Configuring tenants for the Presentation Server in Remedy SSO
TrueSight Presentation Server leverages Remedy SSO for authenticating users. In Remedy SSO, you can create tenants (realms), user groups, and users. After installing the Presentation Server, you can associate the user groups created in Remedy SSO with the Presentation Server authorization profiles. This enables the role-based authorization to features and components of the product.
Default realm in Remedy SSO
The special character * (asterisk) is the top level tenant (realm) in Remedy SSO and is equivalent to the BmcRealm tenant in Atrium SSO.
From the TrueSight console, you can only view the user information. You must perform all modifications to the user information in Remedy SSO.
This section provides information about creating tenants in Remedy SSO and the steps to enable multi-tenancy on the Presentation Server.
Before you begin
- You must have installed the Remedy SSO.
- You must have
configured the general settings in the Remedy SSO server.
.
To add tenants (realms) in Remedy SSO
- Log in to Remedy SSO as an Admin user.
Click the Realm tab.
The default realm is displayed.Click Add Realm.
Notes
To edit a realm, click the Edit icon
for the realm that you want to edit.- To delete a realm, click the Delete icon for the realm that you want to delete. Deletion of a realm results in deletion of all users, groups of the Local User Management authentication under the realm, and all active sessions in this realm. Note that active user sessions may be related to other IdPs as well.
- Never delete the * tenant (realm) from the Remedy SSO server that is configured with the Presentation Server.
- If you delete a tenant from the Remedy SSO, you must also delete any TrueSight Presentation Server component configured to use that tenant.
On the General tab, enter the following realm details.
Field Description Realm ID Unique realm identifier. Realm ID must not be more than 80 characters and can only include alphanumeric characters and the following special symbols:
*, ., _, and -.Application Domain(s) The application domain name for the tenant (realm). The best practice is to have the same value for this field as for the Realm ID field.
The application domain name is required for the two step login process in a multi-tenant Presentation Server environment.
Ensure that you do not add the same application domain value for more than one realm.
Notes:
The Application Domain(s) field does not accept the uppercase input. Any value entered is automatically transformed to the lowercase.
(Optional) If you are using Remedy SSO v18.08 or later, for all the custom realms (tenants) that you create, provide the comma separated FQDN host names of the TrueSight Presentation Serverand TrueSight Infrastructure Management server as shown in the image. For example, if your realm is 'testrealm', the TrueSight Presentation Server hostname is 'tsps.abc.com' and TrueSight Infrastructure Management server hostname is 'tsim.abc.com'. Type all these values in the field.
You do not have to do this for the default "*" realm (tenant).
Save the changes and ignore all other tabs and fields. They are neither required nor supported by the Presentation Server environment.
To enable multi-tenancy in Presentation Server
If you have not enabled multi-tenancy after installing or upgrading the Presentation Server, perform this task. For a single tenant Presentation Server environment, you need not enable multi-tenancy. For a multi-tenant Presentation Server environment, you must enable the msp parameter using the following procedure:
Navigate to the folder based on the operating system on which you installed the TrueSight Presentation Server:
- (Windows) <Install_Directory>\truesightpserver\modules\tomcat\webapps\ROOT\WEB-INF\classes
- (Linux) <Install_Directory>/truesightpserver/modules/tomcat/webapps/ROOT/WEB-INF/classes- Open the rsso-agent.properties file.
- Uncomment the msp-deployment=true parameter and save.
Navigate to the folder.
- (Windows) < install_Directory>\truesightpserver\bin
- (Linux) < install_Directory>/truesightpserver/bin- Run the following commands to restart the Presentation Server:
tssh server stop
tssh server start
Notes
- The msp -deployment=true parameter is commented by default after installing or upgrading a single tenant TrueSight Presentation Server.
- The msp -deployment=true parameter is enabled by default after upgrading an existing multi-tenant TrueSight Presentation Server.
- The msp -deployment=true parameter must be uncommented (enabled) after installing a multi-tenant TrueSight Presentation Server.
Where to go from here
Configuring user authentication for the Presentation Server in Remedy SSO
Comments
Log in or register to comment.