Friday, April 24, 2015

Oracle Access Manager 11g & PeopleSoft SSO integration high level steps


Assumptions:

Oracle Access Manager environment is up and running


High Level Steps:

  1. Download PeopleSoft Interaction Hub DEMO Virtual Machine from Oracle Support and start virtual machine as per the instructions in Support Notes
  2. Download Oracle Client from PeopleSoft Image shared folder
  3. Download PeopleSoft Application Designer from PeopleSoft Image shared folder
  4. Install Oracle Client by selecting “Administrator” as installation type and copy tnsnames.ora from PeopleSoft DEMO VM share folder to Oracle Client network/admin folder
  5. Install PeopleSoft Application Designer on Windows Server
  6. When Prompted enter DEMO License code provided in http://www.oracle.com/us/support/licensecodes/peoplesoft-enterprise/index.html#PeopleTools
  7. Login to PeopleSoft Application Designer with Admin credentials(Ex: PS/PS).
  8. Login to PeopleSoft and create new user profile. In this case it’s “OAMPSFT”
  9. Search for getWWWAuthConfig() function using PeopleSoft Application Designer and change defaultUserId value to “OAMPSFT” and save
  10. Search for OAMSSO_AUTHENTICATION() function and update header value from “OAM_REMOTE_USER” to “PS_SSO_UID"
  11. Navigate to Main Menu>> People Tools>> Web Profile and select the web profile being used and navigate to Security tab and select “Allow Public Access” and enter UserID/ Password(In this case “OAMPSFT and it’s password")
  12. Update "Signon Peoplecode" as shown in the screen shot below. 
  13. Bounce PSFT web and app services
  14. Install OHS webserver and OAM WebGate 
  15. Configure Reverse proxy settings from OHS webserver to PeopleSoft instance
  16. Configure Authorization Header variable”PS_SSO_UID" in OAM Application Domain
  17. Test the PeopleSoft application login with OHS URL
           Ex:- http://pokuri.demo.com:7777/psp/ps/EMPLOYEE/EMPL/h/?tab=DEFAULT

Useful Links:

http://peoplesofttutorial.com/peopletools-8-53-how-to-install-oracle-client-from-peoplesoft-image/
http://peoplesofttutorial.com/peopletools-8-53-install-peopletools-8-53-on-windows-7/

Hope this helps some one out there!!

-- Siva Pokuri.

4 comments:

  1. Hi Siva,

    I have been struggling with OAM to peoplesoft integration:
    I followed the above steps and here are few findings:

    I have tested protecting a simple page with a printenv to confirm that the secure HTTP headers that Peoplesoft application expects are set with the correct users identity.

    I can see following headers:
    HTTP_OAM_LAST_REAUTHENTICATION_TIME="Mon Jan 04 14:53:08 PHT 2016"
    HTTP_OAM_REMOTE_USER="inbox_user"
    HTTP_PS_SSO_UID="inbox_user"

    On peoplesoft side: Edited function that will read the HTTP header variable that is set by Oracle Access Manager.

    Function Oracle_Access_Manager_Authentication()
    /* Note: Following file will written to the default path.*/
    /* Usually appserv//files */
    &logfile = Getfile("oamaccess.log","A");

    If &logfile.Isopen then
    &logfile.Writeline("INFO: Netpoint_Authentication_Profile started");
    &logfile.Writeline(String(%Datetime));
    &logfile.Writeline("authMethod: " &authMethod));
    End-If;

    If %PSAuthResult = True And
    &authMethod <> "LDAP" And
    &authMethod <> "COREID" And
    &authMethod <> "SSO" Then
    If &logfile.Isopen then
    &logfile.Writeline("INFO: AuthResult and AuthMethod ok.");
    End-If;

    getWWWAuthConfig();

    If &logfile.Isopen then
    &logfile.Writeline("INFO: After get wwwauthconfig.");
    &logfile.Writeline(&defaultUserId);
    End-If;

    If %SignonUserId = &defaultUserId Then
    If &logfile.Isopen then
    &logfile.Writeline("INFO: %SignonUserId = &defaultUserId ");
    End-If;
    &userID = %Request.GetHeader("PS_SSO_UID");


    On testing SSO, page get redirect and upon submitting credentials it show login page again instead of user home page.

    I doubt that peoplesoft is not able to read header to authenticate user using header variable and i am also not sure whether it issue PS_TOKEN or not?


    Can you help me here with peoplesoft configurations?

    thanks
    Awais

    ReplyDelete
    Replies
    1. Hi Shiva / Awais,

      do you have a step by step procedure for OAM and OID for PeopleSoft 8.5x

      can you please send that to my email id?

      zafrullakhan001@gmail.com

      Thanks in Advance and Really appreciate your expertise in this area.

      Regards
      Zafrulla Khan.

      Delete
  2. Hi siva,

    If you have some document on PeopleSoft and OAM integration can you please send it to me
    g2murthy@gmail.com

    ReplyDelete
  3. Hello Siva,

    I am new to OAM can you please send me a document on OAM with PeopleSoft Integration.

    Appreciate your help on this..

    ReplyDelete