PEGRight deployed a proven integration pattern to SAML-enable the PeopleSoft suite of applications. The solution utilizes the PingFederate Service Provider (SP) endpoint to receive a SAMLv2 assertion from any SAMLv2 compliant SSO Identity Provider (IdP), for example PingOne, OneLogin, Okta, CA SiteMinder. Using PingFederate’s OpenToken for last mile integration, the contents of the SAMLv2 assertion are delivered to PeopleSoft. The solution allows for the traditional PeopleSoft login screen to be bypassed for SSO-enforced users, as well as continuing support for Administrative Console direct access.

Here is the high level flow:

Peoplesoft environment

1. Update the PeopleSoft WebLogic web server with a Java Filter that processes incoming HTTP Servlet requests

The Java Filter implements logic to detect when a redirect to PingFederate is needed requesting SSO. In brief, the Java Filter will check for either an existing PeopleSoft browser session, or the presence of an OpenToken in the request. If neither exists, the user is redirected to the PingFederate SSO SP server that will handle requesting authentication via any SSO IdP Server using the SAMLv2 protocol.

2. Update the PeopleSoft WebLogic application server to leverage the delivered OpenToken for handling authentication

This requires the development of a Signon PeopleCode function for handling the OpenToken. This function will fetch the user’s identity from the OpenToken, and can still integrate with a back-end AD/LDAP to validate the user and retrieve additional attributes/roles/user goodness. For security the OpenToken will be sent in a secure cookie that must be on the same domain as the PingFederate SSO SP server.

3. Configure the PingFederate SSO SP server with a PeopleSoft connection to request authentication via an SSO IdP Server

The configuration will also receive the SAMLv2 assertion from the SSO IdP Server and mediate the contents into an OpenToken that will be sent to the PeopleSoft server where the Java Filter and PeopleSoft Code will process the user identity and create a PS_TOKEN session within PeopleSoft.

That’s pretty much it – those are the steps to SAML-enable a PeopleSoft on-premise deployment using PingFederate. Contact us if you have questions or if you need help making the most of your Ping Identity investment.

Categories

Latest from twitter

Recommended for you

ProofID Dashboard for Ping Identity

Gaining Proactive Insights into your Ping environment with ProofID Dashboard

19th October 2017

Ping Identity the challenge of 'run'

Ping Identity
the Challenge of ‘Run’

17th October 2017

ProofID IDaaMS

5 Reasons to Adopt Ping Identity as a Managed Service

19th January 2017

Ping Identity

Ping Identity frees the digital enterprise by providing secure access that enables the right people to access the right things, seamlessly and securely.

Explore Ping Identity