Project and Portfolio Management Practitioners Forum
cancel
Showing results for 
Search instead for 
Did you mean: 

HP PPM 9.13 - SSO and separating admin access

Highlighted
jdmumper
Occasional Advisor

HP PPM 9.13 - SSO and separating admin access

We would like to implement the SSO feature of HP PPM using an Apache front-end proxy that can provide the REMOTE_USER HTTP header. This works fine when HP PPM is configured as documented.  However, we do not want Administrators to have Administrative privileges associated with their regular network accounts, since they are also standard IT users as well.  Is there a way to configure a separate entry point where they could use the normal login screen to enter Administrator credentials and not invoke SSO?

 

Thanks!

2 REPLIES
rodrilima
Occasional Contributor

Re: HP PPM 9.13 - SSO and separating admin access

Good afternoon, I am preparing the tool to use the SSO. Where did you get this documentation?

 

Thanks

Neumator
Acclaimed Contributor

Re: HP PPM 9.13 - SSO and separating admin access

We were facing the same problem. Before SSO, we had so called "key users" that had special access grants to do admin work. These users worked with 2 user accounts: their standard account with basic rights and the key user account with admin rights.

To make this scenario work with HP PPM and SSO, we created our own SSO mechanism (own implementation of interface com.kintana.sc.security.auth.SingleSignOn). With our mechanism SSO works as with GenericSingleSignOn if no parameters are used on the URL. If our implementation detects the URL parameter SSO_ALTERNATIVE_USER, then it checks whether the SSO user is allowed to switch to an alternative user and if so the user is logged into PPM using the alternative user account.

Examples:

http://my-ppm-url.com   takes the SSO user 'user1' to the HP PPM account 'user1'
http://my-ppm-url.com?SSO_ALTERNATIVE_USER=admin takes the SSO user 'user1' to the HP PPM account 'admin'

We implemented the "allowing" function by using User user data fields.

Let me know if you are interested in the solution (works with HP PPM 9.32).

//Add this to "OnDomLoad" event