• Inok Systems

BMC Atrium SSO SSL Implementation and Best Practices – Part 3

會員評等:  / 0
佳 

Previous blogs we have discussed about enabling SSO for BMC products, generating and signing SSL certificate. In this section we discuss how to configure tomcat with SSL certificate.

Configure Tomcat with SSL

1.   Stop tomcat services

2.   Go to the installation directory of Tomcat server and copy the back up of server.xml file 

3.   Find the following section and edit as follows.

<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true"

              maxThreads="300" scheme="https" secure="true"

              maxHttpHeaderSize="32768"

              clientAuth="false" sslProtocol="TLS" ciphers=“TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA"

              keystoreFile="D:\Program Files\BMC Software\AtriumSSO\tomcat\conf\keystore.p12"

              keystorePass="changeit"

              keyAlias="AtriumSSO"

              truststoreFile="D:\Program Files\BMC Software\AtriumSSO\tomcat/conf/cacerts.p12"

              truststorePass="changeit"

              truststoreType="PKCS12" />

 

If you don’t want Tomcat to use the default SSL port, change all instances of the port number "8443" to custom port.

 

4.   Start Tomcat

Note:Due to Logjam vulnerability issue (https://weakdh.org/) modern browsers disabled DH support, you may receive ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY error in Chrome (>v45) and Firefox (>v39). You can disable weak ciphers in tomcat server.xml as shown above.

BMC Analytics SSO Agent Manual Deployment

If you use Atrium SSO integration installer with customised tomcat port then installer may not able determine the tomcat port number. Such cases you can follow the below command to deploy the Atrium SSO agent manually. After executing the below command login to SSO Admin console and verify the agents status.

 

C:\Program Files (x86)\BMC

Software\BMCAnalyticsForBSM\BSMAnalytics\jvm\jre\bin\java.exe" -jar deployer.jar --container-type TOMCATv7 --install --atrium-sso-url

https://<Atrium SSO URL>:8443/atriumsso --admin-name amadmin --container-base-dir "D:\Program Files (x86)\SAP BusinessObjects\tomcat"

--admin-name amadmin --admin-pwd <sdsds> --web-app-url  https://<ANALYTICS URL>:8443/BI --web-app-logout-uri https://<Atrium SSO URL>:8443/atriumsso/UI/Logout?realm=BmcRealm

Random Blogpost

In Smart Reporting, there is a feature called Source Filters in Smart Reporting. Using Source Filter, we can restrict user to view data based on the user’s profile for each report.

閱讀全文...