Agent manager

The Agent manager provides an Agent panel that allows you to edit, delete, and search for an agent as well as provides the agent name, realm, and the state. The state indicates whether the agent is running or is down. When you search for an agent, *, returns all the names and applies to all the columns in the agent panel. Finding the filter string within any of these values selects the agent to be returned for display. This feature allows you to filter the list of agents by specifying a value, for example, Running.

Configuring agent editor properties

The agent editor allows you to modify the configuration of an agent. By modifying the agent configuration, you can resolve problems caused by environment difficulties. For example, with a remote host, the host may report their FQDN (Fully Qualified Domain Name) incorrectly using a plain name such as machine instead of machine.bmc.com. You can also associate realms to an agent using agent editor.

The Agent Editor is launched when you select an agent and click Edit. The agent editor provides the following options:

Unknown macro: {multi-excerpt-include}

You can configure agent editor using following properties:

Parameter	Description
Notification URL	The URL where the agent will receive notifications from the server about session logouts. It is composed of the products base URI with "/atsso" concatenated to the end. For example, https://sample.bmc.com/arsys/atsso
Status	Determines whether the agent is enforcing SSO authentication (active) or not (inactive).
Logging Level	The level of logging the agent will perform in the product.
Redirect Limit	The number of times that the agent redirects the browser to the server for authentication before signaling an error- 0 means infinite.
Password and Confirm Password	Password used by the agent to access its configuration in the SSO server.
Cookie Name	The cookie name is the name of the cookie that agent will check for the SSO session token. It should match the cookie name of the server configuration. Note: To ensure browser compatibility, the cookie name should contain only alphanumeric and underscore characters.
Web App Logout URI	Specifies the URI that signifies a logout event for the web app. The Web Agent maps the server hostname (which is used by users to access a protected application) to the full logout URL. For example, `arsys/shared/loggedout.jsp` is appended to the default URL.
Login URI and Logout URI	Login and logout URIs are the locations that the agent will send the users browsers when the specified function is needed. When an agent is federated, the login and logout URLs for the agent must be modified to interact with the IdP. You can set two different URL formats: Default realm URLs — This format is used when you are using any other type of authentication in BMC Atrium Single Sign-On. `https://<fqdn>:<port>/atriumsso/UI/Login?realm=<realm-name>` `https://<fqdn>:<port>/atriumsso/UI/Logout?realm=<realm-name>` SAMLv2 URLs — This format is used when you are using SAMLv2 for authentication in BMC Atrium Single Sign-On. `https://<fqdn>:<port>/atriumsso/spssoinit?metaAlias=<metaAlias>&idpEntityID=<idp> https://<fqdn>:<port>/atriumsso/samlv2/jsp/spSingleLogoutInit.jsp?idpEntityID=<idp>` Note: If you want to provide a customized landing page after the user logs out of the application, add the following to the logout URLs: For realm Logout URL - `&goto=customized_logoutURL`. For example, `https://xyz.bmc.com:8443/atriumsso/UI/Logout?realm=/BmcRealm&goto=http://www.bmc.com` For SAMLv2 Logout URL - `&RelayState=customized_logouturl`. For example, `https://xyz.bmc.com:8443/atriumsso/saml2/jsp/spsSingleLogoutInit.jsp?idpEntityID=IDP&RelayState=http://www.bmc.com`
Login Probe and Logout Probe	The probe validates that the destination is accessible before sending the user to the location. If they are not, the agent tells the user that the SSO system is inaccessible. The probe should be turned off in environments where the URI cannot be contacted from the agent's environment, such as when the URI contains a host that is to be accessed through a reverse proxy.
Enable Cache	Select this option to enable session cache. Disabling cache has a severe performance impact.
Fully Qualified Domain Name Mapping	This FQDN mapping allows the agent to fix the URL used to access the application in order to get the browser to send cookies to the application. The SSO session is identified through cookies. When a URL is not using a FQDN host name, the browser does not know the domain of the server and therefore, won't send any cookies to the server.
FQDN of Agent Host	The FQDN entered is the FQDN of the host where the agent is located. Enabling FQDN mapping causes the agent to perform the forwarding from the entered host names to the entered FQDN.
Trigger host list and Trigger Host Name	The hosts that will trigger the FQDN redirect to occur. The Trigger host list allows you to remove the host from the list. Trigger Host Name allows you to add a host to the Trigger host list.
Not Enforced URI and URI	The Not Enforced URI list allows you to launch URLs without authentication. For example, you may want to open images, css or javascript files without authentication. The URI field allows you to add a URI to the Not Enforced URI list. Adding URI to the list — Enter the URI and click Add. Deleting URI from the list — Select the URI and click Remove.

Agent manager

Configuring agent editor properties

Comments