Configuring an Authentication Scheme

Previous TopicNext TopicContents

Once you have a data source that stores a connection to your LDAP server, you have to create an authentication scheme for your P6 EPPM applications. An authentication scheme is a named component that defines the challenge mechanism that is required to authenticate a user. For example, the authentication scheme determines if you will use a form based authentication, basic authentication, Windows Native Authentication, and so on.

To create a new authentication scheme, follow the instructions in section 16.9, Managing Authentication Schemes, of the Fusion Middleware Administrator's Guide for Oracle Access Management, which can be found at the following URL:

http://docs.oracle.com/cd/E27559_01/admin.1112/e27239/toc.htm

If you already have an authentication scheme, you can use it as a template to provide Form Based Authentication for your P6 EPPM applications.

To duplicate an authentication scheme:

  1. Login to the Oracle Access Manager Administration Console.
  2. Navigate to the Policy Configuration tab.
  3. Expand Authentication Schemes.
  4. Click LDAP Scheme.
  5. Click duplicate icon for Authentication Scheme Duplicate.
  6. In the Authentication Schemes dialog box, do the following:

    Note: Since you are duplicating an existing authentication scheme and are using it as a template for your P6 EPPM applications, many of the fields in the Authentication Scheme dialog box will be prepopulated. You do not need to alter the following fields:

    1. In the Name field, enter a name for your Authentication Scheme.
    2. In the Authentication Module field, select the authentication module that you created for your LDAP data source.
    3. Click Apply to create the new authentication scheme.

      Note: By default, the ssoCookie:httponly challenge parameter is enabled in an authentication scheme . This parameter helps to prevent JavaScript running in the browser from accessing the ObSSOCookie; however due to current design of P6 EPPM, it is necessary to read ObSSOCookie in order to give applets and iFrames the ability to read from an existing authenticated session. If this challenge parameter is turned on it will result in the following two issues when using P6 EPPM over SSO:

      • Error: "java.lang.ClassFormatError: Incompatible magic value 1008813135 in class file Applet" or "Prompt For Re-authentication When Loading Any Applet When Configured For Oracle Access Manager (OAM)". For more information about these prompts, go to My Oracle Support and see Doc ID = 1242418.1.
      • Applets In P6 Are Generate A "Java Authentication Required' Prompt After Reaching The Oracle Access Manager Session Lifetime Threshold". For more information about this prompt, go to My Oracle Support and see Doc ID = 1596987.1.

        To prevent these prompts from occurring, the following challenge parameters should be added to the authentication scheme created:

      • ssoCookie=disablehttponly
      • miscCookies=disablehttponly

        For more information about the cookies used during Single Sign-On, see section 15.6, Understanding SSO Cookies, of the Fusion Middleware Administrator's Guide for Oracle Access Management, which can be found at the following URL:

        http://docs.oracle.com/cd/E27559_01/admin.1112/e27239/toc.htm

Related Topics

Configuring Oracle Access Manager and the Oracle HTTP Server WebGate for Single Sign-On Redirection

Configuring a Data Source in Oracle Access Manager to Connect to an LDAP Server

Creating an Authentication Module

Configuring a Host Identifier

Protecting Your Resources

Configuring Protected Resources under an Application Domain

Mapping Your Authentication Scheme to Your Authentication Policy

Testing Your Single Sign-On Integration with Oracle Access Manager



Legal Notices
Copyright © 1999, 2016, Oracle and/or its affiliates. All rights reserved.

Last Published Thursday, February 04, 2016

PDF Library