Download presentation
Presentation is loading. Please wait.
1
Integrating PeopleSoft and Oracle Collaboration Suite into uPortal June 13, 2005 Summer JA-SIG Baltimore, Maryland
2
San Luis Obispo, CA Information Technology Services Darren Kraker Ken Sperow
3
CAS implementation PeopleSoft HR PeopleSoft Financials Oracle Collaboration Suite calendar email Integration as uPortal channels (IFrame) PeopleSoft Self Service links Oracle Portlets Overview
4
History PeopleSoft Impl / Integration OCS Impl /Integration Issues Questions Agenda
5
Cal Poly Cal Poly – Who are we? San Luis Obispo 100 Years Old 20,000 Students Polytechnic University Engineering, Agriculture, Architecture, Science “Learn by Doing”: technical and professional curricula with arts and humanities.
6
Live with uPortal 1.6 Fall 2001 UNICON assisted LDAP implementation Motivated to implement SSO Campus introduction PeopleSoft HR Politically / strategically required for Enterprise Portal History
7
System Overview
10
CAS servers Central Authentication Server 2.0 Servers: Sun Netra T1 500 mhz, 1 GB RAM Solaris 9 Three servers high availability Cisco switches provide failover Technical Specifications
11
LDAP servers Oracle Internet Directory: 9.2.0.6 Servers: Sun Netra T1 500 mhz, 1 GB RAM Solaris 9 Three servers for high availability Cisco hardware provides load balancing and failover Technical Specifications
12
uPortal server uPortal 2.1.4 One server: Sun E450 4 - 400 mhz, 4 GB RAM Solaris 9 Planned upgrade to 2.5.X Fall Technical Specifications
13
Web Login Service User Web Application 1 User requests access 2 Browser redirected to Login Service 6 Application validates ticket 9 User gets access 4 Login Service provides ticket 5 Ticket provided to application 7 Username provided to application 8 Application decides if user is authorized User interaction No user interaction CAS Authentication Flow 3 Web Login Service recognizes user session
14
Making PeopleSoft use a central authentication service Evaluate known solutions Integration with CAS PeopleSoft
15
Accept a ticket and then validate it Make PeopleSoft accept a CAS ticket parameter as part of login Implement PeopleCode calls Java client CAS java client performs the CAS validation PeopleSoft - Implementation
16
Function VALIDATE_TICKET() /* rmatteso@calpoly.edu 20030122 Trusted Authentication Impl */ If %PSAuthResult = False Then &validator = GetJavaClass("PSCASClient"); /* retrieve fullUrl and ticket value from HTTP request */ &fullUrl = %Request.FullURI | "?" | %Request.QueryString; &ticket = %Request.GetParameter("ticket"); If &ticket <> "" Then /* have a ticket, load CAS client class and attempt to validate */ &cas_result = &validator.validate(&fullUrl, &ticket); If &cas_result <> "" Then /* ResultDocument (3rd parm) seems to be ignored by front end */ SetAuthenticationResult( True, &cas_result, "", False); &authMethod = "SLO"; Return; End-If; /* got username back from CAS */ End-If; /* got ticket */ End-If; /* user not yet authenticated */ End-Function; PeopleSoft - Implementation
17
URL u = new URL( validateURL + "?ticket=" + ticket + "&service=" + service); BufferedReader in = new BufferedReader( new InputStreamReader(u.openStream())); if (in == null){ return null; }else { String line1 = in.readLine(); String line2 = in.readLine(); if (line1.equals("no")){ return null; }else{ // make fully qualified username ("jdoe@calpoly.edu") // into PSFT username ("jdoe") // into PSFT username ("jdoe") return line2;.substring(0, line2.indexOf('@')).toUpperCase(); }} 17 PSCASClient.java
18
Configure SLO_AUTH hook in PeopleSoft Sign-on Page (Exec Auth Fail) PeopleSoft - Implementation
19
Set Exec Auth Fail PeopleCode
20
Customize HTML files now that original sign-on page is obsolete index.html Logout_page.html (new) Signin_alternate (new) Signon.html signonError.html (new) Cookiesrequired.html Modify configuration.properties to point to new HTML files Install CAS client jar, class files PeopleSoft - Implementation
21
It’s never that easy... Service URL we use for CAS had to contain userid/pwd parameter PeopleSoft cookies After PTools upgrade (2003) HTTP GET no longer worked, POST required Issues
22
The next step... deep linking More direct and intuitive method for accessing services Add embedded PeopleSoft content within an IFrame using nested URL uPortal Integration
25
Oracle Collaboration Suite (OCS) What is OCS? “Oracle Collaboration Suite is an integrated database-based email, voicemail, calendaring, web-based meeting, files and search capability that is accessible via all of the interfaces that you currently know and use.”
26
uPortal entry point for Email and Calendar Making OCS use a central authentication service Integration with CAS Oracle Collaboration Suite (OCS) Objectives
27
Logical Architecture
28
Hardware - Illustration Tier 1 : Infrastructure 2 Node (Red Hat Cluster Server) Dell Power Edge 2650 2 * 2.8 GHz 4 GB RAM 2 * 36GB HD 3* GIG-E NIC HBA ’ s (to EMC) Tier 2 : Application MT 4 Nodes + BI 1 Node Tier 3 : Database 4 Node Oracle RAC 9.2.0.4 Dell Power Edge 6650 4 * 2.8 GHz 16 GB RAM 2 * 36GB HD 4* GIG-E NIC 9iRAC HBA ’ s (to EMC) Dell Power Edge 2650 2 * 2.8 GHz 2 GB RAM 2 * 36GB HD 2* 73 GB HD 2* GIG-E NIC HBA ’ s (to EMC) Tier 2 : Calendar 2 Node Dell Power 6650 4 * 2.8 GHz 16 GB RAM 2 * 36GB HD 2* GIG-E NIC Storage: EMC DMX1000
29
OCS, Central Authentication & uPortal OCS DB 9.2.0.5 OCS Middle Tier BI DB Oracle BI Middle Tier OCS Infrastructure (Shared between OCS and BI) Central Authentication Services Corporate Portal (uPortal) Oracle Portal Web Calendar Outlook Other Campus Applications (SCT, PeopleSoft Etc..)
30
Oracle Collaboration Suite (OCS) Integration Objectives uPortal entry point for Email and Calendar SSO uPortal channels - simplified view of Email and Calendar Ability to render Oracle Portlets within uPortal
31
OCS Integration - Solutions uPortal entry point ---> CAS-enable OCS uPortal channels ---> Custom channels - Oracle’s APIs? -Query DB ---> Pre-existing Oracle Portlets Oracle Portlets “External JSP” Direct URL
32
CAS Enabling OCS Oracle SSO Web based applications Integrates with external login source Solution required the use of cookies All code written in PL/SQL Requires Oracle Internet Directory (OID) Users must be populated in OID FERPA
35
Web Login Service User Oracle Web Application 1 User requests access 2 Browser redirected to Oracle SSO 12 Application validates ticket 15 User gets access 6 Login Service provides ticket for OSSO 11 OSSO Ticket provided to application 13 Username provided to application 14 Application decides if user is authorized 5 Web Login Service authentication required Oracle SSO 8 OSSO validates ticket 9 Username provided to OSSO 4 Browser redirected to Web Login Service 3 Oracle SSO authentication required 7 Ticket provided to OSSO 10 Oracle SSO ticket provided for application
36
OCS - Rendering Oracle Portlets External JSP Makes a portlet available through a JSP Not well documented Is not supported in a “Partial SSL configuration” uPortal Inline Frame points to external JSP
37
OCS - Rendering Oracle Portlets Direct Access URL Access to Oracle Portal page through user-friendly URL Create Oracle Portal Page No header/border/template Put portlet on page Attach stylesheet to page Point uPortal Inline frame to URL
39
OCS - Rendering Oracle Portlets (cont.) Authorization Control access to uPortal channels through Groups?? Needed way to restrict access to Oracle page Solution: Pull groups tables into OID nightly
40
OCS Integration Issues ISSUE: When users subscribe to more than one channel containing Oracle Portlet content, the channel may respond with browser error messages resulting in no content displayed. ROOT CAUSE: This problem is a result of multiple uPortal channels attempting to establish an Oracle Portal session at the same time.
41
OCS Integration Issues (cont.) Possible Solutions Introduce a Delay with Consecutive Page Requests. Introduce an Intermediate Page at CAS Login. Send all requests through a single threaded servlet.
42
CAS Enabling OCS Resources Oracle9iAS Single Sign-On Administrator's Guide Release 2 (9.0.2) Part Number A96115-01 Chapter 5 - Third-Party Single Sign-On Chapter 8 - Customizing the Single Sign-On Interface Metalink Documents: Note:191299.1 Note:244557.1 Note:191345.1
43
PeopleSoft Applications: HR total accounts: 2,500 (admin accounts: 700) Concurrent users average: 22 (high 75) Finance total admin accounts: 700 Concurrent users average: 23 (high 95) Single Sign-on Unique Users per month: Approx: 12,000 - 28,000 Average: 20,000 (including summer quarters) Single Sign-on Unique users per DAY Maximum: 14,000 Average: 5,700 Single Sign-on Concurrent users of the Portal: High: 2,800 Statistics on Usage
44
Single clicks to HR PRD and FS PRD per month 2,200 – 6,100 Average: 4,200 (including summer quarters) Single Sign-on Outages Unplanned: Less than 1/2 hour per month Planned: 4 hours/month Updates, new application rollouts Users CAN authenticate to PS and other applications Statistics on Usage
45
CAS http://www.yale.edu/tp/cas/ This Presentation, Cal Poly’s documents and code on CAS Enabling OCS, and PeopleSoft Single Sign-on Guides http://myportal.calpoly.edu/downloads PeopleBooks References
46
Questions? Darren Kraker Software Engineer dkraker@calpoly.edu Ryan Matteson Web Architect and Info Security Manager rmatteso@calpoly.edu Melinda Rojo Oracle Portal Integration mrojo@calpoly.edu Ken Sperow Software Engineer ksperow@calpoly.edu Dan Malone Oracle SSO dmalone@calpoly.edu
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.