Add an Oracle PeopleSoft app
The purpose of this guide is to walk through the process of setting up an Oracle PeopleSoft application with Okta through the Access Gateway Admin UI console.
Access Gateway works with all major PeopleSoft modules including:
Ensure you use the correct path for your specific module.
This application is part of a class of applications which exchange user information using header variables. See Add a generic header application for more information about the Access Gateway generic header application.
Access Gateway also provides a sample header application. See Add a sample header application.
- Access Gateway is installed and configured for use.
See Manage Access Gateway deployment.
- Access Gateway has been configured to use your Okta tenant as IDP.
See Configure your Okta tenant as an Identity Provider for more information about configuring your Okta tenant as an IDP.
- You have administrator rights on your Okta tenant and can assign applications to users and create groups.
- You have access to the PeopleTools desktop client.
- You have access to the PeopleSoft web portal and can access it as super user.
- Confirm that the external app version is supported. Oracle Peoplesoft supported versions include:
- v9.2.00 or later.
- Configure PeopleCode using the PeopleTools desktop client
- Configure PeopleSoft using the PeopleSoft web portal
- Create the application in Access Gateway
- Configure the PeopleSoft application
- Test the PeopleSoft application
The PeopleSoft admin and Access Gateway admin tasks can and should be performed in parallel. The following general ordering is recomended.
- Create PUBUSER.
- Activate people code.
- Configure the PeopleSoft gateway.
- Update the PeopleSoft virtual addressing field.
- Restarting PeopleSoft
Peoplesoft deployments typically support a pre-provided Sign-on Peoplecode.
In this section, we update the code to accept header-based authentication from the PS_USER header.
These steps are typically performed by the PeopleSoft admin.
- Open the PeopleTools application Designer.
Click File > Open > Definition: Record > Name: FUNCLIB_LDAP.
Right-click Open > Cancel
Right-click LDAPAUTH > View PeopleCode
Search for the getWWWAuthConfig() function.
Change &defaultUserId = ""; to &defaultUserId = "PUBUSER";.
Search for the OAMSSO_AUTHENTICATION() function.
- Change the header value from OAM_REMOTE_USER to PS_USER.
Click File > Save.
Navigate to the PeopleSoft Web Portal and sign in as the PeopleSoft super user.
From the main menu, select PeopleTools > Security > Security Objects > Signon PeopleCode > [+] button.
Select the Signon PeopleCode page.
Enable the OAMSSO_AUTHENTICATION function, and click Save.
Add a default user profile to PeopleSoft:
From the main menu, navigate to PeopleTools > Security > User Profiles > User Profiles > Add a New Value.
Select the General tab.
- Create user: PUBUSER. Enter a password.
Select the ID Tab.
Set ID type as none.
Configure the web profile:
From the main menu, navigate to PeopleTools > Web Profile > Web Profile Configuration > Search > PROD > Security.
If the Public Users section is populated, note the User ID.
Set the following fields:
Field Value Main PIA Use HTTP Same Server Unselected. Public Users User ID PUBUSER
Note: This field must match the attribute used when creating the Access Gateway.
Public Users Password Matching previously created user Public Users Allow Public Access Checked
Set default proxy address:
From the Main Menu navigate to PeopleTools > Web Profile > Web Profile Configuration > Search > PROD > Virtual Addressing.
Set the following fields:
Field Value Default Addressing Protocol https Default Addressing Name FQDN of the Access Gateway PeopleSoft app public domain
For example: ps-external.<gateway.info>.
Default Addressing Port 443 Public Users Allow Public Access Checked
- Sign in to the Access Gateway Admin UI console.
Click the Applications tab.
Click +Add to add a new application.
- Select Oracle PeopleSoft from the left column menu, and upper right-click Create.
To configure the Access Gateway PeopleSoft application.
- In the Essentials pane enter:
Field Value Label The name of the application, as shown in your Okta tenant.
For example:PeopleSoft SSO.
Public Domain The customer facing URL of the PeopleSoft application.
For example: https://ps-external.<gateway.info>
<gateway.info> must match the PeopleSoft domain, which is in the Protected Web Resource section as domain.tld.
Protected Web Resource The URL and port combination of the Oracle PeopleSoft Implementation being protected.
For example: http://psft-app.<domain.tld>:8000
Post Login URL Browseable route-through location to pick up the required cookie from Okta Access Gateway and pass along to the Oracle PeopleSoft implementation.
For example https://ps-external.<gateway.info>/psp/ps/.
Note that the post login URL is automatically populated and can contain other elements specific to the implementation.
Group The group containing users who can access the PeopleSoft instance.
Expand Advanced section and click enable Content Rewrite.
- Expand the Certificates tab.
By default a wild card self signed certificate is created and assigned to the application when the application is initially created.
- Optional. Click Generate self-signed certificate
A self-signed certificate is created and automatically assigned to the application.
- Optional. Select an existing certificate from the list of provided certificates.
Use the Search field to narrow the set of certificates by common name.
Use the page forward (>)and backward(<) arrows to navigate through the list of available certificates.
Click Next. The Attributes pane appears. See Application attributes.
The required attributes are pre-populated, and are presented for reference.
In the Attributes pane, click Add .
Verify the login attribute:
Data Source Field Type Name IDP
The attribute in your Okta tenant that stores the PeopleSoft username. This can be a different attribute or can use Okta username mapping to create the PeopleSoft username dynamically.
- Click the (+) icon
From the Data Source drop-down box, select Static.
From the Field drop-down box, select login.
From the Type drop-down box,select the appropriate target type, either Header or Cookie.
In the Name field, enter the associated name.
Click Okay when the attribute is complete.
Repeat to create any additional attributes.
- Click Done when complete.
While optional, Okta recommends that all applications include certificates.
See About Access Gateway Certificates for general information about certificate.
See Certificate management tasks for a general task flow for obtaining and assigning certificates.
Select Goto application > IDP Initiated.
If you are using an SP initiated test, you will need to test from another browser tab and not from the SP Initiated option.
PeopleSoft requires a landing page for SSO to function correctly. IDP initiated handles this by sending the Post Login URL, SP Initiated does not.
Your Okta tenant administrator may need to assign the application to you.
In addition, if you do not already have an active session for Okta open in your browser, you may be prompted to log in to your Okta account and provide credentials.
- Verify that you are signed in to Oracle PeopleSoft correctly.
- See Access Gateway supported application and version information for details of supported application and version information.
- See Add a generic header application.
- See Add a sample header application.
- See Add a sample policy application.
- See Troubleshoot applications.
- Add or review application essential settings. See About application essentials and Manage application essentials.
- Add application behaviors. See About application behaviors.
- Add fine grained policy to further protect resources. See About application policy and Manage access control application policy for an overview on user policy and for examples respectively.
- Extend existing policy using custom configuration. See Advanced Access Gateway policy.
- Associate a certificate with this application. See Manage certificates.
- Add supplemental database or LDAP based data stores. See Administer data stores.