Understanding PeopleSoft Integration Broker Security Processing
This section discusses:
Outbound PeopleSoft Integration Broker security processing.
Inbound PeopleSoft Integration Broker security processing.
This section discusses security processing for outbound integrations from PeopleSoft Integration Broker.
PeopleSoft Integration Broker applies the following security elements to outbound integrations:
Note: The elements are discussed in the order in which the system applies them.
Field or Control |
Definition |
---|---|
User authentication |
If the outbound service operation originates from a PeopleSoft (PIA) node, the user authentication process attaches the PeopleSoft authentication token to the service operation. If the service operation originates from an external (External) node, the model determines the user ID for the service operation and passes the information to the WS-Security framework so it can generate the UsernameToken for the outbound transaction. |
Nonrepudiation |
Nonrepudiation processing is performed. |
Client authentication |
Client authentication secures the connection between the PeopleSoft application server and the integration gateway on outbound transactions. You use digital certificates to secure this connection. |
WS-Security |
Outbound WS-Security processing includes generating the UsernameToken for the WS-Security SOAP header. This process may also involve encrypting and digitally signing the data, if specified in the WS-Security parameters on the node. |
SSL/TLS encryption |
SSL/TLS encryption on outbound integrations establishes a secure web server connection with an integration partner. |
This section discusses inbound integration broker security processing.
PeopleSoft Integration Broker applies the following security elements to inbound integrations:
Note: The elements are discussed in the order in which the system applies them.
Field or Control |
Definition |
---|---|
SSL/TLS encryption |
If the inbound service operation is encrypted, the integration gateway decrypts the data. |
WS-Security |
On inbound transactions, WS-Security processing includes validating a digital signature (if required), decrypting user information (if required), and passing the extracted user information to the integration engine for authentication. |
Nonrepudiation |
Nonrepudiation processing is performed. |
User authentication |
The system determines and validates the user ID associated with the inbound service operation. |
Node authentication |
If a node password is employed, the system validates that the inbound service operation contains the node password. If certificate authentication is employed, the system authenticates the node certificate. |
Permission list validation |
The system matches the user ID passed in with the service operation to the appropriate permission list. |