Single Sign on Process Flow
2
1 2 3 6 4 5 7 8 9 10 11 12 12 a 13 14 14 a 14 b 15 16 17 12 b PS DB 13 14 Browse r Web App Server H T T P S e r v e r Access Manager agent Intercepts URL request Signon PeopleCode PS Page servlet Set Authentication Result Cache objects PS Application server 1 2 6 3 7 Typical Enterprise Single Signon in PeopleSoft Mem Cache Disk Cache BLOB User Context User Repository Policy Repository Other Access manager Resources LDAP (usually) Access Manager and Policy Server L i b e r t y Greg Kelly
-
Upload
chris-kelly -
Category
Documents
-
view
50 -
download
2
Transcript of Single Sign on Process Flow
1
2
3
6
4
5
7
89
10
1112
12
a
13
14
14
a14
b
15
16
17
12
b
PS DB
13
14
Browse
r
Web App Server
H
T
T
P
S
e
r
v
e
r
Access Manager
agent
Intercepts URL
request
Signon
PeopleCode
PS Page servlet
Set
Authentication
Result
Cache
objects
PS Application
server
1
2
6
3
7
Typical Enterprise Single Signon in PeopleSoft
Mem Cache
Disk Cache
BLOB
User Context
User
Repository
Policy
Repository
Other Access
manager
Resources
LDAP(usually)
Access Manager
and
Policy Server
L
i
b
e
r
t
y
Greg Kelly
Process steps
Typical Enterprise Single Signon in PeopleSoft
1 - Browser user requests protected resource (see Note) 11 - PS Page servlet issues JOLT request to PS Application Server with Default User ID and password
2 - Agent intercepts request and checks header payload for SSO related objects. If header is not populated, agent issues challenge page
12 - Signon PeopleCode is triggered to extract PS useer ID
3 - Browser user supplies credentials 12a - Optional 2
nd level authication, vendor supplied Java object
or BI forwards vendor token(s) and PS token to Access Manager
4 - Agent forwards credentials to Access Manager 12b - Access confirms token are still valid
5 - Access Manager confirms authentication 13 - Signon PeopleCode calls SetAuthenticationResult with PS User ID
6 - Agent populates header and issues redirect 14 - PSAPPSRV checks version of required objects, and requests objects if cached version is different or not available available
7 - Browser attempts to access the protected resource 14a - Objects are cached in memory
8 - Agent intercepts request and seeks authorization 14b - Objects are cached to disk
9 - Access Manager confirms authorization to protected resource
15 - Tokens, cookies, requested objects and user profile are serialized and passed back to Page Servlet
10 - Request is passed to application (PS Page servlet) 16 - Page Servlet caches user context in the BLOB cache
17 - Initial page is presented to user’s browser session
Steps 4 and 5: These steps use the user repository
Steps 8 and 9: These steps use the user and the policy repositories
Steps 13 and 14: These steps assume a valid user in the PeopleSoft user repository (PSOPRDEFN)
Note: If the user has been authenticated already, process passes directly from step 1 to step 8.
