Add an Oracle PeopleSoft Application
Overview
The purpose of this tutorial is to walk through the process of setting up an Oracle PeopleSoft application with Okta through the Access Gateway AdminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page. UI.
Prerequisites
- Access Gateway is installed and configured for use.
See Setup Access Gateway Using an OVA Image - Access Gateway has been configured to use your Okta tenant as iDPAn acronym for Identity Provider. It is a service that manages end user accounts analogous to user directories such as LDAP and Active Directory, and can send SAML responses to SPs to authenticate end users. Within this scenario, the IdP is Okta..
See Configure your Okta tenant as an Identity Provider for more information about configuring your Okta tenant as an idP. - You have administrator rights on your Okta tenant and can assign applications to users, and create groupsGroups allow you to organize your end users and the apps they can access. Assigning apps to large sets of end users is made easier with groups..
- You have access to the PeopleTools desktop clientEssentially, a client is anything that talks to the Okta service. Within the traditional client-server model, Okta is the server. The client might be an agent, an Okta mobile app, or a browser plugin. .
- You have access to the PeopleSoft web portal and can access it as super user.
Create the Application in Access Gateway
-
Navigate to your Access Gateway InstanceAn instance, or computer instance, is a virtual machine (VM) or individual physical computer, used to host a software appliance..
Note
Access Gateway creates a default self-signed certificate. For non-production deployments, this will be appropriate. Proceed past any security exceptions raised by your browser. For production deployments, a valid certificate can be installed and these exceptions will not be needed.
-
In the Access Gateway Admin UI, login as an administrator.
-
Click the Applications tab.
-
Click + Add to add a new application.
-
Select Oracle PeopleSoft from the left column menu, and click Create.
Note
Please see the Supported Applications section in Okta Access Gateway Supported Technologies support matrix for supported applications and software versions.
Configure the PeopleSoft Application
To configure the Access Gateway PeopleSoft application.
- In the Essentials pane enter:
Field Value Label The name of the application, as shown in your Okta Tenant.
For example:PeopleSoft SSOAn acronym for single sign-on. In a SSO system, a user logs in once to the system and can access multiple systems without being prompted to sign in for each one. Okta is a cloud-based SSO platform that allows users to enter one name and password to access multiple applications. Users can access all of their web applications, both behind the firewall and in the cloud, with a single sign in. Okta provides a seamless experience across PCs, laptops, tablets, and smartphones..Public DomainA domain is an attribute of an Okta organization. Okta uses a fully-qualified domain name, meaning it always includes the top-level domain (.com, .eu, etc.), but does not include the protocol (https). The externally facing URL of the PeopleSoft application.
For example: https://ps-external.<gateway.info>Note
Note that <gateway.info> must match the PeopleSoft domain, which is in the Protected Web Resource section as domain.tld.
Protected Web Resource The URL and port combination of the Oracle PeopleSoft Implementation being protected.
For example: http://psft-appAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in..domain.tld:8000Post Login URL Browseable route-through location to pick up the required cookie from Okta Access Gateway and pass along to the Oracle PeopleSoft implementation.
For example https://https://ps-external.<gateway.info>/psp/ps/.
Note that the post login URL may contain other elements specific to the implementation.Group The group containing users who can access the PeopleSoft instance. -
Expand Advanced section and click enable Content Rewrite.
-
Click Next.
The Attributes tab displays.For detailed information on the attribute options, see Application Attributes .
-
In the Attributes tab, using the
icon, create the following attribute:Data Source Field Type Name IDP login
Note
The attribute in your Okta tenant that stores the PeopleSoft username. This can be a different attribute or can use Okta username mapping to create the PeopleSoft username dynamically.
Header PUBUSER - Click the (+) icon
-
From the Data Source drop down select static.
-
From the Field drop down select login.
-
From the Type drop down select the appropriate target type, either Header.
-
In the Name field enter the associated name.
-
Click Okay when the attribute is complete.
-
Repeat to create any additional attributes.
Click Done when complete.
Configure PeopleCode using the PeopleTools desktop client
- Open the PeopleTools Application Designer.
-
Click File > Open > Definition: Record > Name: FUNCLIB_LDAPLightweight Directory Access Protocol (LDAP) is a lightweight client-server protocol for accessing directory services, specifically X.500-based directory services. LDAP runs over TCP/IP or other connection oriented transfer services. >
-
Open FUNCLIB_LDAP
-
Right Click Open > Cancel
-
Right Click LDAPAUTH > View PeopleCode
-
Search for the getWWWAuthConfig() function.
Change:
&defaultUserId = "";
to:
&defaultUserId = "PUBUSER"; -
Search for the OAMSSO_AUTHENTICATION() function,
change the header value from OAM_REMOTE_USER to PUBUSER -
Click File > Save.
Configure PeopleSoft using the PeopleSoft web portal
-
Navigate to the PeopleSoft Web Portal and login as the PeopleSoft super user.
-
From the Main Menu select PeopleTools > Security > Security Objects > Signon PeopleCode > [+] button.
-
Select the Signon PeopleCode page.
-
Enable the OAMSSO_AUTHENTICATION function, and click Save.
-
Add a default user profile to PeopleSoft
-
From the Main Menu navigate to PeopleTools > Security > User Profiles > User Profiles > Add a New Value.
-
Select the General tab.
Create user: PUBUSER with Password: <password>.
-
Select the ID Tab.
-
Set ID type to none.
-
Click Save.
-
-
Configure the web profile
-
From the Main Menu navigate to PeopleTools > Web Profile > Web Profile Configuration > Search > PROD > Security.
Note
If Public Users section is populated note the User ID.
-
Set the following fields:
Section
Field Value Main PIA use HTTP Same Server Unchecked Public Users User ID PUBUSER Public Users Password Matching previously created user Public Users Allow Public Access Checked -
Click Save.
-
-
Set default proxy address
-
From the Main Menu navigate to PeopleTools > Web Profile > Web Profile Configuration > Search > PROD > Virtual Addressing.
-
Set the following fields:
Section
Field Value Default Addressing Protocol https Default Addressing Name FQDNA fully qualified domain name (FQDN) is the complete domain name for a specific computer, or host, on the internet. of the PeopleSoft instance
For example: ps-external.<gateway.info>.Default Addressing Port 443 Public Users Allow Public Access Checked -
Click Save.
-
-
Restart PeopleSoft.
Test the PeopleSoft Application
-
Select IDP Initiated from the drop down menu associated with the application.
Note
If you are using an SPAn acronym for service provider. Generally, an SP is a company, usually providing organizations with communications, storage, processing, and a host of other services. Within Okta, it is any website that accepts SAML responses as a way of signing in users, and has the ability to redirect a user to an IdP (e.g., Okta) to begin the authentication process. initiated test, you will need to test from another browser tab and not from the SP Initiated option.
PeopleSoft requires a landing page for SSO to function correctly. IDP initiated handles this by sending the Post Login URL, SP Initiated does not.
Note
Your Okta tenant administrator may need to assign the application to you.
In addition, if you do not already have an active session for Okta open in your browser, you may be prompted to log in to your Okta account and provide credentials. - Verify that you are logged into Oracle PeopleSoft correctly.
Next Steps
- Add or review application settings. For more details see Application Settings.
- Add application behaviors. For details and examples of behaviors seeAdminister Behaviors
- Add fine grained policy to further protect resources. An overview of user policy can be found in Application Policy User Overview. For details and examples of policy see Administration User Policy Guide.
- Define one or more certificates for use with this application. See Certificate Management
- Add supplemental database or LDAP based data stores. For more information see Administer DataStores