Configuring Multi-Foundation Support in Apps Manager
Page last updated:
This topic describes how to configure multi-foundation support in Apps Manager.
Overview
Configuring multi-foundation support in Apps Manager allows you to search, view, and manage orgs, spaces, apps, and service instances across multiple foundations from a single interface.
Configure Multi-Foundation Support
This section describes the procedures for configuring multi-foundation support in Apps Manager.
Configure PAS
This section describes how to configure Pivotal Application Service (PAS) on a foundation to enable multi-foundation support in Apps Manager.
To configure multi-foundation support in Apps Manager:
In the PAS tile of one of your foundations, select Apps Manager.
For Multi-foundation configuration (beta), enter a JSON object for each additional foundation that you want to manage. Use the following format for the JSON object:
{ "FOUNDATION-NAME": { "ccUrl": "https://api.FOUNDATION-SYSTEM-DOMAIN.com", "systemDomain": "FOUNDATION-SYSTEM-DOMAIN.com", "usageServiceUrl": "https://app-usage.FOUNDATION-SYSTEM-DOMAIN.com", "invitationsServiceUrl": "https://p-invitations.FOUNDATION-SYSTEM-DOMAIN.com", "logoutUrl": "https://login.FOUNDATION-SYSTEM-DOMAIN.com/logout.do", "metricsUrl": "https://metrics.FOUNDATION-SYSTEM-DOMAIN.com", "uaaUrl": "https://login.FOUNDATION-SYSTEM-DOMAIN.com" } }
Where:
FOUNDATION-NAME
is a name for the foundation.FOUNDATION-SYSTEM-DOMAIN
is the system domain of the foundation. The system domain is listed in the Domains pane of the PAS tile.metricsUrl
is an optional field. If Pivotal App Metrics is installed on the foundation, provide the Pivotal App Metrics URL.
Do one of the following, depending on your version of PAS:
For PAS versions v2.8.4 and later: In the Redirect URIs field, enter a comma-separated list of the URI for each additional foundation on which you enabled multi-foundation support. Use the following format for each URI:
https://apps.FOUNDATION-SYSTEM-DOMAIN.com/**
Where
FOUNDATION-SYSTEM-DOMAIN
is the system domain of the foundation on which you enabled multi-foundation support.For PAS versions v2.8.3 and earlier: Follow the procedure in Add Redirects in UAA (For PAS v2.8.3 and earlier) to add redirects for each foundation you want to manage with Apps Manager.
Add Redirects in UAA (For PAS v2.8.3 and earlier)
The Apps Manager UAA clients on each foundation you want to manage must include a redirect to the foundation on which you enabled multi-foundation support. This allows Apps Manager to redirect to the other foundations and back when authenticating with UAA. For more information about UAA clients and configuring valid redirect URIs, see Client.redirect-uri in UAA Concepts.
To add redirects:
Install the UAA CLI. See the Cloud Foundry UAA Command Line Client repository in GitHub.
Record the UAA admin client credentials password for a foundation you want to manage with Apps Manager:
- In the Credentials tab of the PAS tile, for Admin Client Credentials, click Link to Credentials.
- Record the value in the
password
field.
Target UAA on the foundation:
uaac target uaa.FOUNDATION-SYSTEM-DOMAIN.com
Where
FOUNDATION-SYSTEM-DOMAIN
is the system domain of the foundation.Generate a token for the UAA admin client:
uaac token client get admin -s ADMIN-CLIENT-PASSWORD
Where
ADMIN-CLIENT-PASSWORD
is the Admin Client Credentials password you recorded in step 2.Record the UAA redirect URIs. To view the redirect URIs on the UAA
apps_manager_js
client:uaac client get apps_manager_js
Add the URI of the foundation on which you enabled multi-foundation support to the
apps_manager_js
client:uaac client update apps_manager_js --redirect_uri \ 'PREVIOUS-REDIRECT-URIS,https://apps.FOUNDATION-SYSTEM-DOMAIN.com/**'
Where:
PREVIOUS-REDIRECT-URIS
is one or more redirect URIs that you recorded in the previous step. Include the previous redirect URIs in the command to ensure they are not overwritten.FOUNDATION-SYSTEM-DOMAIN
is the system domain of foundation on which you enabled multi-foundation support.
Repeat steps 2 through 6 for each foundation you want to manage with Apps Manager.
Add Trusted Certificate Authorities
Apps Manager must be able to validate the certificate authorities (CAs) used by all foundations.
If any foundation uses a certificate for TLS termination that is not signed by a globally-trusted CA, add the CA that signed the TLS certificate as a trusted CA on the foundation on which you enabled multi-foundation support.
For more information, see Setting Trusted Certificates.
(Optional) Configure the SAML Identity Provider
Pivotal recommends that all foundations use the same external SAML identity provider. This allows Apps Manager to automatically authenticate with the identity provider.
To configure all foundations to use the same SAML identity provider:
In the PAS tile, select Authentication and Enterprise SSO.
Verify that the foundation uses the correct provider for Provider name.
Repeat the above steps for each foundation in your deployment.
For more information on UAA and identity providers, see Identity Providers in UAA.
For more information on how to set up identity providers in UAA, see Adding Existing SAML or LDAP Users to a Pivotal Platform Deployment.