Configuring WS-Security for PeopleSoft as a WSRP Producer
The ...peoplesoft\pspc\WEB-INF\ directory on the producer web server contains a server-config.wsdd file, which contains the WSRPBaseService definition plus the following variations. Each one of the variations is associated with a security option:
|
Security Option |
Supported with WebCenters |
Filename |
|---|---|---|
|
1. None |
Yes. |
server-config.wsdd.none |
|
2. UsernameToken in ClearText |
No. |
server-config.wsdd.usernametoken |
|
3. Authentication Token as Username Token with full security |
Not supported out-of-the-box, but can customize. |
server-config.wsdd.fullsecurity |
|
4. UsernameToken, No Password, Full Security |
No. |
server-config.wsdd.untnp |
|
5. SAMLToken Full Security |
No. |
server-config.wsdd.samltoken |
|
6. SAMLToken Full Security Option (timestamp)** |
Yes. |
server-config.wsdd.samltokentimestamp |
|
7. UsernameToken Full Security Option With WSS Response* |
Yes. |
server-config.wsdd.fullsecurityR |
|
8. UsernameToken, No Password Full Security Option With WSS Response* |
Yes. |
server-config.wsdd.untnpR |
|
9. SAMLToken Full Security Option With WSS Response* |
No. |
server-config.wsdd.samltokenR |
|
10. SAMLToken Full Security Option (timestamp) With WSS Response * ** |
Yes. |
server-config.wsdd.samltokentimestampR |
* The response message must be signed and encrypted.
** A PeoplesSoft SAML token request does not contain a timestamp. However PeopleSoft can accept third-party SAML requests that contain timestamps. No configuration on the PeopleSoft system is required.
PeopleSoft applications provide two options for modifying the security constraint on the WSRPBaseService. Which option you should use depends on whether your web server is currently running. If your web server is running, you can modify WSRPBaseService without rebooting the server.
Note: The PS_CFG_HOME\webserv\%DOMAIN_NAME%\ directory contains the redeployWSRP batch file.
See Determining Security Requirements for more information about these security options.
Modifying WSRPBaseService Without Rebooting
To modify WSRPBaseService without having to reboot the web server:
Using the command prompt, change to the directory containing the redeployWSRP file:
cd %PS_CFG_HOME%\webserv\%DOMAIN_NAME%\Enter the command redeployWS <option #>
For example:
redeployWSRP 2This will redeploy WSRPBaseService using UsernameToken in the clear text security option. The web service is undeployed and redeployed dynamically without having to reboot the web server.
Modifying WSRPBaseService and Rebooting
To modify WSRPBaseService if the web server is not up and running:
Using the command prompt, change to the ...\peoplesoft\pspc\WEB-INF directory:
For example:
cd %PS_CFG_HOME%\webserv\%DOMAIN_NAME%\applications\peoplesoft\pspc\WEB-INF\Copy <desired server-config.wsdd.option> to replace the server-config.wsdd file.
Reboot the WSRP Producer Portal web server to allow the newly installed server-config.wsdd file to deploy web services for the producer.