Single Sign-on Mode
In the SSO mode configuration, Web requests are authenticated before being passed to PPM, bypassing the PPM logon page. To enable SSO mode, the SiteMinder Web Agent must be plugged into any third-party Web server software that PPM supports, and be configured to communicate with a SiteMinder Policy Server. The SiteMinder Web Agent intercepts Web requests and checks with the Policy Server to ensure they are authenticated before passing them to PPM.
Note that you cannot use SiteMinder to manage PPM application-level authorization for controlling access to various screens and functions. Application-level authorization is controlled by the PPM security model using security groups, access grants, product licensing, and so on. Therefore, user accounts must exist in both PPM and the SiteMinder Policy Server, but PPM does not have to maintain the associated passwords.
Single sign-on configuration requires that PPM be integrated with an external Web server that has both the SiteMinder Web Agent and PPM Web Server Module installed. (The PPM internal Web server does not support SiteMinder SSO because there is no compatible Web agent or a suitable API to create one.)
The SiteMinder Web Agent is the single access point for all Web clients. The SiteMinder Web Agent intercepts all incoming requests and ensures that they are authenticated before passing them to the PPM Web Server module. The requests then proceed to the PPM Server.
For PPM Workbench clients, the SiteMinder Web Agent protects access to the PPM Workbench logon page. After the user provides a username and password, the authentication information is passed to the PPM Workbench applet for automatic logon. Once started, the applet communicates directly with the PPM Server.
Caution: PPM Workbench does not support SSO mode if you start it from the menu bar (select Administration > Open Workbench on Desktop). However, if PPM is launched as an application, it uses SiteMinder to authenticate. See Configuring the PPM Workbench to Run as a Java Applet.
The figure below shows a system diagram of SiteMinder integration in SSO mode.