BMC Software\ARSystem\midtier\not-enforced.txt"
--web-app-logout-uri /shared/loggedout.jsp
For more information about containers, agents, and deployer commands, see: