Domain entry page for MSP users

In a Multi-Service Providers (MSP) scenario, the deployed applications are exposed to all MSP users through the application's URL, for example, app.onbmc.com. Remedy SSO agent defines realms that are used to authenticate MSP users so that they gain access to only those applications that are configured specifically for them.

The realms are based on MSP user's URLs. These URLs have different host name alias or URL query parameter, such as customer1.app.onbmc.com or app.onbmc.com?realm=customer1. The maintenance is difficult with this method because with the constant change in the host name aliases or URLs of a customer, the system also has to be updated.

From the Service Pack 9.1.02 release, Remedy SSO supports domain entry page for MSP users through which MSP users can provide their domain information interactively. To support this feature, a new parameter, msp-deployment, is added in the rsso-agent.properties file. If this parameter is set to true, the agent displays the domain entry page to the user.

Domain entry page workflow

Stage	Who performs	Description
1	User	Enters the application URL in the browser.
2	Remedy SSO agent	Checks the value of msp-deployment. msp-deployment is set to true: Check if the request method is POST. Goto stage 3. msp-deployment is set to false: Does not show the domain entry page and proceeds depending on the authentication method configured for the user.
3	Remedy SSO agent	POST request check. Request method is POST: Evaluate realm based on user's input. Goto Stage 5. Request method is not POST: Save original URL as request attribute and check if the domain is provided in the query parameter. Domain is specified: Evaluate realm based on the query parameter. Goto Stage 5. Domain not specified: Check if the persistent cookie is present with the domain value. Goto Stage 4.
4	Remedy SSO agent	Persistent cookie check. Persistent cookie not present: Display the domain entry page to the user. Persistent cookie present: Check if the value of msp-always-show-domain-entry-page is set to true. msp-always-show-domain-entry-page is true: Display the domain entry page to the user. msp-always-show-domain-entry-page is false: Evaluate realm. Goto Stage 5.
5	Remedy SSO agent	Evaluate realm. If realm fails to evaluate to a defined value: Display the domain entry page again to the user. If realm evaluates to a defined value: Save domain information in the persistent cookie. Provide access of the application to the user.

Configuring agent property file to provide domain entry page

Open the rsso-agent.properties file located in the folder <Appfolder>/WEB-INF/classes.
Add the following properties. For more information about the properties, see Domain page properties.
msp-deployment=true
msp-always-show-domain-entry-page=true
Important
If you set the msp-always-show-domain-entry-page to true, you must set the msp-deployment to true.
Save the file.

Domain page properties

Property name	Description
msp-deployment	Specifies whether the system shows the domain entry page to MSP users.
msp-always-show-domain-entry-page	Specifies whether the system shows the domain entry page to MSP users even if the domain is saved in the persistent cookie. In general, the parameter is set to false, but you can set it to true in case when users frequently switch between different realms or if you need to debug the system.

Changing domain information

Domain information can be changed through the following methods:

Manually clearing the persistent cookie.
Setting the msp-always-show-domain-entry-page parameter to true so that the system displays the domain entry page whenever the user logs in.
Specifying domain information explicitly using the user_domain query parameter that overwrites the previously saved value.