Configuring P6 Professional for SAML Authentication

SAML can be enabled to employ LDAP authentication for P6 Professional deployments using P6 Professional Cloud Connect when P6 EPPM has implemented Web Single Sign-In (WebSSO).

Note:

This implementation is not meant to enable SSO for P6 Professional. If you have already authenticated a P6 EPPM application with an identity store, logging in to P6 Professional with SAML will require the entry of your username and password in a configured authentication scheme (for example, form based authentication scheme).

Prior to running the procedures in this section, you must have already enabled federated identity for P6 EPPM applications using the procedures that are described in Configuring Oracle Access Manager for Federated Identity Using SAML 2.0 and have protected your resources for P6 Professional Cloud Connect using Protecting Your Resources and Configuring Protected Resources Under an Application Domain. After you have met these conditions, complete the tasks from the following list in the order that they are listed:

  1. Configuring Oracle HTTP Server WebLogic Proxy Plugin for P6 Professional Cloud Connect
  2. Configuring P6 Professional to Recognize SAML Authentication
  3. Configuring P6 Administrator application for P6 Professional SAML Authentication

Configuring Oracle HTTP Server WebLogic Proxy Plugin for P6 Professional Cloud Connect

After the application domain has been modified in Oracle Access Manager, the Oracle HTTP Server WebLogic proxy plugin must be updated to include a reference to your P6 Professional Cloud Connect URL; this allows the webgate to intercept requests and redirect users to the federated authentication login which was configured in the application domain.

To configure Oracle HTTP Server WebLogic Proxy Plugin for P6 Professional Cloud Connect:

  1. Go to <OHS_Middleware_Home>/user_projects/domains/<P6_EPPM_Domain>/config/fmwconfig/components/OHS/instances/<instance_name>.
  2. Edit mod_wl_ohs.conf.
  3. Add the following directives within the <IfModule weblogic_module> element based on your Oracle HTTP Server version and WebLogic server environment:

    For non-clustered managed servers:

    <IfModule weblogic_module>
#For Cloud Connect
<Location /p6procloudconnect>\
 WLSRequest On
 WebLogicHost <WLS_Host_Name>
 WebLogicPort <WLS_Port>
</Location>
</IfModule>

    For clustered managed servers:

    <IfModule weblogic_module>
#For Cloud Connect
<Location /p6procloudconnect>
 WLSRequest On
 WebLogicCluster <WLS_Host_Name1>:<WLS_Port1>,<WLS_Host_Name2>:<WLS_Port2>
</Location>
</IfModule>
  4. Save the file.
  5. Restart Oracle HTTP Server.
    1. Go to <OHS_Middleware_Home>/user_projects/domains/base_domains/bin.
    2. Depending on your operating system, complete the following:

      • For UNIX, run the following in a terminal:

        ./stopComponent.sh <component_name>

        ./startComponent.sh <component_name>

      • For Windows, run the following in a command prompt:

        stopComponent.bat <component_name>

        startComponent.bat <component_name>

Configuring P6 Professional to Recognize SAML Authentication

To configure P6 Professional to recognize authentication through SAML:

  1. Create or modify the P6 Professional Cloud Connect database alias using the Oracle HTTP Server host and port that was configured with the WebGate. For instructions on how to create or modify the P6 Professional Cloud Connect database alias, refer to How To Create Or Modify A Database Alias For Project Management (Also Known As P6 Professional or Optional Client), Methodology Management, Job Services or Contractor (Doc ID 899068.1) at https://mosemp.us.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=211956235835694&id=899068.1&_afrWindowMode=0&_adf.ctrl-state=17jza9qzmg_4.

    For example:

    <database_name>@<OHS_Host_Name>:<OHS_Port>/p6procloudconnect

  2. On the machines used to launch P6 Professional, go to dbconfig.exe. For example, C:\Program Files\Oracle\Primavera P6\P6 Professional. This opens the Database Configuration dialog box.
  3. On the Welcome to DB Config page, in the Database Configuration dialog box, click Next.
  4. On the Select Database Alias Task page, in the Database Configuration dialog box, complete the following:
    1. Click Modify an existing database alias.
    2. Click Next.
  5. On the Select Database Alias Task page, in the Database Configuration dialog box, complete the following:
    1. In the Database alias field, enter the database alias that you created earlier in this section.
    2. In the Driver type field, select P6 Pro Cloud Connect.
    3. Click Next.
  6. On the Configure P6 Professional Cloud Connect Server page, in the Database Configuration dialog box, complete the following:
    1. In the Database field, enter the connection details for your P6 EPPM database.
    2. In the URL field, enter the P6 Professional Cloud Connect URL.
    3. In the Read Timeout field, enter the amount of time P6 Professional will wait to receive a response from the P6 Professional Cloud Connect server.
    4. Select Use SAML SSO.
    5. Select Enable Client-side Cache.
    6. Click Next.
  7. Click Next.
  8. Click Finish.

Configuring P6 Administrator application for P6 Professional SAML Authentication

To configure P6 Administrator application for P6 Professional SAML Authentication:

  1. Open P6 Administrator application.
  2. In the Configurations tab, expand your configuration.
  3. Expand P6ProCloudConnect, and then complete the following:
    1. Expand Authentication.
    2. In the Mode field, select SAML Token Profile.
  4. Click Save Changes.
  5. Ensure that Login Mode and Authentication have been set to WebSSO.

    For information on setting Login Mode and Authentication to WebSSO, see Configuring P6 EPPM for Single Sign-On.

  6. Restart the managed servers that host P6 Professional Cloud Connect.