CON9205 Securing Your PeopleSoft Integration Infrastructure...Node - – External Node...

10/4/2012

1

Copyright © 2012, Oracle and/or its affiliates. All rights reserved.2

CON9205Securing Your PeopleSoft Integration Infrastructure

Greg Kelly - PeopleSoft Strategy - PeopleTools

Keith Collins – PeopleSoft Development -

PeopleTools


Program Agenda

� History

� Early 8.x Integration

� PeopleSoft as Consumer

� PeopleSoft as Producer/Provider

� SAML

10/4/2012

2


Safe Harbor Statement

The following is intended to outline our general product

direction. It is intended for information purposes only, and may

not be incorporated into any contract. It is not a commitment to

deliver any material, code, or functionality, and should not be

relied upon in making purchasing decisions. The development,

release, and timing of any features or functionality described for

Oracle’s products remains at the sole discretion of Oracle.


History

10/4/2012

3


Integration Methods

� Message Agent

� Direct SQL

� Application Messaging

� Component Interface


PeopleTools 8.x Integration

10/4/2012

4


Web Service History

� Prior to PeopleTools 8.48

– HTTPS

– Node Password

� Resource Intensive


PeopleSoft Consumer and Producer Overview

10/4/2012

5


Producer and Consumer Flow- Producer

- Provider

- Inbound

- Consumer

- Outbound


Setup and Configuration

� Default setup - Gateway

– Gateway Properties

� sign-on

� user/ password assigned to node(s)

– Low privilege

Gateway

10/4/2012

6


Gateway Setup


Gateway Setup - Password

Prior to

PeopleTools 8.53

10/4/2012

7


Gateway Setup - Node


PeopleSoft as Consumer

10/4/2012

8


Overview

� CONSUMER:

� Order of Security Options:

– Node

– Routing

� Standard Service

� REST Service


Nodes - PeopleSoft as ConsumerPIA Node

� PeopleSoft Node (Target Node is another PeopleSoft System):

� Node Type PIA

� Authentication Option:

– Password,

– Certificate - required to build the PSFT Token

� Default UserID - Not Used

� Non-Repudiation

� Connectors: Connector Type - PSFTTARGETPIA Node

10/4/2012

9


Nodes - PeopleSoft as ConsumerPIA Node


Nodes - PeopleSoft as ConsumerExternal Node

� External Node (Target Node is NOT PeopleSoft System):

� Node Type: External

– Default userID

– External userID

– External Password

10/4/2012

10


Nodes - PeopleSoft as ConsumerExternal Node


Nodes - PeopleSoft as Consumer� WS-SECURITY:

– SAML Token - options

� Encrypted, (all, body, header)

� use Default UserID (default is logged on userID)

– User Name Token - options

� Encrypted,

� digitally signed,

� use External User ID (default is default user ID)

� Connectors:

– Connector Type - any but PSFTTARGET

** Node type determines security options **

10/4/2012

11


Node – WS-Security


Routing - PeopleSoft as Consumer

� Target Node defined as Node Type PIA

– (no security options)

� Target Node defined as Node Type External

– Parameter tab - ws-security link: select security override checkbox to

change security options from what is on node

– SAML Token - options Encrypted, use Default UserID (default is logged on

userID)

– User Name Token - options Encrypted, digitally signed, use External User

ID (default is default user ID)

10/4/2012

12


Routing


WS-Security

10/4/2012

13


WS-Security Options


Service Operation - PeopleSoft as Consumer

� Service Operation **

– No Permissions Needed

– No Require validation

– No user/ password check box required

� Exclude PSFT Token (Service Configuration) WHY?

** the reason why these are not hidden as routing directionality in this

case determines (provider/consumer)

“

10/4/2012

14



REST - PeopleSoft as Consumer

� Node -

– External Node WADL_Node (Target Node is NOT PeopleSoft System):

Node Type: External

– No other Information is/ should be used as this is a node used for ALL

REST Consume Service Operations

CON9205 Securing Your PeopleSoft Integration Infrastructure...Node - – External Node...

Documents

Transcript of CON9205 Securing Your PeopleSoft Integration Infrastructure...Node - – External Node...