Configuring Gateway for Single Sign On
Contents
1. lt OHTTP hostname configured to OAM gt lt port of OHTTP gt pdi 13 For More Information In This Section Where to Get Documentation uuus4444nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnann 15 Where to Get Training u een ren 18 Where to Get Support A 19 Documentation ACCESSION ains 20 Where to Get Documentation Complete documentation libraries for Primavera Gateway releases are available on the Oracle Technology Network OTN at http www oracle com technetwork documentation default 1923957 html From this location you can either view libraries online or download them to have local copies We recommend viewing them from OTN to ensure you always access the latest versions including critical corrections and enhancements Primavera Gateway is configured to access its help system on OTN However you can also install a local version when you install the software The documentation assumes a standard setup of the product with full access rights to all features and functions The following table describes the core documents available for Primavera Gateway and lists the recommended readers by role Title Description Gateway Help Describes how to work with Primavera Gateway and provides information to help users accomplish tasks All users should read the Help Gateway Developer s Provides information on how third party systems such as Guide enterprise resource management ERP and enterp2. Weblogic WL1212 Oracle_ OAMWebGate1 webgate ohs tools EditHttpConf gt EditHttpC onf exe w C Weblogic WL1212 Oracle_WT1 instances instance1 config OHS ohs1 5 Configure the OHS proxy plug in as follows a On Oracle HTTP Server navigate to OHSDomain config fmwconfig components OHS instances lt ohs_folder_name gt b Edit the mod_wl_ohs conf file and add Primavera Gateway details as follows Configuration For Primavera Gateway lt Location pdi gt WebLogicHost lt gateway server hostname gt WebLogicPort lt gateway port number gt SetHandler weblogic handler lt Location gt Save and close the file Restart OHS instance In the WebLogic Plugin Enabled drop down select Yes Select Save Select Activate Changes in the change center Access any of the following Primavera Gateway URL http OHTTP_hostname port_of_OHTTP pdi 6 Install Oracle Access Manager See Oracle Access Manager documentation for details Registering Oracle Access Manager with Webgate Register a Webgate with OAM and configure Global Logout URLs for Primavera Gateway as follows sa o a0 1 Log in to the Oracle Access Manager Administration Console 2 On the Welcome to Oracle Access Management page under SSO Agents select New OAM 11g Webgate 3 On the Create OAM 11g WebGate page a Inthe Name field enter the host name For example sIcO9tyu us oracle com The host identifier will pre populate with the Name field b Retain the default
3. Weblogic WL1212G Oracle_OAMWebGate1 webgate ohs lib d From your present working directory move up one directory level On UNIX move to lt Webgate_Home gt webgate ohs tools setup InstallTools On Windows move to lt Webgate_Home gt webgate ohs tools EditHttpConf For example C Weblogic WL1212 Oracle_ OAMWebGate1 webgate ohs tools EditHttpConf gt e On the command line run the following command to copy the apache_webgate template from the Webgate_Home directory to the Webgate Instance location renamed to webgate conf and update the httpd conf file to add one line to include the name of webgate conf On UNIX EditHttpConf w lt Webgate_Instance_Directory gt oh lt Webgate_Oracle_Home gt o lt output_file gt On Windows EditHttpConf exe w lt Webgate_Instance_Directory gt oh lt Webgate_Oracle_Home gt o lt output_file gt Where lt Webgate_Oracle_Home gt is the directory where you have installed Oracle HTTP Server Webgate for Oracle Access Manager and created as the Oracle Home for Webgate For example lt MW_HOME gt Oracle_OAMWebGate1 lt Webgate_Instance_Directory gt is the location of Webgate Instance Home which is same as the Instance Home of Oracle HTTP Server For example lt MW_HOME gt Oracle_WT1 instances instance1 config OHS ohs1 lt output_file gt is the name of the temporary output file used by the tool such as Edithttpconf log Configuring OAM for Single Sign On For example C
4. expertise straight to the desktop using Oracle Web Conferencing technology This capability brings you and Oracle experts together to access information about support services products technologies best practices and more For more information about working with Support visit https support oracle com epmos faces DocumentDisplay id 888813 2 19 Configuring Gateway for Single Sign On Documentation Accessibility For information about Oracle s commitment to accessibility visit the Oracle Accessibility Program website at http www oracle com pls topic lookup ctx acc amp id docacc 20 Legal Notices Oracle Primavera Configuring Gateway for Single Sign On Copyright 2013 2014 Oracle and or its affiliates All rights reserved Oracle and Java are registered trademarks of Oracle and or its affiliates Other names may be trademarks of their respective owners This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws Except as expressly permitted in your license agreement or allowed by law you may not use copy reproduce translate broadcast modify license transmit distribute exhibit perform publish or display any part in any form or by any means Reverse engineering disassembly or decompilation of this software unless required by law for interoperability is prohibited The information contained here
5. the Logout URL une 12 Configuring Gateway in WebTier u nenseniseeene nina 13 Installation Prerequisites To configure Gateway for SSO gt Install and configure OAM for SSO For more information see the section Configuring OAM for Single Sign On on page 7 gt In OAM LDAP store create three user groups gt PrimaveraGatewayAdmin PrimaveraGatewayDeveloper and gt PrimaveraGatewayUser gt Create LDAP users for these groups Create SSO Authentication Providers Create SSO authentication providers as follows 1 Log in to the WebLogic Administration Console for Primavera Gateway as an administrative user 2 On the Change Center pane select Lock amp Edit 3 Select Security Realms myrealm and Providers 4 Select New to enter information for a new authenticator provider a Inthe Name field enter a name for the authenticator provider For example OAMldentityAsserter b Inthe Type field select OAMIdentityAsserter c Edit the newly created Authenticator and set the Control Flag to Required d Move the following Active Types to the Chosen column OAM_REMOTE_USER OAM_IDENTITY_ASSERTION ObSSOCookie Configuring Gateway for Single Sign On e Select Save 5 Select New to enter information for a new authenticator provider a Inthe Name field enter a name for the provider For example PrimaveraAuthenticator b Inthe Type field select OraclelnternetDirectoryAuthenticator c Inthe Common tab
6. ORACLE PRIMAVERA Configuring Gateway for Single Sign On Release 14 2 September 2014 Contents OVAVISW nr ee 5 Prerequisites sa AAA AAA AAN AAA ARA RA 5 Configuring OAM for Single Sign ON ccccccccccccccccccccccccccccccccecesesecccecesesesess 7 PROPS UI ES AAA U AR RARA 7 Registering Oracle Access Manager with Webgate cceeeeescceeceeeeeesseeeeeeeeees 9 Configuring Oracle Access Manager for Primavera Gateway ooooooccccccccocccncccnanos 10 Configuring Primavera Gateway for Single Sign On ccccccsscsccccccccessccccccceeees 11 Installation Prerequisites neuen nen 11 Create SSO Authentication Providers cccccccsscsccccccccesssccccceeeessseseccsenes 11 Create Custom Roles for Gateway DeployMent cscccsscscccscccrccscscceseesceesens 12 Configuring the Logout URL aan IE nk 12 Configuring Gateway in WeDTIer sccescccscscccccscsevessccccssscacecscsenesecasessees 13 FOr M re Information ne nee 15 Where to Get Documentation sussssenenonssonnnnnennnsnonnnnnennnnnnnnnnnnnnnunnnenne 15 Where to Get Training oem ee ee en 18 Where to Get SUPDONC use ne erneuerbaren 19 Documentation Accessibility nen 20 L gal Notices ana een ee 21 Overview This guide describes how to setup and enable single sign on SSO in Primavera Gateway In This Section Prerequisites Prerequisites To setup and configure Single Sign On for Primavera Gateway you will need to first
7. administrator for the third party or ERP system should read this guide Gateway Installation and Configuration Guide Provides information on how to install and configure Primavera Gateway Primavera Gateway is a product that facilitates integrations with Primavera products and third party systems such as enterprise resource management ERP and enterprise asset management EAM systems The Primavera Gateway network administrator database administrator and the administrator for the third party or ERP system should read this guide Gateway Upgrade Guide Provides a sequence of procedures that must be completed to upgrade to a new version of Primavera Gateway The Primavera Gateway network administrator database administrator and the administrator for the third party or ERP system should read this guide 16 For More Information Title Gateway Performance and Sizing Guide Description Provides hardware and software requirements for deploying Primavera Gateway The Primavera Gateway network administrator database administrator and the administrator for the third party or ERP system should read this guide Gateway Security Guide Provides guidelines on establishing a highly secure environment for all Primavera Gateway environments The Primavera Gateway network administrator database administrator and the administrator for the third party or ERP system should read this guide Gateway API Prog
8. configure Oracle Access Manager for SSO before configuring Gateway for SSO Configuring OAM for Single Sign On Oracle Access Manager OAM allows you to use single sign on with Primavera Gateway In This Section Prergglisiies essa ii 7 Registering Oracle Access Manager with Webgate ooooooooccccnnnccicncconococononononananananonos 9 Configuring Oracle Access Manager for Primavera Gateway oocccccnccoccccccnncccnnannns 10 Prerequisites You must do the following before configuring OAM with Primavera Gateway 1 Install Oracle WebLogic 12 1 2 and Fusion Middleware fmw infrastructure 2 Install Primavera Gateway See the Installation and Configuration Guide for Primavera Gateway 3 Install and configure Oracle HTTP Server OHS Webgate for Oracle Access Manager See the OHS documentation for more information 4 After installing Oracle HTTP Server 11g Webgate for Oracle Access Manager complete the following steps a Change to the following directory under the Oracle Home for Webgate On UNIX lt Webgate_Home gt webgate ohs tools deployWebGate On Windows lt Webgate_Home gt webgate ohs tools deployWebGate b Onthe command line copy the required bits of agent from the Webgate_Home directory to the Webgate Instance location as follows On UNIX deployWebgatelnstance sh w lt Webgate_Instance_Directory gt oh lt Webgate_Oracle_Home gt On Windows deployWebgatelnstance bat w lt Webgate_Instance_Directory gt oh l
9. er P6 data in Primavera Gateway The Primavera Gateway network administrator database administrator and the administrator should read this guide 17 Configuring Gateway for Single Sign On Title Suite and P6 EPPM Connecting E Business Description Provides instructions on how to setup the integration environment between Oracle E Business Suite and P6 Enterprise Project Portfolio Management in Primavera Gateway The Primavera Gateway network administrator database administrator and the administrator for the third party system should read this guide Connecting Value Chain Planning and P6 EPPM Provides instructions on how to setup the integration environment between Oracle Value Chain Planning and P6 Enterprise Project Portfolio Management in Primavera Gateway The Primavera Gateway network administrator database administrator and the administrator for the third party system should read this guide Configuring Gateway for Single Sign On Provides instructions on how to configure Oracle Access Manager OAM and then enable Single Sign On for Primavera Gateway The Primavera Gateway network administrator database administrator should read this guide Gateway Licensing Information User Manual Lists licensing information of all third party software that is used or associated with the Oracle software program Tested Configurations Lists the configurations that have been tested and verif
10. for all other values c Select Apply 4 On the Webgate registration details page enter the following under Logout URL pdi a logout 5 Select Apply to save the configuration 6 Copy ObAccessClient xml and cwallet sso to the MW_HOME Oracle_WT1 instances lt instancename gt config OHS lt OHShome gt webgate config folder on the Webgate machine Both files are provided by the OAM administrator Also refer to OAM documentation for more details Configuring Gateway for Single Sign On Configuring Oracle Access Manager for Primavera Gateway To configure Oracle Access Manager with you need to do the following 1 Configure a data source in Access Manager to connect to the LDAP Server used with Primavera Gateway Create an Authentication Module to map to the LDAP data source Configure a Host Identifier to map to the Webgate host identifier Configure an Authentication Scheme to map to the authentication module Configure an application domain to protect the following resources pdi pdi pdi For more details on each task listed above see the Oracle Access Management documentation oF W PY 10 Configuring Primavera Gateway for Single Sign On In This Section Installation Prerequisites a nenne 11 Create SSO Authentication ProviderS oooonnnnocccccnnncccnnnnanonnncnnncnnnnnnnnrnncnnnnnnnnnnnnns 11 Create Custom Roles for Gateway Deployment ccccccccnnnccnccccccncccnonnnnannnccnoncncnannnns 12 Configuring
11. ied to work with Primavera Gateway The Primavera Gateway network administrator database administrator and the administrator for the third party or ERP system should read this guide Distributing Information to the Team You can copy the online documentation to a network drive for access by project participants Each team member can then view or print those portions that specifically relate to his or her role in the organization Throughout this documentation the Security Guidance icon a helps you to quickly identify security related content to consider during the installation and configuration process Where to Get Training To access comprehensive training for all Primavera products go to http education oracle com 18 For More Information Oracle Learning Library The Oracle Learning Library OLL provides online learning content covering Primavera products Content includes videos tutorials articles demos step by step instructions to accomplish specific tasks and self paced interactive learning modules To access the learning library s Primavera content go to http www oracle com goto oll Where to Get Support If you have a question about using Oracle products that you or your network administrator cannot resolve with information in the documentation or help click http support oracle com This page provides the latest information on contacting Oracle Global Customer Support knowledge articles a
12. in is subject to change without notice and is not warranted to be error free If you find any errors please report them to us in writing If this is software or related documentation that is delivered to the U S Government or anyone licensing it on behalf of the U S Government the following notice is applicable U S GOVERNMENT END USERS Oracle programs including any operating system integrated software any programs installed on the hardware and or documentation delivered to U S Government end users are commercial computer software pursuant to the applicable Federal Acquisition Regulation and agency specific supplemental regulations As such use duplication disclosure modification and adaptation of the programs including any operating system integrated software any programs installed on the hardware and or documentation shall be subject to license terms and license restrictions applicable to the programs No other rights are granted to the U S Government This software or hardware is developed for general use in a variety of information management applications It is not developed or intended for use in any inherently dangerous applications including applications that may create arisk of personal injury If you use this software or hardware in dangerous applications then you shall be responsible to take all appropriate failsafe backup redundancy and other measures to ensure its safe use Oracle Corporation and its affiliate
13. nd the support renewals process For more information about working with Support visit https support oracle com epmos faces DocumentDisplay id 888813 2 to view Support Tools amp Tips Access to Oracle Support Oracle customers have access to electronic support through My Oracle Support For information visit http www oracle com us support contact 068555 html or visit http www oracle com us corporate accessibility support index html if you are hearing impaired Using Primavera s Support Resource Centers Primavera s Support Resource Center provides links to important support and product information Primavera s Product Information Centers PICs organize documents found on My Oracle Support MOS providing quick access to product and version specific information such as important knowledge documents Release Value Propositions and Oracle University training PICs also offer documentation on Lifetime Management from planning to installs upgrades and maintenance Visit https support oracle com epmos faces DocumentDisplay id 1486951 1 to access links to all of the current PICs PICs also provide access to gt Communities are moderated by Oracle providing a place for collaboration among industry peers to share best practices gt News from our development and strategy groups Education contains a list of available Primavera product trainings through Oracle University The Oracle Advisor Webcast program brings interactive
14. rammer s Guide Provides instructions on how to access and use Primavera Gateway REST APIs The Primavera Gateway network administrator database administrator and Primavera Gateway users having the Gateway Developer role should read this guide Connecting with Instantis Enterprise Track Provides instructions on how to setup the integration environment for Oracle Instantis EnterpriseTrack in Primavera Gateway The Primavera Gateway network administrator database administrator and the administrator for the third party system should read this guide Connecting Prime and P6 EPPM Provides instructions on how to setup the integration environment between Oracle Primavera Prime and P6 Enterprise Project Portfolio Management in Primavera Gateway The Primavera Gateway network administrator database administrator and the administrator for the third party system should read this guide Connecting Unifier and P6 Enterprise Project Portfolio Management Provides instructions on how to setup the integration environment between Oracle Primavera Unifier and P6 Enterprise Project Portfolio Management in Primavera Gateway The Primavera Gateway network administrator database administrator and the administrator for the third party system should read this guide Migrating P6 Master Data Between Distinct Environments Provides instructions on how to setup the integration environment between distinct P6 deployments to transf
15. rise asset management EAM systems can create their own providers in order to integrate with Primavera products Developers of third party providers that integrate with Primavera products via Primavera Gateway should read this book 15 Configuring Gateway for Single Sign On Title Description Gateway Customization Provides information on how to customize an existing Guide third party integration Developers interested in customizing existing third party providers that integrate with Primavera products via Primavera Gateway should read this book Gateway Provider Provides a list of the business objects available for each Reference Guide supported provider Developers of third party providers that integrate with Primavera products via Primavera Gateway should read this book EBS Provider Reference Guide Provides a list of the business objects available for the EBS provider Developers of third party providers that integrate with Primavera products via Primavera Gateway should read this book VCP Provider Reference Guide Provides a list of the business objects available for the VCP provider Developers of third party providers that integrate with Primavera products via Primavera Gateway should read this book Manual Deployment Guide Provides information on how to manually install and configure Primavera Gateway The Primavera Gateway network administrator database administrator and the
16. s disclaim any liability for any damages caused by use of this software or hardware in dangerous applications This software or hardware and documentation may provide access to or information on content products and services from third parties Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third party content products and services Oracle Corporation and its affiliates will not be responsible for any loss costs or damages incurred due to your access to or use of third party content products or services 21
17. select the newly created provider and set the Control Flag to SUFFICIENT and select Save d Inthe Provider Specific tab enter the LDAP information from OAM LDAP store Ensure you enter information in the following sections Connection Users Groups Static Groups Dynamic Groups optional and General e Select Save 6 Inthe Domain Structure pane select Security Realms myrealm and Providers 7 Edit all other Authenticators and change the Control Flag to SUFFICIENT 8 Inthe Providers screen select the Reorder Authentication Providers button and reorder the providers in the following sequence a OAMIdentityAsserter b PrimaveraAuthenticator c DefaultAuthenticator d DefaultidentityAsserter 9 Select OK to save your changes 10 In the Change Center pane select Activate Changes 11 Log out of the WebLogic Administration Console Create Custom Roles for Gateway Deployment Create the three custom roles for Gateway PrimaveraGatewayAdmin PrimaveraGatewayDeveloper and PrimaveraGatewayUser with Group conditions set as follows 1 Log in to the WebLogic Administration console and select Gateway deployment pdi 2 On the Settings for pdi page screen select the Security tab 3 On the Roles tab select New to create new custom roles as follows a Inthe Name field enter a name for custom role that will match the group name for targeted users b Select OK c Select the new role Add Condition and choose Group as
18. t Webgate_Oracle_Home gt Where lt Webgate_Oracle_Home gt is the directory where you have installed Oracle HTTP Server Webgate and created as the Oracle Home for Webgate For example lt MW_HOME gt Oracle OAMWebGatel lt Webgate_Instance_Directory gt is the location of Webgate Instance Home which is same as the Instance Home of Oracle HTTP Server For example lt MW_HOME gt Oracle_WT1 instances instance1 config OHS ohs1 Configuring Gateway for Single Sign On Note An instance home for Oracle HTTP Server is created after you configure Oracle HTTP Server This configuration is performed after installing Oracle HTTP Server 11 1 1 2 0 or patching to Oracle HTTP Server 11 1 1 3 0 Example C Weblogic WL121 Oracle_ OAMWebGate1 webgate ohs tools deployWebGate gt deploy Webgatelnstance bat w C Weblogic WL1212 Oracle_WT1 instances instance3 config OHS ohs1 oh C Weblogic WL1212 Oracle_ OAMWebGate1 c Run the following command to ensure that the LD_LIBRARY_PATH variable contains lt Oracle Home for Oracle HTTP_Servers gt lib On UNIX depending on the shell export LD LIBRARY_PATH LD_LIBRARY_PATH lt Oracle_Home for_Oracle HTTP_Serve r gt lib On Windows Set the lt Webgate_Installation_Directory gt webgate ohs lib location and the lt Oracle_Home_for_Oracle_HTTP_Server gt bin location in the PATH environment variable Add a semicolon followed by this path at the end of the entry for the PATH environment variable Example C
19. the condition to specify the group name d Select Save Configuring the Logout URL To configure the Logout URL 1 Log in to Weblogic Enterprise Manager http lt GatewayServer_hostname gt lt weblogic port gt em 2 3 4 gt Configuring Primavera Gateway for Single Sign On Select Weblogic Domain Security and Security Provider Configuration Select Configure for the Single Sign On Provider option In the Logout URL field enter the Oracle Access Manager OAM global logout url http lt OAM server hostname 14100 oam server logout gt Select OK and restart the WebLogic admin server Configuring Gateway in WebTier To configure Gateway in WebTier 1 2 Navigate to lt WL_Middleware gt Oracle_WT1 instances instance1 config OHS lt OHS home folder gt Edit the mod_wl_ohs conf file and add Gateway application details as follows lt Location pdi gt WebLogicHost lt Gateway server hostname gt WebLogicPort lt Gateway port number gt SetHandler weblogic handler lt Location gt For example lt Location pdi gt WebLogicHost 10 176 111 209 The IP address or a fully qualified machine name WebLogicPort 8201 SetHandler weblogic handler lt Location gt Save the file Restart the OHTTP webserver instance as follows a Go to lt WL_Middleware gt Oracle_WT1 instances instance1 bin folder b Runopmnctl bat startall stopall status Restart Gateway and access Gateway url as http
Download Pdf Manuals
Related Search