My Oracle Support Banner

Enabling Federated Identity Single Sign-On (SSO) Through SAML 2.0 For Primavera Products Hosted In Oracle Global Business Units Cloud Service (GBUCS) (Doc ID 2087067.1)

Last updated on SEPTEMBER 16, 2020

Applies to:

Primavera P6 Enterprise Project Portfolio Management - Version and later
Primavera Analytics Cloud Service - Version and later
Primavera P6 Enterprise Project Portfolio Management Cloud Service - Version and later
Primavera Unifier Cloud Service - Version and later
Information in this document applies to any platform.


Primavera Unifier, P6 EPPM and Primavera Analytics Cloud Services support Federated Identity Single Sign-On (SSO) through Security Assertion Markup Language (SAML).

If the URL you are using is in this format  https://<CUSTOMER>
- Continue with this document.

If the URL you are using is in this format then refer to the following KM document.
- Enabling Federated Identity Single Sign-On (SSO) Through SAML 2.0 For Primavera Products Hosted In Oracle Cloud Infrastructure (OCI) (Doc ID 2497983.1)

Overview of Federated Authentication Services

A federated identity in information technology is the means of linking a person's electronic identity and attributes, stored across multiple distinct identity management systems.  Related to federated identity is single sign-on (SSO), in which a user's single authentication ticket, or token, is trusted across multiple IT systems or even organizations. SSO is a subset of federated identity management, as it relates only to authentication and is understood on the level of technical interoperability.

Centralized identity management solutions were created to help deal with user and data security where the user and the systems they accessed were within the same network – or at least the same "domain of control". Increasingly however, users are accessing external systems which are fundamentally outside their domain of control, and external users are accessing internal systems. The increasingly common separation of user from the systems requiring access is an inevitable by-product of the decentralization brought about by the integration of the Internet into every aspect of both personal and business life. Evolving identity management challenges, and especially the challenges associated with cross-company, cross-domain access, have given rise to a new approach to identity management, known now as "federated identity management" (FIdM).

FIdM, or the "federation" of identity, describes the technologies, standards and use-cases which serve to enable the portability of identity information across otherwise autonomous security domains. The ultimate goal of identity federation is to enable users of one domain to securely access data or systems of another domain seamlessly, and without the need for completely redundant user administration.  Federation is enabled through the use of open industry standards and/or openly published specifications, such that multiple parties can achieve interoperability for common use-cases. Typical use-cases involve things such as cross-domain, web-based single sign-on, cross-domain user account provisioning, cross-domain entitlement management and cross-domain user attribute exchange.

Security Assertion Markup Language (SAML) will be the technology supported by Primavera Products for identity federation SSO in Oracle Cloud.

Overview of SAML

SAML is an XML-based, open-standard data format for exchanging authentication and authorization data between parties, in particular, between a service provider and an identity provider.

What are a Service Provider and Identity Provider?

  • A Service Provider (SP) is an entity that provides Web Services, for example an Application Service Providers (ASP).  Service Provider technologies important to Identity Management include Software-as-a-Service (Saas), software offered using an Application Service Provider (ASP) model.  A Service Provider relies on a trusted Identity Provider (IdP) or Security Token Service (STS) for authentication and authorization. In SAML 2.0, the XML-standard for exchanging data, the security domains that information is passed between are a Service Provider (SP) and an Identity Provider (IdP).  The SP depends on receiving assertions from a SAML authority or asserting party, an IdP.   Oracle Cloud will act as the Service Provider.
  • An Identity Provider (IdP), is an online service or website that authenticates users on the Internet by means of security tokens (SAML 2.0 for example, which will be supported in the Oracle Cloud). Service Providers depend on an Identity Provider or Security Token Service to do the user authentication.  You (the customer) will act as the Identity Provider configured to your own identity store for authenticating users in your organization.  

In-text Citation:

Refer to the following diagram for a general overview of the processes that occur when a user attempts to log in to a Primavera application after SAML authentication and identity federation has been successfully configured:

When a user attempts to log in to a Primavera application instance that requires SAML authentication, the following processes occur:

  1. The Primavera application sends an authentication request.
  2. The authentication request is intercepted by SSO in an embedded browser in which a user is required to enter their login information.
  3. The user is authenticated against the identity provider (IdP).
  4. After the user is authenticated, the IdP redirects the SAML assertion to the Service Provider (SP).
  5. The SP parses the SAML assertion and sets the authentication header.
  6. WebLogic reads the header and sets the authentication cookie. The Primavera application reads the cookie and establishes a session.
  7. The user is logged in to the application.

The purpose of this document is to outline the procedure to initiate implementation of Federated Identity Single Sign-On through SAML in your Cloud environment.


Intended Audience

Identity Federated SSO and SAML Technical Notes

Primavera Product Technical Notes

SP Technical Notes and Requirements

IdP Technical Notes and Requirements

Process Overview


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.