After you have Oracle Access Manager configured with a connection to your LDAP server, a host identifier that links to your Oracle HTTP Server WebGate for Oracle Access Manager, and an authentication scheme, you need to create an application domain so that you can setup policies to protect your resources and to configure a policy that points to the authentication scheme that you want to use.
For more information about resource policies, refer to the Managing Policies to Protect Resources and Enable SSO section of the Fusion Middleware Administrator's Guide for Oracle Access Management, which can be found at the following URL. For the steps to protect your resources, refer to Configuring Protected Resources under an Application Domain.
Oracle recommends that you protect your context roots with the following conventions:
/context
For example, the connection
http://<host_name>:<port>/<context>
will be recognized as a protected resource./context/
For example, the connection
http://<
host_name>:<
port>/<
context>/ will be recognized as a protected resource./
context/** or/
context/.../**For example, the connection
http://<
host_name>:<
port>/<
context>/<additional_context_roots> will be recognized as a protected resource.
The following list provides the context roots that need to be protected for each Primavera application:
Notes:
- If you require additional context roots, you must use two asterisks at the end of your connection string (for example, ...
/<
context>/**). - Protect the P6 Professional Cloud Connect resource if you intend to configure SAML authentication for P6 Professional instances that connect to a P6 EPPM database.
- P6
/p6
/p6/
/p6/**
- P6 mobile
/p6tmws
/p6tmws/
/p6tmws/**
- P6 Team Member Web
/p6tmweb
/p6tmweb/
/p6tmweb/**
- P6 Integration API
/PrimaveraAPI/APIAPPS
/PrimaveraAPI/APIAPPS/**
- P6 Professional Cloud Connect
/p6procloudconnect
/p6procloudconnect/**
- P6 EPPM Web Services
/p6ws/services
/p6ws/services/**
/p6ws/token
/p6ws/downloadtoken
- Primavera Gateway
/gatewayapi
/gatewayapi/
/gatewayapi/**
- Primavera Unifier
/bluedoor
/bluedoor/
/bluedoor/**
/bp/**
/m/**
- Primavera Data Warehouse
/p6rdb
In some instances, you must create a resource definition for context roots with an excluded protection level. For example, Primavera Gateway deployments including P6 integrations and direct AutoVue integrations without VueLink require you to configure context roots with excluded protection levels. When you attempt to connect to an application using a URL that contains an excluded context root, an SSO authentication request will not be generated.
You must configure the context roots below with an excluded protection level because they can cause SSO authentication requests to fail during connection attempts:
- Primavera Gateway
/gatewayapi/restapi/**
/gatewayapi/restapisession/usersession
- P6 AutoVue integration without VueLink
/p6/VueServlet/**
/p6/jvueDMS/**
/p6/P6AutovueJNLPLauncher
/p6/P6AutovueJNLPLauncher/**
/p6/applets/jogl.jar
/p6/applets/jsonrpc4j.jar
/p6/applets/gluegen-rt.jar
/p6/applets/jvue.jar
Note: If you have setup AutoVue integration using VueLink, you do not need to configure the preceding excluded protection context roots for AutoVue.
For the steps to exclude resources, refer to Configuring Excluded Resources under an Application Domain.