Skip to main content

OAM 11g PS3 SSO with Peoplesoft HCM 9.2 (Peopletools 8.55)

Setting up the Environment:
  • It is assumed that Peoplesoft Pre-built VM is used and configured. Peoplesoft is up and running.
  • OAM 11gR2 PS3 is up and running. OHS is protected by OAM webgate and can be reverse proxied to Peoplesoft.
  • To setup the Application designer navigate to the '/opt/oracle/psft/pt/tools_client/' location in the VM. Download the folder on local machine where Application Designer needs to be installed.
  • Install the oracle client and put tnsnames.ora <client_home>\product\12.1.0\client_1\network\admin location.
  • Navigate to the folder and run 'setupPTClient.bat  -t -l' to install the application designer.
  • Navigate to 'C:\PT8.55.06_Client_ORA\bin\client\winx86' and run pside.exe to start the application designer. DB name in this case is 'PSHCMDB and userid/pwd is PS/PS.
Configuration on PeopleSoft:

  • Login to the Peoplesoft console http://<host_name>:8000/psp/ps/?cmd=start using credentials PS/PS. Click on Nav bar to see all the other options.
  • Navigate to Peopletools-> Security -> User Profiles -> User Profiles.
  • Add a new profile named OAMPSFT. Provide the Password on first tab. Make Sure All user profiles created are in upper case.Click on ID tab and select ID as 'none'. Click on Roles tab and add Peoplesoft User. click Save.
  • Navigate to Peopletools -> Web Profile --> Web Profile Configuration. Search for the PROD profile and click on 'Security' tab. Check 'Allow Public Access' and add OAM PSFT user and Password. 
  • Navigate to Peopletools --> Security --> Security Objects --> Signon PeopleCode. Uncheck other options and check 'OAMSSO_AUTHENTICATION' enabled as below:
  • Login to Application Designer. Click Open and select 'Record' from the drop down. Provide 'FUNCLIB_LDAP' and click Open.
  • Right click on 'LDAPAUTH' and View Peoplecode. Search for function 'getWWWAuthConfig()' and provide 'OAMPSFT' as userid.
  • Search for 'OAMSSO_AUTHENTICATION()' function and provide 'PS_SSO_UID' as Header value.
  • Configuration on PeopleSoft side is done. PeopleSoft needs to be restarted. Login as psadm2 user and run 'psadmin' command to restart the domain.
OAM Configuration:
  • Reverse Proxy the PeopleSoft from OHS either using 'mod_wl_ohs' or httpd.conf. Reverse Proxy all the /psp/,/ps,/psc,/cs and URL's.

ProxyPreserveHost On
proxypass /psp/ http://<psft_host>:8000/psp/
proxypassreverse /psp/ http://<psft_host>:8000/psp/

  • Protect all the URL's as mentioned above in OAM Application domain as below:
  • Create a Authentication policy and Protect the URL's using LDAPScheme.


  • Add a condition as always 'TRUE' and add this condition in Rule as below. Else Authorization error will occur.
  • Click on the Responses tab and add 'PS_SSO_UID' as Header. Provide value for the Header as '$user.attr.uid'.
  • Configuration is completed. Try to access PSFT using http://<OHS_Host>:7777//psp/ps/?cmd=start and provide credentials. Should be redirected to PeopleSoft console.Hope it works. 



Comments

Post a Comment

Popular posts from this blog

Developing Prepopulate Adapter with OIM 11g R2

1.      Prepopulate Adapter in OIM uses the plugin point oracle.iam.request.plugins.PrePopulationAdapte r. 2.      Write the Java code which returns the value which has to be populated on the form. 3.      This code will implement the plugin point oracle.iam.request.plugins.PrePopulationAdapte r. Code Snippet: - package com.oracle.oim.utility.eventhandler; import java.io.Serializable; import java.util.Iterator; import java.util.List; import java.util.logging.Logger; import oracle.iam.identity.exception.NoSuchUserException; import oracle.iam.identity.exception.UserLookupException; import oracle.iam.identity.usermgmt.api.UserManager; import oracle.iam.identity.usermgmt.vo.User; import oracle.iam.platform.Platform; import oracle.iam.platform.authz.exception.AccessDeniedException; import oracle.iam.request.exception.RequestServiceException; import oracle.iam.request.vo.Beneficiary; ...
5 comments
Read more

Oracle Traffic Director (OTD) configuration

Download the OTD software and install it on a server by running runInstaller command from <Binaries>/Disk1. Preferred is to configure the OTD as root user because when the administration server is configured as root, then Oracle Traffic Director starts the keepalived daemon automatically when you start instances that are part of a failover group, and stops the daemon when you stop the instances. Set Oracle_Home as the new Installed OTD Home. Run below command to configure the Admin server: <OTD_HOME>/otd/bin/tadm configure-server --port=8989 --user=admin --server-user=root --instance- home= <OTD_HOME> /otd/instance_name/otd_instance1 This command will ask for admin password and will create the admin server. Run Below command to start the admin server: <OTD_HOME> /otd/instance_name/otd_instance1/admin-server/bin/startserv Login to the OTD console on http://<host>:8989 as admin user.  Click New configuration: Click Next and create ne...
Post a Comment
Read more

Custom Login Page Protection- OAM 11g R2

Create a login page with fields having username,password and requestid. Below is the sample login page : <%@page language="java" session="true" contentType="text/html;charset=ISO-8859-1"  %> <% String path = request.getContextPath(); String basePath = request.getScheme()+"://"+request.getServerName()+":"+request. getServerPort()+path+"/"; String requestID = request.getParameter("request_id"); %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <font color="blue">Login Page </font><br><br> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>Implementing css and javascript</title> <meta http-equi...
3 comments
Read more