con9205 securing your peoplesoft integration infrastructure...node - – external node...
TRANSCRIPT
10/4/2012
1
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.2
CON9205Securing Your PeopleSoft Integration Infrastructure
Greg Kelly - PeopleSoft Strategy - PeopleTools
Keith Collins – PeopleSoft Development -
PeopleTools
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.3
Program Agenda
� History
� Early 8.x Integration
� PeopleSoft as Consumer
� PeopleSoft as Producer/Provider
� SAML
10/4/2012
2
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.4
Safe Harbor Statement
The following is intended to outline our general product
direction. It is intended for information purposes only, and may
not be incorporated into any contract. It is not a commitment to
deliver any material, code, or functionality, and should not be
relied upon in making purchasing decisions. The development,
release, and timing of any features or functionality described for
Oracle’s products remains at the sole discretion of Oracle.
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.5
History
10/4/2012
3
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.6
Integration Methods
� Message Agent
� Direct SQL
� Application Messaging
� Component Interface
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.7
PeopleTools 8.x Integration
10/4/2012
4
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.8
Web Service History
� Prior to PeopleTools 8.48
– HTTPS
– Node Password
� Resource Intensive
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.9
PeopleSoft Consumer and Producer Overview
10/4/2012
5
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.10
Producer and Consumer Flow- Producer
- Provider
- Inbound
- Consumer
- Outbound
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.11
Setup and Configuration
� Default setup - Gateway
– Gateway Properties
� sign-on
� user/ password assigned to node(s)
– Low privilege
Gateway
10/4/2012
6
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.12
Gateway Setup
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.13
Gateway Setup - Password
Prior to
PeopleTools 8.53
10/4/2012
7
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.14
Gateway Setup - Node
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.15
PeopleSoft as Consumer
10/4/2012
8
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.16
Overview
� CONSUMER:
� Order of Security Options:
– Node
– Routing
� Standard Service
� REST Service
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.17
Nodes - PeopleSoft as ConsumerPIA Node
� PeopleSoft Node (Target Node is another PeopleSoft System):
� Node Type PIA
� Authentication Option:
– Password,
– Certificate - required to build the PSFT Token
� Default UserID - Not Used
� Non-Repudiation
� Connectors: Connector Type - PSFTTARGETPIA Node
10/4/2012
9
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.18
Nodes - PeopleSoft as ConsumerPIA Node
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.19
Nodes - PeopleSoft as ConsumerExternal Node
� External Node (Target Node is NOT PeopleSoft System):
� Node Type: External
– Default userID
– External userID
– External Password
10/4/2012
10
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.20
Nodes - PeopleSoft as ConsumerExternal Node
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.21
Nodes - PeopleSoft as Consumer� WS-SECURITY:
– SAML Token - options
� Encrypted, (all, body, header)
� use Default UserID (default is logged on userID)
– User Name Token - options
� Encrypted,
� digitally signed,
� use External User ID (default is default user ID)
� Connectors:
– Connector Type - any but PSFTTARGET
** Node type determines security options **
10/4/2012
11
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.22
Node – WS-Security
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.23
Routing - PeopleSoft as Consumer
� Target Node defined as Node Type PIA
– (no security options)
� Target Node defined as Node Type External
– Parameter tab - ws-security link: select security override checkbox to
change security options from what is on node
– SAML Token - options Encrypted, use Default UserID (default is logged on
userID)
– User Name Token - options Encrypted, digitally signed, use External User
ID (default is default user ID)
10/4/2012
12
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.24
Routing
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.25
WS-Security
10/4/2012
13
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.26
WS-Security Options
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.27
Service Operation - PeopleSoft as Consumer
� Service Operation **
– No Permissions Needed
– No Require validation
– No user/ password check box required
� Exclude PSFT Token (Service Configuration) WHY?
** the reason why these are not hidden as routing directionality in this
case determines (provider/consumer)
“
10/4/2012
14
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.28
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.29
REST - PeopleSoft as Consumer
� Node -
– External Node WADL_Node (Target Node is NOT PeopleSoft System):
Node Type: External
– No other Information is/ should be used as this is a node used for ALL
REST Consume Service Operations