Skip to main content

OAM 11g PS3 SSO with Peoplesoft HCM 9.2 (Peopletools 8.55)

Setting up the Environment:
  • It is assumed that Peoplesoft Pre-built VM is used and configured. Peoplesoft is up and running.
  • OAM 11gR2 PS3 is up and running. OHS is protected by OAM webgate and can be reverse proxied to Peoplesoft.
  • To setup the Application designer navigate to the '/opt/oracle/psft/pt/tools_client/' location in the VM. Download the folder on local machine where Application Designer needs to be installed.
  • Install the oracle client and put tnsnames.ora <client_home>\product\12.1.0\client_1\network\admin location.
  • Navigate to the folder and run 'setupPTClient.bat  -t -l' to install the application designer.
  • Navigate to 'C:\PT8.55.06_Client_ORA\bin\client\winx86' and run pside.exe to start the application designer. DB name in this case is 'PSHCMDB and userid/pwd is PS/PS.
Configuration on PeopleSoft:

  • Login to the Peoplesoft console http://<host_name>:8000/psp/ps/?cmd=start using credentials PS/PS. Click on Nav bar to see all the other options.
  • Navigate to Peopletools-> Security -> User Profiles -> User Profiles.
  • Add a new profile named OAMPSFT. Provide the Password on first tab. Make Sure All user profiles created are in upper case.Click on ID tab and select ID as 'none'. Click on Roles tab and add Peoplesoft User. click Save.
  • Navigate to Peopletools -> Web Profile --> Web Profile Configuration. Search for the PROD profile and click on 'Security' tab. Check 'Allow Public Access' and add OAM PSFT user and Password. 
  • Navigate to Peopletools --> Security --> Security Objects --> Signon PeopleCode. Uncheck other options and check 'OAMSSO_AUTHENTICATION' enabled as below:
  • Login to Application Designer. Click Open and select 'Record' from the drop down. Provide 'FUNCLIB_LDAP' and click Open.
  • Right click on 'LDAPAUTH' and View Peoplecode. Search for function 'getWWWAuthConfig()' and provide 'OAMPSFT' as userid.
  • Search for 'OAMSSO_AUTHENTICATION()' function and provide 'PS_SSO_UID' as Header value.
  • Configuration on PeopleSoft side is done. PeopleSoft needs to be restarted. Login as psadm2 user and run 'psadmin' command to restart the domain.
OAM Configuration:
  • Reverse Proxy the PeopleSoft from OHS either using 'mod_wl_ohs' or httpd.conf. Reverse Proxy all the /psp/,/ps,/psc,/cs and URL's.

ProxyPreserveHost On
proxypass /psp/ http://<psft_host>:8000/psp/
proxypassreverse /psp/ http://<psft_host>:8000/psp/

  • Protect all the URL's as mentioned above in OAM Application domain as below:
  • Create a Authentication policy and Protect the URL's using LDAPScheme.


  • Add a condition as always 'TRUE' and add this condition in Rule as below. Else Authorization error will occur.
  • Click on the Responses tab and add 'PS_SSO_UID' as Header. Provide value for the Header as '$user.attr.uid'.
  • Configuration is completed. Try to access PSFT using http://<OHS_Host>:7777//psp/ps/?cmd=start and provide credentials. Should be redirected to PeopleSoft console.Hope it works. 



Comments

Post a Comment

Popular posts from this blog

Adding UDF (User Defined Field) on create user page OIM 11g R2 PS1:-

    Login to Sysadmin console and create a Sandbox and activate it. Click on Form Designer and search for user form. 2.      Create a new field of desired type. 3.      Provide the Required Values for UDF creation and click save and close. UDF field will be added then publish the sand box. 4.      Login to Identity console now and create another sandbox and activate it. After sandbox is activated click on users link and the click on create user. 5.      Provide the mandatory values on the form and then click the customize button on top. Select source from the view. 6.      Select the panel where the field has to be added. Select panel form lay out click add content. Select Data component Catalog from the box. 7.      Select UserVO from the bottom. ...
12 comments
Read more

OIM Tuning

Application Module tuning is a critical setting which will affect the UI performance. Following are the recommended application module settings for OIM and these are already set out-of-box (OOB) in later releases of OIM 11g R2. Ensure that these settings are implemented as recommended in your environment. -Djbo.ampool.doampooling=true -Djbo.ampool.minavailablesize=1 -Djbo.ampool.maxavailablesize=120 -Djbo.recyclethreshold=60 - Djbo.ampool.timetolive=-1 -Djbo.load.components.lazily=true - Djbo.doconnectionpooling=true -Djbo.txn.disconnect_level=1 - Djbo.connectfailover=false -Djbo.max.cursors=5 - Doracle.jdbc.implicitStatementCacheSize=5 - Doracle.jdbc.maxCachedBufferSize=19 open DOMAIN_HOME/bin/setDomainEnv.sh file for the WebLogic Server instance.find these lines: JAVA_OPTIONS="${JAVA_OPTIONS}" export JAVA_OPTIONS and change it to: JAVA_OPTIONS="-Djbo.ampool.doampooling=true -Djbo.ampool.minavailablesize=1 -Djbo.ampool.maxavailablesize=120 -D...
Post a Comment
Read more

OIM Reports : PS3

Oracle Business Intelligence Publisher is Oracle's primary reporting tool for authoring, manag-ing, and delivering all your highly formatted reports. BI Publisher is shipped with Oracle Identity Manager 11g Release 2 PS3. BI Publisher is deployed and configured as a separate managed server within the same Oracle Identity Manager domain. You have the choice of either leveraging the embedded BI Publisher or a standalone BI Publisher. It is recommended that you use the embedded BI Publisher if there are no other reporting requirements and you only need reporting for Oracle Identity Manager. After BI Publisher configuration, you can take advantage of the standard features of BI Publisher, such as:  Access Policy Reports  Request and Approval Reports  Password Reports  Resource and Entitlement Reports  User Reports  Certification Reports  Identity Audit Reports  Exception Reports The Screenshot of all the reports can be seen below: Every Report uses a Da...
Post a Comment
Read more