Integrate MashZone NextGen in a SSO scenario

You can integrate PPM and MashZone NextGen installed on different servers in a single sign-on scenario.

For SAML assertions created by MashZone NextGen to be trusted by the central User Management of PPM, the relevant keystores and truststores need to be configured.

PPM and MashZone NextGen provide the same stores containing the required certificates. The relevant truststore and keystore files are located in the following directories.

If required, you can also use your own keystore in PPM and MashZone NextGen.

Procedure

  1. Configure MashZone NextGen for SAML.
    1. Open the presto.config file in a text editor.

      The file is located in <MashZone NextGen installation>\apache-tomee-jaxrs\webapps\mashzone\WEB-INF\classes

    2. Set the following parameters.

      saml.truststore.file = <installation directory>/common/conf/platform_truststore.jks

      saml.truststore.passwd = manage

      saml.keystore.file = <installation directory>/common/conf/keystore.jks

      saml.keystore.passwd = manage

      saml.keystore.alias = ssos

    3. Save your changes.
  2. Configure the central User Management for SAML. For detailed information on how to use the central User Management, please see the User Management online help.
    1. Open the Configuration page in the User Management.
    2. On the General page.
      1. Select SAML in the drop-down menu.
      2. Activate the Use SAML option.
      3. Clear the Identity provider ID.
    3. On the Signature page.
      1. Activate the Sign assertions, Sign requests, and Sign responses options.
      2. Select RSAwithSHA512 in the Signature algorithm drop-down menu.
    4. On Keystore page.
      1. Select the keystore required.
      2. Enter ssos in the Alias input box.
      3. Enter manage in the Password input box.
      4. Select JKS in the Type drop-down menu.
    5. On the Truststore page.
      1. Select the truststore required.
      2. Enter ssos in the Alias input box.
      3. Enter manage in the Password input box.
      4. Select JKS in the Type drop-down menu.
    6. On the Advanced settings page.
      1. Enter uid in the Keyword input box.
      2. Enter 99 in the Clock skew input box.
      3. Enter 99 in the Assertion lifetime input box.
      4. Enter default in the Default tenant input box.
    7. Set the PPM user on the User management page.
      1. Enter a user name (for example, ppmuser) in the User name input box.
      2. Enter a name in the First name (for example, ppm) and Last name (for example, user) input box.
    8. Set the PPM user in MashZone NextGen.
      1. Open the MashZone NextGen administration.
      2. Click Users & Groups -> Users.
      3. Add a user with the same user name (for example, ppmuser) as you set in the central User Management. For detailed information on how to use MashZone NextGen, please see the MashZone NextGen online help.

A PPM user is created in the central User Management of PPM and MashZone NextGen. PPM and MashZone NextGen are integrated to be used in a single sign-on scenario.