Configuring an Authentication Scheme

Once you have a data source that stores a connection to your LDAP server, you have to create an authentication scheme for your Primavera applications. An authentication scheme is a named component that defines the challenge mechanism that is required to authenticate a user. For example, the authentication scheme determines if you will use form based authentication, basic authentication, Windows Native Authentication, and so on.

To create a new authentication scheme, follow the instructions in the Managing Authentication Schemes section of the Fusion Middleware Administrator's Guide for Oracle Access Management, which can be found at the following URL.

If you already have an authentication scheme, you can use it as a template to provide form based authentication for your P6 EPPM applications.

To duplicate an authentication scheme:

  1. Log in to the Oracle Access Manager Administration Console.
  2. Navigate to the Policy Configuration tab.
  3. Expand Authentication Schemes.
  4. Click LDAP Scheme.
  5. Click duplicate icon for Authentication Scheme Duplicate.
  6. In the Authentication Schemes dialog box, complete the following:

    Note: When you duplicate an existing authentication scheme and are use it as a template for your Primavera applications, many of the fields in the Authentication Scheme dialog box will be prepopulated. You do not need to alter the following fields:

    • Description
    • Authentication Level
    • Default
    • Challenge Method
    • Challenge Redirect URL
    • Challenge URL
    • Context Type
    • Context Value
    • Challenge Parameters
    1. In the Name field, enter a name for your Authentication Scheme.
    2. In the Authentication Module field, select the authentication module that you created for your LDAP data source.
    3. Click Apply to create the new authentication scheme.

      Note: By default, the ssoCookie:httponly challenge parameter is enabled in an authentication scheme. This parameter helps to prevent JavaScript running in the browser from accessing the ObSSOCookie; however, it is necessary to read ObSSOCookie in order to give applets and iFrames the ability to read from an existing authenticated session.

      If this challenge parameter is turned on it will result in the following two issues when using P6 EPPM over SSO:

      • Error: "java.lang.ClassFormatError: Incompatible magic value 1008813135 in class file Applet" or "Prompt For Re-authentication When Loading Any Applet When Configured For Oracle Access Manager (OAM)". For more information about these prompts, see Doc ID = 1242418.1 at My Oracle Support.
      • Applets In P6 Are Generating A "Java Authentication Required" Prompt After Reaching The Oracle Access Manager Session Lifetime Threshold. For more information about this prompt, see Doc ID = 1596987.1 at My Oracle Support.

        To prevent these prompts from occurring, the following challenge parameters should be added to the authentication scheme created:

      • ssoCookie=disablehttponly
      • miscCookies=disablehttponly

        For more information about the cookies used during SSO, see Understanding SSO Cookies of the Fusion Middleware Administrator's Guide for Oracle Access Management.

Related Topics

Configuring Oracle Access Manager and the Oracle HTTP Server WebGate for Single Sign-On

Registering an Identity Store

Creating an Authentication Module

Configuring a Host Identifier

Protecting Your Resources

Mapping Your Authentication Scheme to Your Authentication Policy

Testing Your Single Sign-On Implementation


Legal Notices | Your Privacy Rights
Copyright © 1999, 2020

Last Published Thursday, December 10, 2020