Web Services Overview
A web service provides external applications a web-services-based means of accessing PeopleSoft data. Web services are implemented through the PeopleTools Integration Broker (IB) framework. The Integration Gateway web application receives all the web service requests and forwards them to the Integration Engine (application server) for processing.
Image: Using Reporting Web Services with client application
This diagram illustrates how the web service is used with external applications.
This process occurs when you use a reporting web service with a client application:
The client application invokes one of the service operations from the API (application programming interface) published by PeopleSoft application.
PeopleSoft Integration Broker receives the service operation request and validates the WS security credentials.
The request is passed to Application Server for processing. The Application Server authenticates the service operation and routes it to the respective handler. The handler executes the PeopleCode and sends the response to Integration Gateway.
Integration Broker sends the response to the client application.
WS-Security
Web services security (WS-Security) is implemented on the integration gateway for inbound and outbound integrations with third-party systems. WS-Security adds a layer of security to sending and receiving service operations by adding a UsernameToken that identifies the sender and authenticates its identity to the web service provider. On inbound processing, PeopleSoft Integration Broker can process requests received from integration partners that contain WS-Security UsernameToken and passwords in the SOAP (Simple Object Access Protocol ) header of the inbound SOAP request. The user name and password should be encrypted via PKI (public key infrastructure).
Reporting Web Services are delivered as restricted services, which means that sensitive fields of the service definition and of associated service operations appear in read-only mode. Each service operation is delivered with WS Security Req (required) Verification set to Encrypt and Digitally Sign or HTTPS.
See Implementing Web Services Security.
As delivered, reporting web service operations must be either encrypted and digitally signed or sent over HTTPS. Customers can change the security settings if desired.
Integration Broker (IB) authenticates the request in the following way:
|
Message Sent Over |
Header Attributes |
Result |
|---|---|---|
|
HTTPS |
PS-Token is present in the HTTP header. |
IB authenticates message. |
|
HTTPS |
User ID and password are present in the SOAP Header. |
IB authenticates message. |
|
HTTPS |
Message is encrypted and digitally signed. |
IB authenticates message. |
|
HTTP |
PS-Token is present in the HTTP header. |
IB rejects message. |
|
HTTP |
User ID and password are present in the SOAP header. |
IB rejects message. |
|
HTTP |
Message is encrypted and digitally signed. |
IB authenticates message. |
Reporting web service operations require a user ID and password. If a user ID and password are not supplied in the SOAP header, Integration Broker rejects the request.
If the request is received from another PeopleSoft system, the user ID associated with the requesting PeopleSoft node is used when the SOAP header does not specify a user name.
When a request is received, PeopleSoft Integration Broker validates the user ID and password in the SOAP header to determine whether the user has the proper security to invoke the service operation requested.