How can we integrate PPM version 9.62 with SAML2.0

Hi All,

Can anyone help me to integrate PPM version 9.62 with SAML2.0. My PPM application is on Linux box and want to implement SSO authentication with PPM. Client is using Ping Identity so need to integrate with that.

Please let me know from where i can get BaseURL, ACS URL and entity id to generate metadata of SAML.

Regards
AVIRAL

Parents Reply
  • -Select OAUTH or OIDC

    OIDC is prefered

    -List of redirect urls

    you can find it in the document.

    https://admhelp.microfocus.com/ppm/en/9.63-9.64/Help/Content/SA/InstallAdmin/Implement-OIDC-with-PPM.htm

    Callback URI: <PPM_BASE_URL>/itg/web/sso/oidc_callback.jsp

    Post Logout URI: <PPM_BASE_URL>/itg/web/sso/loggedout.jsp

    -List of scopes (openid or profile)

    response_type=code&scope=openid

    -List of user attributes

    The user attributes which have the value of username in PPM.

    if you can find an attribute that corresponds the username in PPM, just set it in oidc_sso.conf

    set user_id_claim to that attribute name

    But if you cannot find one, it does not matter.

    You can configure PPM to login with user id.

           1. Find a unique attribute of user

           2. Updated the server.conf parameter LOGON_METHOD=LOGON_ID

           3. Updated the knta_users.logon_identifier with the attribute value

          4, in oidc_sso.conf, set user_id_claim to that attribute name

     

Children
  • HI,

    To implement OIDC SSO in PPM, do i need to install any software on PPM application server? 

    In OIDC_SSO.conf file we have below parameters so from where i can get details to mention in .conf file.

    #File Path of OP Metadata File
    #NOTE: Use forward slashes ('/') as directory delimiters.
    discovery_file=integration/sso/openid-configuration.json

    #URI of OP Metadata File
    #discovery_uri=localhost:8080/.../s3.jsp

    #Client Id (oAuth Client Key) for PPM Server (Required)
    client_id=AFdKzw0TPaAZiE02wvreS3EMOfAa

    #Client Secret (oAuth Client Secret) for PPM Server (Required)
    client_secret=#!#7>h*}|_(ry(Or@J7keMe8v43gc`3OzN:c0GFb_}AuTZ3$JVK@GJO-hQDaI&hdBKEMNw_ $cPF6}K9)k9wH>CxhJ@/m.y<n,at1k-`zp0q/H_Gk<98Rw*9Zq|||<AJXyIMZP{ x-<I1ki1tBZ_KAoct0I9nG$IB}2qsEu{oV@NAOr=6*tx~b4=$(QDl5YN#!#


    #Proxy for accessing JWK store, Discovery URI,Authorization Endpoint Token Endpoint (Optional)
    #proxy=localhost:8888

    #Disable SSL check if OP is using self-signed certification for SSL
    #Warning: only disable SSL check in DEV or QA envionment
    #disable_ssl=true

    Regards

    Avi

  • HI All,

    Can anyone help to know from where i can get below details which needs to configure in oidc_sso.conf file.

    #File Path of OP Metadata File
    #NOTE: Use forward slashes ('/') as directory delimiters.
    discovery_file=integration/sso/openid-configuration.json

    #URI of OP Metadata File
    #discovery_uri=localhost:8080/.../s3.jsp

     Can you please help as i am working to configure OIDC in PPM to implement SSO. Do i need to install any software on PPM application server?

    Regards

    Aviral

  • 1, no need to install software in PPM

    2, Basically you only need

    1) discovery_uri

    2) client_id

    3) client secret

    You can get them from your OP(IDP) administrator.

     

  • I have sent you private message.