Integrating PeopleSoft and Oracle Collaboration Suite into uPortal

1
Integrating PeopleSoft and Oracle Collaboration
Suite into uPortal

• June 13, 2005
• Summer JA-SIG
• Baltimore, Maryland

2
San Luis Obispo, CA Information Technology
Services Darren Kraker Ken Sperow
3
Overview

• CAS implementation
• PeopleSoft HR
• PeopleSoft Financials
• Oracle Collaboration Suite
• calendar
• email
• Integration as uPortal channels (IFrame)
• PeopleSoft Self Service links
• Oracle Portlets

4
Agenda

• History
• PeopleSoft Impl / Integration
• OCS Impl /Integration
• Issues
• Questions

5
Cal Poly Who are we?

• San Luis Obispo
• 100 Years Old
• 20,000 Students
• Polytechnic University
• Engineering, Agriculture, Architecture, Science
• Learn by Doing technical and professional
  curricula with arts and humanities.

6
History

• Live with uPortal 1.6 Fall 2001
• UNICON assisted LDAP implementation
• Motivated to implement SSO
• Campus introduction PeopleSoft HR
• Politically / strategically required for
  Enterprise Portal

7
System Overview
8
(No Transcript)
9
(No Transcript)
10
Technical Specifications

• CAS servers
• Central Authentication Server 2.0
• Servers Sun Netra T1
• 500 mhz, 1 GB RAM
• Solaris 9
• Three servers high availability
• Cisco switches provide failover

11
Technical Specifications

• LDAP servers
• Oracle Internet Directory 9.2.0.6
• Servers Sun Netra T1
• 500 mhz, 1 GB RAM
• Solaris 9
• Three servers for high availability
• Cisco hardware provides load balancing and
  failover

12
Technical Specifications

• uPortal server
• uPortal 2.1.4
• One server Sun E450
• 4 - 400 mhz, 4 GB RAM
• Solaris 9
• Planned upgrade to 2.5.X Fall

13
CASAuthentication Flow
Web Login Service
User interaction
No user interaction
User
Web Application
8 Application decides if user is authorized
14
PeopleSoft

• Making PeopleSoft use a central authentication
  service
• Evaluate known solutions
• Integration with CAS

15
PeopleSoft - Implementation

• Accept a ticket and then validate it
• Make PeopleSoft accept a CAS ticket parameter as
  part of login
• Implement PeopleCode calls Java client
• CAS java client performs the CAS validation

16
PeopleSoft - Implementation
Function VALIDATE_TICKET() /
rmatteso_at_calpoly.edu 20030122 Trusted
Authentication Impl / If PSAuthResult False
Then validator GetJavaClass("PSCASClient") /
retrieve fullUrl and ticket value from HTTP
request / fullUrl Request.FullURI "?"
Request.QueryString ticket
Request.GetParameter("ticket") If ticket ltgt
"" Then / have a ticket, load CAS client class
and attempt to validate / cas_result
validator.validate(fullUrl, ticket) If
cas_result ltgt "" Then / ResultDocument (3rd
parm) seems to be ignored by front end
/ SetAuthenticationResult( True,
cas_result, "", False) authMethod
"SLO" Return End-If / got username
back from CAS / End-If / got ticket /
End-If / user not yet authenticated
/ End-Function
17
PSCASClient.java

• URL u new URL(
• validateURL "?ticket" ticket "service"
  service)
• BufferedReader in new BufferedReader(
• new InputStreamReader(u.openStream()))
• if (in null)
• return null
• else
• String line1 in.readLine()
• String line2 in.readLine()
• if (line1.equals("no"))
• return null
• else
• // make fully qualified username
  ("jdoe_at_calpoly.edu")
• // into PSFT username ("jdoe")
• return line2.substring(0, line2.indexOf('_at_')).t
  oUpperCase()

17
18
PeopleSoft - Implementation

• Configure SLO_AUTH hook in PeopleSoft Sign-on
  Page (Exec Auth Fail)

19
Set Exec Auth Fail PeopleCode
20
PeopleSoft - Implementation

• Customize HTML files now that original sign-on
  page is obsolete
• index.html
• Logout_page.html (new)
• Signin_alternate (new)
• Signon.html
• signonError.html (new)
• Cookiesrequired.html
• Modify configuration.properties to point to new
  HTML files
• Install CAS client jar, class files

21
Issues

• Its never that easy . . .
• Service URL we use for CAS had to contain
  userid/pwd parameter
• PeopleSoft cookies
• After PTools upgrade (2003) HTTP GET no longer
  worked, POST required

22
uPortal Integration

• The next step . . . deep linking
• More direct and intuitive method for accessing
  services
• Add embedded PeopleSoft content within an IFrame
  using nested URL

23
(No Transcript)
24
(No Transcript)
25
Oracle Collaboration Suite (OCS)

• What is OCS?
• Oracle Collaboration Suite is an integrated
  database-based email, voicemail, calendaring,
  web-based meeting, files and search capability
  that is accessible via all of the interfaces that
  you currently know and use.

26
Oracle Collaboration Suite (OCS) Objectives

• uPortal entry point for Email and Calendar
• Making OCS use a central authentication service
• Integration with CAS

27
Logical Architecture
28
Hardware - Illustration
Tier 1 Infrastructure 2 Node (Red Hat Cluster
Server)
Tier 3 Database 4 Node Oracle RAC 9.2.0.4
Tier 2 Application MT 4 Nodes BI 1 Node
Tier 2 Calendar 2 Node
Dell Power 6650 4 2.8 GHz 16 GB RAM 2 36GB
HD 2 GIG-E NIC
Dell Power Edge 2650 2 2.8 GHz 4 GB RAM 2
36GB HD 3 GIG-E NIC HBA s (to EMC)
Dell Power Edge 6650 4 2.8 GHz 16 GB RAM 2
36GB HD 4 GIG-E NIC 9iRAC HBA s (to EMC)
Dell Power Edge 2650 2 2.8 GHz 2 GB RAM 2
36GB HD 2 73 GB HD 2 GIG-E NIC HBA s (to EMC)
Storage EMC DMX1000
29
OCS, Central Authentication uPortal
Corporate Portal (uPortal)
Other Campus Applications (SCT, PeopleSoft Etc..)
Oracle Portal
Central Authentication Services
OCS Infrastructure (Shared between OCS and BI)
OCS Middle Tier
Oracle BI Middle Tier
OCS DB 9.2.0.5
BI DB
30
Oracle Collaboration Suite (OCS) Integration

• Objectives
• uPortal entry point for Email and Calendar
• SSO
• uPortal channels - simplified view of Email and
  Calendar
• Ability to render Oracle Portlets within uPortal

31
OCS Integration - Solutions

• uPortal entry point ---gt CAS-enable OCS
• uPortal channels
• ---gt Custom channels
• - Oracles APIs?
• Query DB
• ---gt Pre-existing Oracle Portlets
• Oracle Portlets
• External JSP
• Direct URL

32
CAS Enabling OCS

• Oracle SSO
• Web based applications
• Integrates with external login source
• Solution required the use of cookies
• All code written in PL/SQL
• Requires Oracle Internet Directory (OID)
• Users must be populated in OID
• FERPA

33
(No Transcript)
34
(No Transcript)
35

Web Login Service
Oracle SSO
User
Oracle Web Application
14 Application decides if user is authorized
36
OCS - Rendering Oracle Portlets

• External JSP
• Makes a portlet available through a JSP
• Not well documented
• Is not supported in a Partial SSL configuration
• uPortal Inline Frame points to external JSP

37
OCS - Rendering Oracle Portlets

• Direct Access URL
• Access to Oracle Portal page through
  user-friendly URL
• Create Oracle Portal Page
• No header/border/template
• Put portlet on page
• Attach stylesheet to page
• Point uPortal Inline frame to URL

38
(No Transcript)
39
OCS - Rendering Oracle Portlets (cont.)

• Authorization
• Control access to uPortal channels through
  Groups??
• Needed way to restrict access to Oracle page
• Solution Pull groups tables into OID nightly

40
OCS Integration Issues

• ISSUE
• When users subscribe to more than one channel
  containing Oracle Portlet content, the channel
  may respond with browser error messages resulting
  in no content displayed.
• ROOT CAUSE
• This problem is a result of multiple uPortal
  channels attempting to establish an Oracle Portal
  session at the same time.

41
OCS Integration Issues (cont.)

• Possible Solutions
• Introduce a Delay with Consecutive Page
  Requests.
• Introduce an Intermediate Page at CAS Login.
• Send all requests through a single threaded
  servlet.

42
CAS Enabling OCS Resources

• Oracle9iAS Single Sign-On Administrator's Guide
• Release 2 (9.0.2)
• Part Number A96115-01
• Chapter 5 - Third-Party Single Sign-On
• Chapter 8 - Customizing the Single Sign-On
  Interface
• Metalink Documents
• Note191299.1
• Note244557.1
• Note191345.1

43
Statistics on Usage

• PeopleSoft Applications
• HR total accounts 2,500 (admin accounts 700)
• Concurrent users average 22 (high 75)
• Finance total admin accounts 700
• Concurrent users average 23 (high 95)
• Single Sign-on Unique Users per month
• Approx 12,000 - 28,000
• Average 20,000 (including summer quarters)
• Single Sign-on Unique users per DAY
• Maximum 14,000
• Average 5,700  
• Single Sign-on Concurrent users of the Portal
  High 2,800

44
Statistics on Usage

• Single clicks to HR PRD and FS PRD per month
• 2,200 6,100
• Average 4,200 (including summer quarters)
• Single Sign-on Outages
• Unplanned Less than 1/2 hour per month
• Planned
• 4 hours/month
• Updates, new application rollouts
• Users CAN authenticate to PS and other
  applications

45
References

• CAS
• http//www.yale.edu/tp/cas/
• This Presentation, Cal Polys documents and code
  on CAS Enabling OCS, and PeopleSoft Single
  Sign-on Guides
• http//myportal.calpoly.edu/downloads
• PeopleBooks

46
Questions?

• Darren Kraker
• Software Engineer
• dkraker_at_calpoly.edu
• Ryan Matteson
• Web Architect and Info Security Manager
• rmatteso_at_calpoly.edu
• Melinda Rojo
• Oracle Portal Integration
• mrojo_at_calpoly.edu

• Ken Sperow
• Software Engineer
• ksperow_at_calpoly.edu
• Dan Malone
• Oracle SSO
• dmalone_at_calpoly.edu