Integrate MashZone in a SSO scenario

You can integrate PPM and MashZone NextGen Business Analytics installed on different servers in a single sign-on scenario.

For SAML assertions created by Business Analytics to be trusted by the central user management of PPM, the relevant keystores and truststores need to be configured.

PPM and Business Analytics provide the same stores containing the required certificates. The relevant truststore and keystore files are located in the following directories.

If required, you can also use your own keystore in PPM and Business Analytics.

Procedure

  1. Configure Business Analytics for SAML.
    1. Open the presto.config file in a text editor.

      The file is located in <Business Analytics installation>\apache-tomee-jaxrs\webapps\mashzone\WEB-INF\classes

    2. Set the following parameters.

      saml.truststore.file = <installation directory>/common/conf/platform_truststore.jks

      saml.truststore.passwd = manage

      saml.keystore.file = <installation directory>/common/conf/keystore.jks

      saml.keystore.passwd = manage

      saml.keystore.alias = ssos

    3. Save your changes.
  2. Configure the central user management for SAML. For detailed information on how to use the central user management, please see the user management online help.
    1. Open the Configuration page in the user management.
    2. On the General page.
      1. Select SAML in the drop-down menu.
      2. Activate the Use SAML option.
      3. Clear the Identity provider ID.
    3. On the Signature page.
      1. Activate the Sign assertions, Sign requests, and Sign responses options.
      2. Select RSAwithSHA512 in the Signature algorithm drop-down menu.
    4. On Keystore page.
      1. Select the keystore required.
      2. Enter ssos in the Alias input box.
      3. Enter manage in the Password input box.
      4. Select JKS in the Type drop-down menu.
    5. On the Truststore page.
      1. Select the truststore required.
      2. Enter ssos in the Alias input box.
      3. Enter manage in the Password input box.
      4. Select JKS in the Type drop-down menu.
    6. On the Advanced settings page.
      1. Enter uid in the Keyword input box.
      2. Enter 99 in the Clock skew input box.
      3. Enter 99 in the Assertion lifetime input box.
      4. Enter default in the Default tenant input box.
    7. Set the PPM user on the User management page.
      1. Enter a user name (for example, ppmuser) in the User name input box.
      2. Enter a name in the First name (for example, ppm) and Last name (for example, user) input box.
    8. Set the PPM user in Business Analytics.
      1. Open the Business Analytics administration.
      2. Click Users & Groups -> Users.
      3. Add a user with the same user name (for example, ppmuser) as you set in the central user management. For detailed information on how to use Business Analytics, please see the Business Analytics online help.

A PPM user is created in the central user management of PPM and Business Analytics. PPM and Business Analytics are integrated to be used in a single sign-on scenario.