■ PeopleSoft Components
■ PeopleSoft Integration Architecture ■ Supported Version and Platforms ■ Preparing Your Environment
■ Setting Up Oracle Access Manager Single Sign-On for PeopleSoft ■ Setting up PeopleSoft for Single Sign-On with Oracle Access Manager ■ Configuring Single Signoff
About the Integration with PeopleSoft
This integration provides a secure Internet infrastructure for identity management for PeopleSoft’s customer applications and processes. Oracle Access Manager provides identity and access management across PeopleSoft applications, enterprise resources, and other domains that are deployed on eBusiness networks. Oracle Access Manager provides the foundation for managing the identities of customers, partners, and employees across Internet applications. These user identities are protected by security policies for Web interaction.
This integration adds the following to PeopleSoft implementations:
■ Oracle Access Managerauthentication, authorization, and auditing services for Siebel 7 applications.
■ Oracle Access Manager single sign-on (SSO) for PeopleSoft applications and other Oracle Access Manager-protected resources in a single domain or across domains.
■ Oracle Access Manager authentication schemes that provide single sign-on for PeopleSoft applications:
– Basic: Users enter a user name and password in a window supplied by the Web server.
PeopleSoft Components
– Form: Similar to the basic challenge method, users enter information in a custom HTML form.
You choose the information that users must provide in the form. – X509 Certificates: X.509 digital certificates over SSL.
A user's browser must supply a certificate.
– Integrated Windows Authentication (IWA): Users will not notice a difference between an Oracle Access Manager authentication and IWA when they log on to the desktop, open an Internet Explorer (IE) browser, request a Oracle Access Manager-protected Web resource, and complete single sign-on.
– Microsoft .NET Passport: .NET Passport is a component of the Microsoft .NET framework.
The .NET plug-in is a Web-based authentication service that provides single sign-on for Microsoft-protected Web resources.
– Custom: You can use other forms of authentication through the Oracle Access Manager Authentication Plug-in API.
■ Session timeout: Oracle Access Manager enables you to set the length of time that a user session is valid.
■ Ability to use the Identity System for identity management: The Identity System provides identity management features such as portal inserts, delegated
administration, workflows, and self-registration to applications such as PeopleSoft.
You can determine how much access to provide to people upon self-registration. Identity System workflows enable a self-registration request to be routed to appropriate personnel before access is granted.
Oracle Access Manager also provides self-service, allowing users to update their own identity profiles.
PeopleSoft Components
This integration involves the following PeopleSoft components.
PeopleSoft Application Server: The application server is the core of PeopleSoft Pure Internet Architecture (PIA). An application server maintains the SQL connection to the database for browser requests and the PeopleTools development environment in Microsoft Windows. It runs business logic and issues SQL to the database server. The application server consists of numerous PeopleSoft services and server processes. Just as different elements make up the physical environment in which an application server operates, for example, database servers and Web servers, a variety of elements operate on the application server, enabling it to respond effectively to multiple transaction requests and handle transaction processing, system scaling, browser requests, and so on.
PeopleSoft Database Server: The database server houses a database engine and the PeopleSoft application database. The database includes all the application’s object definitions, system tables, application tables, and data. The database server must run one of the PeopleSoft-supported RDBMS and operating system combinations. Multiple application servers can connect to the database server. The database server simultaneously handles the application server connections, development environment
PeopleSoft Integration Architecture
PeopleSoft Internet Architecture: PeopleSoft Pure Internet Architecture enables Internet application deployment through a browser, and enables you to take advantage of PeopleSoft intranet solutions, Internet solutions, and integration technologies.
PeopleSoft Pure Internet Architecture runs seamlessly in portals created and managed by PeopleSoft portal technology.
PeopleTools portal technology is built on top of PeopleSoft Pure Internet Architecture and enables you to easily access and administer multiple content providers, including PeopleSoft databases such as PeopleSoft CRM and HRMS, as well as non-PeopleSoft content. It enables you to combine content from these multiple sources and deliver the result to users in a unified, simple-to-use interface.
PeopleSoft Integration Architecture
PeopleSoft has a configurable authentication mechanism that allows it to authenticate a user against the following:
■ Native tables
■ LDAP
■ Custom plug-ins, including the ability to read HTTP Headers Single sign-on with PeopleSoft involves the following:
■ Protecting PIA with a WebGate.
■ Populating a header variable with an attribute value that is stored in the LDAP directory used by Oracle Access Manager.
■ Writing PeopleCode to read the header variable and generate the PS_TOKEN. A cookie is generated by PIA every time a user successfully logs in. It is used to enable single sign-on with other PeopleSoft applications.
■ Configuring PeopleSoft to invoke the PeopleCode as part of the authentication process, overriding the default authentication mechanism.