Prerequisites for Configuring Single Sign-On

The following prerequisites must be completed for all of the Primavera applications.

Installing Oracle HTTP Server

To learn about installing Oracle HTTP Server 12c, see Installing and Configuring Oracle HTTP Server, then see:

• Chapter 1: Planning Your Oracle HTTP Server Installation
• Chapter 2: Installing the Oracle HTTP Server Software

Also see the following documents on My Oracle Support:

How To Install Oracle HTTP Server(OHS)12c In Standalone And Colocated (Managed through WebLogic Server) Domains (Doc ID: 1575618.1)

How To Install Oracle HTTP Server(OHS)12c In Colocated (Managed through WebLogic Server) Domains (Doc ID: 1606339.1)

Note:

Oracle Access Manager 12c is bundled with the Oracle HTTP Server 12c download. When you install Oracle HTTP Server 12c, you can install Oracle Access Manager 12c at the same time.

Configuring the Proxy Plugin Module for Oracle HTTP Server for P6 EPPM

To learn more about configuring Oracle HTTP Server as a proxy, see Using Oracle WebLogic Server Proxy Plug-Ins 12.1.3, and then see the following sections:

• Section 2.1: Prerequisites for Configuring the WebLogic Proxy Plug-In
• Section 2.4:Configuring the WebLogic Proxy Plug-In Manually

See also the following My Oracle Support document:

How To Configure Oracle HTTP Server (OHS) WebLogic Proxy Plugin For Primavera P6 EPPM Web Applications (Doc ID: 1446675.1)

Installing the LDAP Directory Server

You must have a supported LDAP server. You also need to create a group of users who you want to have access to the application. See the Tested Configurations document for supported LDAP servers.

Installing Primavera Applications

Install the most recent version of the Primavera applications that you want to configure for SSO.

For more information about installing each of the Primavera products, refer to the installation and configuration documents for the respective products on Oracle Help Center.

Installing and Configuring Oracle Access Manager

To install and configure Oracle Access Manager, see the Installing and Configuring Oracle Identity and Access Management chapter of the Oracle Fusion Middleware Installation Guide for Oracle Identity and Access Management.

Configuring and Registering Oracle HTTP Server WebGate for Oracle Access Manager

WebGate is an access client for enforcing access policies on HTTP-based resources. The WebGate client runs as a plugin that intercepts HTTP requests for web resources and forwards them to the access server where access control policies are applied. You must configure it on the same Oracle HTTP Server on which you have installed your product instances. WebGate is automatically bundled with Oracle HTTP Server 12c.

To configure Oracle HTTP Server 12c, see the Configuring Oracle HTTP Server 12c WebGate section of the Oracle Fusion Middleware Installing and Configuring Oracle HTTP Server guide.

After your WebGate has been configured with an Oracle HTTP Server, you must register your WebGate with Oracle Access Manager by using the Oracle Access Manager Administration Console.

To register your WebGate with Oracle Access Manager, see the Registering and Managing OSSO Agents Using the Console section of the Fusion Middleware Administrator's Guide for Oracle Access Manager with Oracle Security Token Service.

Adding OAMIdentityAsserter Provider in WebLogic

In order to add the OAMIdentityAsserter provider in WebLogic for the web-based Configuration Utility and Primavera Gateway, you must download and install Oracle Application Development Framework (ADF) and extend your WebLogic domain using Oracle Java Required Files (JRF) templates. The Oracle JRF template configures components that are not included in the WebLogic Server installation and is used to configure domains that contain applications that are developed using Oracle ADF and other core components.

Use the following list for guidance to ensure that you can access the OAMIdentityAsserter provider:

1. Verify that you don’t have Oracle JRF as a deployment option in the Fusion Middleware Configuration Wizard. For more information, see Verifying That the WebLogic Domain Contains Oracle Java Required Files.
2. If you have determined that you don’t have Oracle JRF in the WebLogic domain, complete the tasks outlined in section Installing Oracle ADF and Manually Enabling the OAMIdentityAsserter Provider.

Verifying That the WebLogic Domain Contains Oracle Java Required Files

Before you install Oracle ADF and extending your WebLogic domain with Oracle JRF, ensure that you have not already extended your WebLogic domain to include Oracle JRF. To confirm that your domain is extended by Oracle JRF:

Note:

The following steps verify Oracle JRF deployments for one WebLogic domain. If you intend to enable SSO and SAML for both Primavera Gateway and the web-based Configuration Utility, then you must repeat these steps for the domain that you did not verify.

1. Navigate to the bin folder of your WebLogic server at <Middleware_Home>\Oracle_Home\wlserver\common\bin.
2. Run config.cmd (for Windows) config.sh (for Linux). This launches the Fusion Middleware Configuration Wizard.
3. On the Configuration Type screen, complete the following:
   1. Under What Do you want to do?, select Update an existing domain.
   2. Browse to the WebLogic domain that contains Primavera Gateway or web-based Configuration Utility servers.
   3. Click Next.
4. On the Templates screen, complete the following:
   1. In the Template Categories list, select All Templates.
   2. Ensure that Oracle JRF - <Version_Number> [oracle_common] is selected.

If Oracle JRF - <Version_Number> [oracle_common] is not on the All Templates list or if it is not selected by default, see Installing Oracle ADF and Manually Enabling the OAMIdentityAsserter Provider for instructions on how to add it to the Fusion Middleware Configuration Wizard.

Installing Oracle ADF and Manually Enabling the OAMIdentityAsserter Provider

Starting in WebLogic 12c, WebLogic and Oracle ADF are required to connect and use the Oracle Repository Creation Utility (RCU) when extending a domain with Oracle JRF because Oracle JRF natively uses a data source and database for parts of its provided functionality. However, the additional functionality provided by Oracle JRF is not required for the SSO and SAML implementation of Primavera Gateway and the web-based Configuration Utility. The following instructions provide the steps to install Oracle ADF and manually enable the OAMIdentityAsserter provider using a database or data source.

Note:

• For more information about extending a WebLogic domain to include Oracle JRF templates with a database connection, see Extending a Domain to Support Additional Components in the Administering Oracle Fusion Middleware guide.
• For more information about additional functionality provided by Oracle JRF templates, see Fusion Middleware Product Templates in the Oracle Fusion Middleware Domain Template Reference guide.

To install Oracle ADF and manually enable the OAMIdentityAsserter Provider:

1. Download and install Oracle ADF into your WebLogic deployment. For more information about downloading and installing Oracle ADF, refer to the Oracle Application Development Framework – Oracle ADF page at http://www.oracle.com/technetwork/developer-tools/adf/overview/index.html.
2. Complete the following to add the OAMIdentityAsserter provider to the Fusion Middleware Configuration Wizard:
   1. Navigate to the oracle.oamprovider_<version_number> folder at <Middleware_Home>/Oracle_Home/oracle_common/modules/ oracle.oamprovider_<version_number>.
   2. Copy the oamAuthnProvider.jar file.
   3. Navigate to the mbeantype folder at <Middleware_Home>/Oracle_Home/wlserver\server\lib\mbeantypes.
   4. Paste the oamAuthnProvider.jar file to the mbeantypes folder.
   5. Restart your WebLogic domain.