Single Sign-On (SSO) controls access to Web applications. In SSO mode, the applications are protected resources. When a user tries to log in, a Web agent intercepts the request and prompts the user for login credentials. The Web agent passes the user's credentials to a policy server, which authenticates them against a user data store. With SSO, once the users log in, they are logged in to all Web applications during their browser session (as long as all Web applications authenticate against the same policy server).
To set your web Single Sign-On settings:
- Open the Primavera P6 Administrator.
- In the Authentication tab, select your configuration from the drop-down list.
- Select Authentication.
- In the Login Mode drop-down list, select WebSSO.
- To configure Web Single Sign-On settings:
Note: Changes to these settings require you to restart the P6 server.
- Select Allow Alternate Login Attribute when using Oracle Single Sign-On, and you want to use an SSO login attribute other than the P6 user name. For example, you will enter your email address when authenticating Oracle Single Sign-On, but your P6 user name will map to the LDAP's UID field.
- In the User Name Header Key field, enter the name of the HTTP Header you specified in the policy server.
The value you specify must match the property you created under the policy domain/realm, where the Web server for P6 resides.
For Oracle Single Sign-On, the value should be Proxy-Remote-User. The Proxy-Remote-User should match the LDAP server attribute that maps to the P6 EPPM database USER_NAME field. See Provisioning LDAP User Information for the First Time for details.
For Oracle Access Manager, the value should be OAM_REMOTE_USER, which is the default value.
- In the Context Path Override field, enter the path used to pass web requests from the Single Sign-On Web server to the P6 server. The default listed is the value for P6 (/p6).
Note: If you enable the Allow Alternate Login Attribute setting, you must configure the Header Key and LDAP Search Attribute settings. You must also configure the LDAP settings for the appropriate database instance to establish a connection to the LDAP server. See Provisioning LDAP User Information for the First Time for details.
- In the Header Key field, enter the HTTP Header Key which contains the global user ID. The default value is Osso-User-Guid.
- In the LDAP Search Attribute field, enter the LDAP attribute searched by the Header Key to authenticate users. The default value is orclguid.
Note: You must configure the LDAP settings for the appropriate database instance to establish a connection to the LDAP server.