PeopleSoft Sign In
This section discusses:
PeopleSoft sign in process.
Directory server integration.
Authentication and Signon PeopleCode.
The most common direct sign in to the PeopleSoft database is the application server sign in.
These are the basic steps that are taken when the application server signs in to the database:
The application server starts and uses the connect ID and user ID specified in its configuration file (PSAPPSRV.CFG) to perform the initial connection to the database.
The server performs a SQL Select statement on the PeopleTools security tables.
After verifying the connect ID, the application server performs a Select statement on PeopleTools security tables, such as PSOPRDEFN, PSACCESSPROFILE, and PSSTATUS. Using these tables, the application server authenticates the user and gathers such items as the user ID and password, symbolic ID, access ID, and access password. After the application server has the required information, it disconnects.
The server reconnects using the access ID.
When the system verifies that the access ID is valid, the application server begins the persistent connection to the database that all PeopleSoft Pure Internet Architecture and Microsoft Windows three-tier clients use to access the database. Typically, the users signing in using a Microsoft Windows workstation are developers using PeopleSoft Application Designer.
Note: A Microsoft Windows workstation attempting a two-tier connection uses the same process as the application server.
PeopleSoft recommends that all connectivity be made through either a three-tier Microsoft Windows client or through the browser. A two-tier connection is not necessary other than for the application server, PeopleSoft Process Scheduler, or for a user who will be running upgrades or PeopleSoft Data Mover scripts.
Signon PeopleCode does not run during a two-tier connection, so maintaining two-tier users in a directory server is not supported.
PeopleSoft recognizes that your site uses software produced by numerous vendors, and each different product requires security authorizations for users. Most of these products adhere to the model that includes user profiles and roles (or groups) to which users belong. PeopleSoft enables you to integrate your authentication scheme for the PeopleSoft system with your existing infrastructure. You can reuse user profiles and roles that are already defined within an LDAP directory server.
Organizations typically store user profiles in a central repository that serves user information for all of the programs that require it. The central repository is typically an LDAP directory server.
A directory server enables you to maintain a single, centralized user profile that you can use across all of your PeopleSoft and non-PeopleSoft applications. This approach reduces redundant maintenance of user information stored separately throughout your enterprise, and it reduces the possibility of user information getting out of synchronization.
You always maintain permission lists and roles by using PeopleTools Security. However, you can maintain user profiles in PeopleTools Security or with an external directory server.
You can store PeopleSoft passwords in the PSOPRDEFN PeopleTools table. You can also store and maintain user passwords and the rest of the user profile data in an LDAP directory server. PeopleSoft applications retrieve the information stored in an external directory server using a combination of the User Profiles component interface and Signon PeopleCode.
If you decide to reuse existing user profiles stored in a directory server, you don’t need to perform dual maintenance on the two copies of the user data—one copy in the LDAP server and one copy in PSOPRDEFN. PeopleSoft applications ensure that the user information stays synchronized. If you configure LDAP authentication, you maintain your user profiles in LDAP and not in PeopleTools Security.
Signon PeopleCode copies the most recent user profile data from a directory server to the local database whenever a user signs in. PeopleSoft applications reference the user information stored in the PeopleSoft database rather than making a call to the directory server each time the system requires user profile information. Signon PeopleCode ensures the local database has a copy of the most current user profile based on the information in the directory. Each time the user signs in, Signon PeopleCode checks to see to see if the row in the user profile cache needs to be updated.
The sign in process occurs as follows:
The user enters a user ID and password on the sign in page.
PeopleTools attempts to authenticate the user against the PSOPRDEFN table.
Signon PeopleCode runs.
The default Signon PeopleCode program updates the user profile based on the current data stored in the directory server.
You can use Signon PeopleCode and business interlinks to synchronize the local copy of the user profile with any data source at sign in time; the program that ships with PeopleTools is designed to synchronize the user profile with an LDAP directory server only. Because the sign in program is PeopleCode, you can modify it, incorporating any of the PeopleSoft integration technologies that PeopleCode supports.
To edit the Signon PeopleCode program, you open the LDAP function library record and use the PeopleCode editor to customize the PeopleCode programs. Developers who modify the Signon PeopleCode program need to have a good understanding of PeopleCode and the integration features it offers.
Note: Only users who sign in through PeopleSoft Pure Internet Architecture or three-tier Microsoft Windows clients take advantage of Signon PeopleCode.
PeopleSoft Pure Internet Architecture uses browser cookies for seamless single signon across all PeopleSoft nodes. A node refers to a database and the application servers connected to it. For example, a user can complete a PeopleSoft Human Resources transaction, and then click a link for a PeopleSoft Financials transaction without reentering a password. Single signon is especially important to the PeopleSoft Interaction Hub, which aggregates content from several different applications and data sources into a single, integrated display.