Project and Portfolio Management Practitioners Forum
cancel

Multiple authentication mode

Highlighted
Deepak Bhattad
Super Contributor.

Multiple authentication mode

Hi,

 

We have been using LDAP authentication mode all this while and now there is a need to use PPM authentication mode for a few users.

 

Hence I have changed the server.conf parameter to have ITG, LDAP for authentication mode.

 

However when the user tries to login using PPM mode by entering the URL as http://ip:8080 there is an error message thrown which says that the user does not have access to PPM.

 

I have checked for the user rights and he has all that is needed to login into the system. Infact he can loing via LDAP.

 

FYI : We have a webserver running on  a different IP from the app server IP. I m tried both the IP s but none seems to be working.

 

Are there any other changes anywhere that I need to make for PPM authentication to work?

 

Regards,

Deepak

9 REPLIES
Mohit_Agrawal
Outstanding Contributor.

Re: Multiple authentication mode

Hi Deepak,

 

Hope you have already run the kUpdatehtml.sh after updating the server.conf file. Can you please provide me the scren shot of the error message and user creation window. Because I think there is nothing else to be done..

 

Thanks!

Mohit Agrawal

d4y4n4
Honored Contributor.

Re: Multiple authentication mode


Hi Deepak,

Did you check the authentication mode from the workbench?
(Sys Admin tab-> Users -> Authentication Mode) you can also check this table: knta_users which have the column authentication_mode

Make sure you run the kUpdatehtml.sh after the server.conf was modified.

Regards,
Dayana Campos
bhanu2507
Contributor.

Re: Multiple authentication mode

Hi Deepak,

 

From what I understand, PPM will support LDAP and PPM authentication modes individually but not at the sametime. If you are trying to apply both the authenticaiton modes simultaneously then I believe it will not work.

 

http://h30499.www3.hp.com/t5/Project-and-Portfolio-Management/PPM-8-01-Single-Sign-On/m-p/5243920#M12672

 

Regards

Bhanu

d4y4n4
Honored Contributor.

Re: Multiple authentication mode

HI Deepak,

Just a clarification of the Bhanu's comment, you can have both authentications modes activated by updating the parameter to have ITG, LDAP. What is not possible is to have both authentications modes for one user at the same time. you need to go to the Sys Admin tab-> Users -> Authentication Mode and set it (you can only select one mode per user)

But still you can have some users authenticating trough LDAP, and other users authenticating trough ITG

Regards,
Dayana Campos
Erik Cole
Acclaimed Contributor.

Re: Multiple authentication mode

By any chance are you also using single-sign-on? If you are, and are normally accessing ppm using another url like ppm.mycompany.com and are now trying to go direct to myserver:8080 then it won't work...PPM will throw you that same message.

Deepak Bhattad
Super Contributor.

Re: Multiple authentication mode

Hi,

 

Thanks Bhanu for that thread link giving more details on the authentication mode.

 

I m not trying to simultaneously give ITG and LDAP authenticaiton to the same user. These will obviously be two different users and its good to know that this is possible.

 

Erik - Just to reconfirm my thoughts on SSO - A person logs in to the domain and he clicks a URL and is straight into PPM. This URL that we have is http://servername/itg/dashboard/app/portal/PageView.jsp. As you mentioned I tried to create another user with PPM authentication and then tried to use the URL http://servername:8080 and it gives me an error.

 

Now my question is:

 

1. Is it possible to have two different users use two differnt modes of authentication and login to PPM. User A with LDAP and User B with PPM.

2. If yes then what is the URL that User B should use to login to PPM?

3. To enable dual authentication mode what are all the requirements to be fulfilled from an administration perspective.

 

Thank you all for your responses and appreciate your help.

 

Regards,

Kerim KILIC
Honored Contributor.

Re: Multiple authentication mode

urls are same, you are using wrong url for ppm authentication. it should be same as http://servername

Erik Cole
Acclaimed Contributor.

Re: Multiple authentication mode

Deepak,

Yes it possible to have two different users use two differnt modes of authentication and login to PPM, but you cannot do this while also enabling SSO.

If you're NOT using SSO, that means the URL for PPM takes you to PPM's login page. The user enters their username & password and PPM authenticates it according to whatever order is set in server.conf, for example PPM,LDAP means it will always look for a password set in the workbench first, and failing that will try to auth against whatever LDAP server you have configured.

Note that this is completely different from SSO. SSO means that you have some external system validating the users and forwarding the traffing to PPM. The users never see the PPM login page. You use a URL like ppm.mycompany.com and if you try to connect direct to the PPM server with the servername:8080 it will always reject this.

Deepak Bhattad
Super Contributor.

Re: Multiple authentication mode

Hi,

 

 

It been long time that this issue was raised. 

 

Erik - Thanks for you last comments on the SSO thing. From your comments you can classify our way of authentication is SSO. hence the user straight logsin without any login page.

 

In such a scenario is there a way of implementing ITG mode of authentication for certain users in such a scearnio.

 

We are on 9.1406 PPM version.

 

Thanks in advance.