Mapping realm URLs to an agent for multi-tenancy

After you add a realm and edit the authentication details, you must map the agent URLs to specific realms in the Agent Editor Console for multi-tenancy support. This mapping helps the BMC Atrium Single Sign-On server in identifying the requests coming from different tenants. The URLs specified on the Realms tab in the Agent Editor Console provides the mapping for each tenant.

Note

Realm URLs can be mapped manually, or they can be mapped automatically when a new realm is created. If you do not want to add or map a realm URL manually, select the Automatically Include New Realms check box before you add a realm in the Realms panel. For more information, see Mapping-realm-URLs-to-an-agent-for-multiple-realms.

The following topics are provided:

Before you begin

You must first add an agent on the BMC Remedy AR System server by running the BMC Atrium Single Sign-On installer for integration. This agent is used to map the realm URLs. For more information, see Running the BMC Atrium Single Sign-On installer on the AR System server.
If you will map realm URLs automatically, before you add the realm and edit the authentication details, verify that you have automated the mapping of the agent URLs to specific realms in the Agent Editor Console.

To map realm URLs automatically

On the BMC Atrium SSO Admin Console, click Agent Details.
The Agent Manager Console is displayed.
Select an agent and click Edit.
In the Agent Editor dialog box, click the Realms tab.
Select the Automatically Include New Realms check box and click Save.

Note

If you have automated the process of mapping realms, you can skip the manual process of mapping realms to the mapping list.

To add a realm to the mapping list manually

On the BMC Atrium SSO Admin Console, click Agent Details.
The Agent Manager Console is displayed.
Select an agent and click Edit.
In the Agent Editor dialog box, click the Realms tab.
Select the realm that you want to map to the web agent from the Realms drop-down list.
Click Add.
You can see the selected realm in the mapping list above the Realms drop-down list.
Note
All tenant realms that are available from the Realms panel are displayed in the Realms drop-down list. For more information about adding a new realm, see Adding-or-deleting-realms-for-multi-tenancy-support.

Agent editor parameters

Some content is unavailable due to permissions.

To map and verify realm URLs

Click Agent Details in the BMC Atrium SSO Console.
The Agent Manager console is displayed. For more information about other agent editor properties, see Agent editor parameters.
Select an agent and click Edit.
In the Agent Editor dialog box, click the Realms tab.
The list of realms is displayed in the mapping lists.
Select the realm that you want to modify and click Edit.
Modify the default Login and Logout URI manually or by clicking the following options:
- Set Default Realm URLs
  https://<fqdn>:<port>/atriumsso/UI/Login?realm=<realm-name>
  https://<fqdn>:<port>/atriumsso/UI/Logout?realm=<realm-name>
- Set Default SAMLv2 URLs{{code language="none"}}
  https://<fqdn>:<port>/atriumsso/spssoinit?metaAlias=<metaAlias>&idpEntityID=<idp>
  https://<fqdn>:<port>/atriumsso/saml2/jsp/spSingleLogoutInit.jsp?idpEntityID=<idp>
  {{/code}}
The following descriptions apply to the individual components of the URL:
1. - <port> is the port number from the Site URL (for High Availability systems) or the port number from the server URL.
  - <realm-name> is the name of the realm.
  - <fqdn> is the domain name of the BMC Atrium Single Sign-On server or load balancer (in High Availability mode).
  - <metaAlias> is the alias name of the local-sp configured for the realm.
  - <idp> is the remote IdP configured for the realm.
  Info
  You can use these formats to add the customized URLs manually.(% class="nolink" %)
If you want to validate the destination access, select Login and Logout Probe.
Click Save.