You are on page 1of 46

Integrating PeopleSoft and

Oracle Collaboration Suite into


uPortal

June 13, 2005

Summer JA-SIG
Baltimore, Maryland
San Luis Obispo, CA
Information Technology Services

Darren Kraker
Ken Sperow
Overview
 CAS implementation
 PeopleSoft HR
 PeopleSoft Financials
 Oracle Collaboration Suite
 calendar
 email
 Integration as uPortal channels
(IFrame)
 PeopleSoft Self Service links
 Oracle Portlets
Agenda

 History
 PeopleSoft Impl / Integration
 OCS Impl /Integration
 Issues
 Questions
Cal Poly – Who are we?
 San Luis Obispo
 100 Years Old
 20,000 Students
 Polytechnic
University
Engineering, Agriculture,
Architecture, Science
 “Learn by Doing”:
technical and
professional curricula
with arts and
humanities.
History
 Live with uPortal 1.6 Fall 2001
 UNICON assisted LDAP
implementation
 Motivated to implement SSO
 Campus introduction PeopleSoft
HR
 Politically / strategically
required for Enterprise Portal
System Overview
Technical Specifications
 CAS servers
 Central Authentication Server
2.0
 Servers: Sun Netra T1
 500 mhz, 1 GB RAM
 Solaris 9
 Three servers high availability
 Cisco switches provide failover
Technical Specifications
 LDAP servers
 Oracle Internet Directory: 9.2.0.6
 Servers: Sun Netra T1
 500 mhz, 1 GB RAM
 Solaris 9
 Three servers for high availability
 Cisco hardware provides load
balancing and failover
Technical Specifications
 uPortal server
 uPortal 2.1.4
 One server: Sun E450
 4 - 400 mhz, 4 GB RAM
 Solaris 9
Planned upgrade to 2.5.X Fall
CAS User interaction

Authenticatio Web No user


interaction
Login
n Flow Service

3 Web Login 7
Service Username
recognizes provided
user session to
6 application
Applicatio
4 Login n
Service validates
provides ticket
ticket
1 User requests
access
2 Browser redirected to Login Web 8
User Service
ApplicationApplication
5 Ticket provided to decides if
9 Userapplication
gets access user is
authorized
PeopleSoft
 Making PeopleSoft use a central
authentication service
 Evaluate known solutions
 Integration with CAS
PeopleSoft - Implementation

Accept a ticket and then validate it


 Make PeopleSoft accept a CAS
ticket parameter as part of login
 Implement PeopleCode calls Java
client
 CAS java client performs the CAS
validation
PeopleSoft - Implementation
Function VALIDATE_TICKET()
/* rmatteso@calpoly.edu 20030122 Trusted Authentication Impl */
If %PSAuthResult = False Then
&validator = GetJavaClass("PSCASClient");
/* retrieve fullUrl and ticket value from HTTP request */
&fullUrl = %Request.FullURI | "?" | %Request.QueryString;
&ticket = %Request.GetParameter("ticket");
If &ticket <> "" Then
/* have a ticket, load CAS client class and attempt to validate
*/
&cas_result = &validator.validate(&fullUrl, &ticket);
If &cas_result <> "" Then
/* ResultDocument (3rd parm) seems to be ignored by
front end */
SetAuthenticationResult( True, &cas_result, "",
False);
&authMethod = "SLO";
Return;
End-If; /* got username back from CAS */
End-If; /* got ticket */
End-If; /* user not yet authenticated */
End-Function;
PSCASClient.java
URL u = new URL(
validateURL + "?ticket=" + ticket + "&service=" + service);
BufferedReader in = new BufferedReader(
new InputStreamReader(u.openStream()));
if (in == null){
return null;
}else {
String line1 = in.readLine();
String line2 = in.readLine();
if (line1.equals("no")){
return null;
}else{
// make fully qualified username ("jdoe@calpoly.edu")
// into PSFT username ("jdoe")
return line2;.substring(0, line2.indexOf('@')).toUpperCase();
}
}
17
PeopleSoft - Implementation
 Configure SLO_AUTH hook in
PeopleSoft Sign-on Page (Exec Auth
Fail)
Set Exec Auth Fail PeopleCode
PeopleSoft - Implementation
 Customize HTML files now that
original sign-on page is obsolete
• index.html
• Logout_page.html (new)
• Signin_alternate (new)
• Signon.html
• signonError.html (new)
• Cookiesrequired.html
 Modify configuration.properties to
point to new HTML files
 Install CAS client jar, class files
Issues

It’s never that easy . . .


 Service URL we use for CAS had to
contain userid/pwd parameter
 PeopleSoft cookies
 After PTools upgrade (2003) HTTP
GET no longer worked, POST
required
uPortal Integration

The next step . . . deep linking


 More direct and intuitive method
for accessing services
 Add embedded PeopleSoft content
within an IFrame using nested URL
Oracle Collaboration Suite
(OCS)
 What is OCS?
“Oracle Collaboration Suite is
an integrated database-based
email, voicemail, calendaring,
web-based meeting, files and
search capability that is
accessible via all of the
interfaces that you currently
know and use.”
Oracle Collaboration Suite
(OCS) Objectives

 uPortal entry point for Email and


Calendar
Making OCS use a central
authentication service
 Integration with CAS
Logical Architecture
Hardware - Illustration
Tier 1 : Infrastructure Tier 3 : Database
Tier 2 : Application MT Tier 2 : Calendar
2 Node (Red Hat 4 Node Oracle RAC
4 Nodes + BI 1 Node 2 Node
Cluster Server) 9.2.0.4
Dell Power 6650
Dell Power Edge 2650 Dell Power Edge 2650 Dell Power Edge 6650
4 * 2.8 GHz
2 * 2.8 GHz 2 * 2.8 GHz 4 * 2.8 GHz
16 GB RAM
4 GB RAM 2 GB RAM 16 GB RAM
2 * 36GB HD
2 * 36GB HD 2 * 36GB HD 2 * 36GB HD
2* GIG-E NIC
3* GIG-E NIC 2* 73 GB HD 4* GIG-E NIC
HBA ’s (to EMC) 2* GIG-E NIC 9iRAC
HBA ’s (to EMC) HBA ’s (to EMC)

Storage: EMC DMX1000


OCS, Central Authentication & uPortal
Corporate Portal (uPortal)

Web Oracle Portal Other Campus


Applications
Central Authentication Services (SCT,
PeopleSoft
Etc..)
OCS Infrastructure
Outlook
(Shared between OCS and BI)

OCS Oracle BI
Middle Tier Middle Tier
Calendar

OCS DB
BI DB
9.2.0.5
Oracle Collaboration Suite
(OCS) Integration

 Objectives
uPortal entry point for Email
and Calendar
SSO
uPortal channels - simplified
view of Email and Calendar
Ability to render Oracle
Portlets within uPortal
OCS Integration - Solutions

 uPortal entry point ---> CAS-enable


OCS
 uPortal channels
---> Custom channels
- Oracle’s APIs?
- Query DB
---> Pre-existing Oracle Portlets
 Oracle Portlets
 “External JSP”
 Direct URL
CAS Enabling OCS

 Oracle SSO
 Web based applications
 Integrates with external login
source
 Solution required the use of cookies
 All code written in PL/SQL
 Requires Oracle Internet Directory
(OID)
 Users must be populated in OID
 FERPA
Web 8 OSSO validates ticket
Oracle
Login 9 Username provided to OSSO SSO
Service
5 Web Login Service authentication required
6 Login Service provides ticket for OSSO

13 Username provided to application


ed
ir
4B
qu

12 Application validates ticket


e 10
ro
nr
ws
o
ati
rr e
tic
ed Or
n ire S O a
the OS
cte cle
au to
dt SS
O d
O
de
oW
SS
tic
i
le ov
eb ke
ac tp
r tp
r
Lo

3 O e
gin ro
ick
vi

7T
Se de
rv df
ce i or
ap
lic p
ati
on

1 User requests access


Oracle
2 Browser redirected to Oracle SSO 14
User Web
11 OSSO Ticket provided to application Application Application
decides if user
15 User gets access is authorized
OCS - Rendering Oracle
Portlets

 External JSP
 Makes a portlet available through a
JSP
 Not well documented
 Is not supported in a “Partial SSL
configuration”
 uPortal Inline Frame points to
external JSP
OCS - Rendering Oracle
Portlets
 Direct Access URL
 Access to Oracle Portal page
through user-friendly URL
 Create Oracle Portal Page
No header/border/template
Put portlet on page
Attach stylesheet to page
Point uPortal Inline frame to URL
OCS - Rendering Oracle
Portlets (cont.)
 Authorization
Control access to uPortal
channels through Groups??
Needed way to restrict access
to Oracle page
Solution: Pull groups tables
into OID nightly
OCS Integration Issues
 ISSUE:
When users subscribe to more than
one channel containing Oracle Portlet
content, the channel may respond
with browser error messages resulting
in no content displayed.
 ROOT CAUSE:
This problem is a result of multiple
uPortal channels attempting to
establish an Oracle Portal session at
the same time.
OCS Integration Issues
(cont.)
 Possible Solutions
 Introduce a Delay with
Consecutive Page Requests.
 Introduce an Intermediate
Page at CAS Login.
Send all requests through a
single threaded servlet.
CAS Enabling OCS Resources
 Oracle9iAS Single Sign-On
Administrator's Guide
 Release 2 (9.0.2)
 Part Number A96115-01
 Chapter 5 - Third-Party Single Sign-On
 Chapter 8 - Customizing the Single
Sign-On Interface

 Metalink Documents:
 Note:191299.1
 Note:244557.1
 Note:191345.1
Statistics on Usage
 PeopleSoft Applications:
 HR total accounts: 2,500 (admin accounts: 700)
 Concurrent users average: 22 (high 75)
 Finance total admin accounts: 700
 Concurrent users average: 23 (high 95)
 Single Sign-on Unique Users per month:
 Approx: 12,000 - 28,000
 Average: 20,000 (including summer quarters)
 Single Sign-on Unique users per DAY
 Maximum: 14,000
 Average: 5,700  
 Single Sign-on Concurrent users of the
Portal: High: 2,800
Statistics on Usage
 Single clicks to HR PRD and FS PRD per
month
 2,200 – 6,100
 Average: 4,200 (including summer quarters)

 Single Sign-on Outages


 Unplanned: Less than 1/2 hour per
month
 Planned:
 4 hours/month
 Updates, new application rollouts
 Users CAN authenticate to PS and other
applications
References
 CAS
http://www.yale.edu/tp/cas/

 This Presentation, Cal Poly’s documents


and code on CAS Enabling OCS, and
PeopleSoft Single Sign-on Guides

http://myportal.calpoly.edu/downloads

PeopleBooks
Questions?
 Darren Kraker  Ken Sperow
Software Engineer Software Engineer
dkraker@calpoly.edu ksperow@calpoly.ed
u
 Ryan Matteson
 Dan Malone
Web Architect and Info
Oracle SSO
Security Manager
dmalone@calpoly.ed
rmatteso@calpoly.edu u

 Melinda Rojo
Oracle Portal Integration
mrojo@calpoly.edu