Did any one successfully implemented SSO with 15.2 new UX?
SSO is not working when users are directly hitting the new url /pm instead if they navigate to classic url first then new UX it is working fine as the session is carried from classic UI
It looks like new UX is unable to authenticate based on the SSO header, Currently if timesheet users submits timesheet when new timesheets are activiated, then the email links will have new UX timesheets links and users are unable to login.
Please share if any one successfully implemented SSO with new UX or if there are any workarounds. Thanks
New UX is not a different app hosted where it will authenticate the SSO , the authentication layer in PPM classic and then gets navigated to new UX layer. The design so far on new UX is to authenticate via PPM db and in your case its SSO so if there is valid session it will allow you to see the new Ux else it won't .
Also I would like to know how the notification is going to new UX as notifications are configured to go to OLD UX with the ENTRY UL updated in CSA
Thanks for the reply. So you mean we cannot share the direct url as
mentioned in document below to users if we have SSO enabled as only classic
URL can create session with SSO but not new UX.
As per the document:
Use the following URL to access the New User Experience:
So this url will not work directly if we enable SSO instead we have to
navigate to Classic url and then naviagate to new UX, Is my assumption
correct based on your reply?
And regarding Timesheets, we have not changed any thing to direct timesheet
emails to new UX. We enabled new UX & Timesheets from CSA and when
timesheet users submit time, it is sending the submission email with link
to new UX(/pm), this is hyperlink in the email:
Is it not the case in your instance, though you activated new timesheets,
the hyperlinks in email are pointed to old timesheets?
Thanks again for your time in checking this.
On Thu, Aug 3, 2017 at 4:34 PM, SumanPramanik <
Yes the /PM URL will not work if the session is not there during SSO, let me check by submitting the timesheet va new UX and see what URL is generated. As far my understanding goes the NEW UX is not activated through CSA but from Administration --> System option
I checked the notification after submitting the timesheet from new UX, and you can see the link its going to OLD UI and not NEW UI. Can you please more information on the http/https entry URL
It looks like the screenshot that is provided is an action item triggered
from the Timesheet process/workflow which would have triggered in your
instance. We don't use the workflow. I was pointing out to OOTB timesheet
notification that Resource manager receives when user submits timesheet
which looks like something as attached, this will trigger when timesheet is
submitted without any process/workflow.
On Thu, Aug 3, 2017 at 5:43 PM, SumanPramanik <
I did not use any any process but just submitted the timesheet and it used the ootb and it used the notification Timesheet - Submitted.
Our instance will not trigger any action item, if I am not wrong the action item screenshot you shared in the previous screenshot is from the Timesheet process which is provided out of the box(Assumption) and we don't use any process to create action item. Instead we use OOTB notifications that triggers internally by system when resource submits timesheets. You can also see these notification templates under Admin->Notifications. So the link in these OOTB notifications are pointing to new timesheets GUI and that is the concern.
This is the exact notification i used and it was pointing me to old UI. as you have the support case one of our team will work with you to get to the bottom of it.
The email body in the notification should be as per the notification template and in our system(OOTB, not modified), it is as below where the click here should navigate to submitted timesheet for resource managers to Approve.
The one you shared looks like is from process where the email body says it as an action item and the link is pointing to action item page instead of timesheet page.So wondering why you are not receiving this email as notification instead you are receiving an action item if there is no process/workflow.
Hi Karthik and Suman, and Others,
Let us know if this doc helps or can otherwise be improved:
Integrate CA PPM with CA Single Sign-On (SSO) - CA PPM SaaS - 15.2 - CA Technologies Documentation
Thanks Damon. Yes we followed this document , SSO with /niku is absolutely working fine after the upgrade but not with pm. But unfortunately when users directly using http://server/pm (New UX) from their emails, it cannot identify header and generate clarity session instead it is only recognizing already generated session id from old context(/niku). So users cannot directly use this new UX page with SSO configured with header.
I was thinking that we were missing something in setting up new UX with SSO but it looks like new UX cannot create the session on its own unlike niku or rather the internal handshake is missing in generating a new session if there is none based on the configured header.
I have created a support case to confirm this.Will update the community upon receiving the updates.
Thanks again for your time in answering the post.
Thanks everyone for your contributions. I wanted to share the good news that we were able to resolve the issues.
Users using /pm (New UX) url directly are now able to login directly with SSO, the problem was that the login was provided by /ppm/rest/.. context for which our SSO application is blocking the request and returning the error as 403 Forbidden internally, it was because of BADQUERYCHARS which is blocking the request, once we enabled this property the SSO with new UX started working without having us to navigate to classic PPM. This property setting is documented under "Agent Propeties, LogoffUri, IgnoreExt, and IgnoreUrl" section of the document.
With that users who are navigating to timesheets from timesheets notification emails are now successfully logging to new UX with SSO.
Thanks again everyone.
Great news Karthik. One stop closer to PPM 15.2
We are facing same issue. User can login to Classic PPM via SSO, but not to New UX.
Which SSO authentication method you are using?