Add an Oracle PeopleSoft App

The purpose of this tutorial is to walk through the process of setting up an Oracle PeopleSoft application with Okta through the Access Gateway Admin UI.

Access Gateway works with all major PeopleSoft modules including:

• CRM: /crm/*

• HCM: /hcm/*

• Learning: /elm/*

• Financial: /fscm/*

• Campus: /camp/*

Ensure you use the correct path for your specific module.

Before You Begin

• Access Gateway is installed and configured for use.
  See Manage Access Gateway deployment.
• Access Gateway has been configured to use your Okta tenant as IDP.
  See Configure your Okta tenant as Identity Provider for more information about configuring your Okta tenant as an IDP.
  
• You have administrator rights on your Okta tenant and can assign applications to users, and create groups.
• You have access to the PeopleTools desktop client.
• You have access to the PeopleSoft web portal and can access it as super user.

Topics

1. Create the Application in Access Gateway
2. Configure the PeopleSoft Application
3. Configure PeopleCode using the PeopleTools desktop client
4. Configure PeopleSoft using the PeopleSoft web portal
5. Test the PeopleSoft Application

Create the Application in Access Gateway

1. Navigate to your Access Gateway Instance.

   

   Note

   Access Gateway creates a default self-signed certificate. For non-production deployments, this will be appropriate. Proceed past any security exceptions raised by your browser. For production deployments, a valid certificate can be installed and these exceptions will not be needed.

2. In the Access Gateway Admin UI, sign in as an administrator.

3. Click the Applications tab.

   

4. Click + Add to add a new application.

   

5. Select Oracle PeopleSoft from the left column menu, and click Create.

Configure the PeopleSoft Application

To configure the Access Gateway PeopleSoft application.

1. In the Essentials pane enter:
   

   Field	Value
   Label	The name of the application, as shown in your Okta Tenant. For example:PeopleSoft SSO.
   Public Domain	The externally facing URL of the PeopleSoft application. For example: https://ps-external.<gateway.info> Note Note that <gateway.info> must match the PeopleSoft domain, which is in the Protected Web Resource section as domain.tld.
   Protected Web Resource	The URL and port combination of the Oracle PeopleSoft Implementation being protected. For example: http://psft-app.domain.tld:8000
   Post Login URL	Browseable route-through location to pick up the required cookie from Okta Access Gateway and pass along to the Oracle PeopleSoft implementation. For example https://ps-external.<gateway.info>/psp/ps/. Note that the post login URL may contain other elements specific to the implementation.
   Group	The group containing users who can access the PeopleSoft instance.

2. Expand Advanced section and click enable Content Rewrite.

3. Click Next.
   The Attributes pane appears.

   For detailed information on the attribute options, see Application attributesApplication attributes

4. In the Attributes pane, using the icon, create the following attribute:

   Data Source	Field	Type	Name
   IDP	login Note The attribute in your Okta tenant that stores the PeopleSoft username. This can be a different attribute or can use Okta username mapping to create the PeopleSoft username dynamically.	Header	PS_USER

   1. Click the (+) icon

   2. From the Data Source drop down select static.

   3. From the Field drop down select login.

   4. From the Type drop down select the appropriate target type, either Header.

   5. In the Name field enter the associated name.
      

   6. Click Okay when the attribute is complete.

   7. Repeat to create any additional attributes.

   Click Done when complete.
   

Configure PeopleCode using the PeopleTools desktop client

Peoplesoft deployments typically support a pre-provided Signon Peoplecode.
In this section we update the code to accept header-based authentication from the PS_USER header.

1. Open the PeopleTools Application Designer.

2. Click File > Open > Definition: Record > Name: FUNCLIB_LDAP >

3. Open FUNCLIB_LDAP

4. Right Click Open > Cancel

5. Right Click LDAPAUTH > View PeopleCode

6. Search for the getWWWAuthConfig() function.
   Change:
   &defaultUserId = "";
   to:
   &defaultUserId = "PUBUSER";

7. Search for the OAMSSO_AUTHENTICATION() function,
   change the header value from OAM_REMOTE_USER to PS_USER

8. Click File > Save.

Configure PeopleSoft using the PeopleSoft web portal

1. Navigate to the PeopleSoft Web Portal and sign in as the PeopleSoft super user.

2. From the Main Menu select PeopleTools > Security > Security Objects > Signon PeopleCode > [+] button.

3. Select the Signon PeopleCode page.

4. Enable the OAMSSO_AUTHENTICATION function, and click Save.

5. Add a default user profile to PeopleSoft

   1. From the Main Menu navigate to PeopleTools > Security > User Profiles > User Profiles > Add a New Value.

   2. Select the General tab.

      Create user: PS_USER with Password: <password>.
      

   3. Select the ID Tab.

   4. Set ID type to none.
      
      

   5. Click Save.

6. Configure the web profile

   1. From the Main Menu navigate to PeopleTools > Web Profile > Web Profile Configuration > Search > PROD > Security.
      

      

      Note

      If Public Users section is populated note the User ID.

   2. Set the following fields:
      

      Section	Field	Value
      Main PIA	Use HTTP Same Server	Unchecked
      Public Users	User ID	PS_USER
      Public Users	Password	Matching previously created user
      Public Users	Allow Public Access	Checked

   3. Click Save.

7. Set default proxy address

   1. From the Main Menu navigate to PeopleTools > Web Profile > Web Profile Configuration > Search > PROD > Virtual Addressing.

   2. Set the following fields:
      

      Section	Field	Value
      Default Addressing	Protocol	https
      Default Addressing	Name	FQDN of the PeopleSoft instance For example: ps-external.<gateway.info>.
      Default Addressing	Port	443
      Public Users	Allow Public Access	Checked

   3. Click Save.

8. Restart PeopleSoft.

Test the PeopleSoft Application

1. Select IDP Initiated from the drop down menu associated with the application.
   

   

   Note

   If you are using an SP initiated test, you will need to test from another browser tab and not from the SP Initiated option.
   PeopleSoft requires a landing page for SSO to function correctly. IDP initiated handles this by sending the Post Login URL, SP Initiated does not.

   

   Note

   Your Okta tenant administrator may need to assign the application to you.
   
   In addition, if you do not already have an active session for Okta open in your browser, you may be prompted to log in to your Okta account and provide credentials.

2. Verify that you are logged into Oracle PeopleSoft correctly.

See also

• For information about the generic header application please see Add a generic header application.
• For information about the sample header application please see Add a sample header application.
• For information on the sample policy application please see Add a sample policy application.
• Add or review application essential settings. For more details see About application essentials and Manage application essentials.
• Add application behaviors. For details and examples of behaviors see About application behaviors.
• Add fine grained policy to further protect resources. An overview of user policy can be found in About application policy.
  For details and examples of policy see Manage application policy .
• Extend existing policy using Custom configuration, see Advanced Access Gateway Policy.
• Define one or more certificates for use with this application. See Configure certificates.
• Add supplemental database or LDAP based data stores. For more information see Administer data stores.