Enable Single Sign-On for PeopleSoft

To implement single sign-on in Oracle's PeopleSoft, you need to create a user profile, change the PeopleCode function, and enable it as a single sign-on.

Create a User Profile

In the Oracle's PeopleSoft application, you create a new user profile and associate a low security role such as PeopleSoft User.

  1. As the administrator, sign in to a PeopleSoft module.
  2. In the right menu, select PeopleTools, select Security, select User Profiles, and then click Add a New Value.
  3. In the User ID field, enter IDCSPSFT (in all uppercase), and then click Add.
  4. On the User Profiles page, click the General tab, and perform the following actions:
    1. Enter and confirm your new password.
    2. Select SYSADM1 for the Symbolic ID.
  5. Click the ID tab, and select None in the ID Type field.
  6. Click the Roles tab, and enter PeopleSoft User as the role name in the User Roles section.
  7. Click Save.

Modify the Web Profile

You can modify the property settings of any web profile by using Oracle's PeopleSoft Web Profile Configuration component, which includes the portal security page. You can use the component to configure PeopleSoft to allow public access.

  1. As the administrator, sign in to a PeopleSoft module.
  2. In the right menu, select PeopleTools, select Web Profile, and then click Web Profile Configuration.
  3. On the Web Profile Configuration page, click Search and then click the corresponding web profile for your PeopleSoft environment.
  4. On the Web Profile Configuration page, click the Security tab.
  5. In the Security tab, click Allow Public Access, select IDCSPSFT for the User ID, and provide the same password that you used when you created the user profile.
  6. Click Save.

Change the PeopleCode Function

Modify the default user ID with the user ID that you defined in the getWWWAuthConfig() function of the web profile.

  1. In Oracle's PeopleSoft Application Designer, open the FUNCLIB_LDAP record.
  2. Right-click the LDAPAUTH field and select View PeopleCode.
  3. In the getWWWAuthConfig() function, replace the value that is assigned to the &defaultUserId with IDCSPSFT, and then save the function definition.
    [ 
    Function getWWWAuthConfig()
    	&defaultUserId = "IDCSPSFT";
    End-Function
    ]
  4. Search and edit the OAMSSO_AUTHENTICATION() function, change the header value from OAM_REMOTE_USER to PSUSER, and then save the function definition.

Enable the Signon PeopleCode

Use the Signon PeopleCode page to enable the OAMSSO_AUTHENTICATION function, which is the Signon PeopleCode for Oracle Access Manager single sign-on.

  1. As the administrator, sign in to a PeopleSoft module.
  2. In the right menu, select PeopleTools, select Security, select Security Objects, and then select Signon PeopleCode.
  3. On the Signon PeopleCode page, enable the OAMSSO_AUTHENTICATION function, and click Save.

Modify the Oracle WebLogic Server Configuration

Oracle WebLogic Server users must disable basic authentication.

  1. Access the Oracle WebLogic Server and edit the config.xml file, located in the <PIA_HOME>\webserv\peoplesoft\config folder.
  2. Add the <enforce-valid-basic-auth-credentials>false</enforce-valid-basic-auth-credentials> element to the <security-configuration> element.

    Your code should look like this:

    [
    <security-configuration xmlns:xacml="http://www.bea.com/ns/weblogic/90/security/xacml">
    	<name>peoplesoft</name>
    	<realm>myrealm</realm>
    	 .......
    	<credential-encrypted>{3DES}dOa1fqoTbX1GUq7RQPhDNDgkWkIZhzWVlEXkmSMbt9Uuf1Ff?VZIrJC</credential-encrypted>
    	<enforce-valid-basic-auth-credentials>false</enforce-valid-basic-auth-credentials>
    </security-configuration>
    ]
  3. Restart Oracle WebLogic Server.