LDAP Integration

Information about LDAP Integration

Published on September 24, 2007

Author: WoodRock

Source: authorstream.com

Content

LDAP Integration with PeopleSoft SA WHEPSUG 2003:  LDAP Integration with PeopleSoft SA WHEPSUG 2003 Mark Rank UW-Platteville Introduction:  Introduction Who am I? DBA and Manager of Development for UW-Platteville Where does this information come from? Summary information from IPS project Internal development documentation Outline:  Outline Overview of Identity Provisioning at UW-P’ville Description of current system Summary of re-engineering efforts PeopleSoft and LDAP Some comments on supporting self-service UW-Platteville’s LDAP authentication solution Before we start:  Before we start UW-Platteville is new to self-service We did not do anything with HTML Access Were waiting for the LDAP authentication Current status of this system at UW-Platteville Initial release moved to production 9/30/2003 Characteristics of an Identity Provision System:  Characteristics of an Identity Provision System Need to accomplish three things Identity – 'Who are you?' Authentication - 'Are you who you say you are?' Authorization – 'What can you see?' The Identity Provisioning System (IPS) needs to either directly manage these tasks or provide information to other systems so that it can be managed internally The bigger picture:  The bigger picture Interconnection to UW-System IAA project Our local IPS needs to operate with the IAA system in a federated manner Current IPS:  Current IPS A custom solution created using OS scripts and various application utilities Over 8 years old with a history dating back to our mini-computer and legacy student system Current IPS:  Current IPS Currently gets all of its information from the PeopleSoft SA system System maintains the UW-P username Uses this information to populate our Novell NDS directory which then provides an LDAP service Some limitations of the current system:  Some limitations of the current system A batch system A custom solution that requires vendor specific solutions A 'brittle' system that is due for refactoring The future IPS:  The future IPS We have started a re-engineering process to move to a vendor supplied solution We are looking to use Novell’s DirXML technologies in connection with PeopleSoft to do this An intermediate step:  An intermediate step Our first goal is to decouple the account provisioning for Novell NDS from our legacy IPS system which is running on VMS (mini-computer). PeopleSoft and LDAP:  PeopleSoft and LDAP Currently in the PeopleTools 8.1x environment, PeopleSoft delivers Business Interlinks for an LDAP bind and an LDAP search These can be called using signon PeopleCode to authenticate users to the PeopleSoft system Signon PeopleCode:  Signon PeopleCode Signon PeopleCode:  Signon PeopleCode PS delivers the signon code for LDAP as well as SSO in FUNCLIB_LDAP.LDAPAUTH After reviewing it, we cloned it and refactored to make it more streamlined for our application What about CDI?:  What about CDI? We were looking to do something very specific and wanted a very 'clean' solution Did not really have time to implement CDI Because of where we are taking identity provisioning, do not plan to use CDI Some comments on supporting self-service:  Some comments on supporting self-service UW-Platteville views LDAP integration as an enabling technology for self-service As such, how self-service is deployed and configured impacts the nature of the LDAP integration We wanted to address the assignment of self-service roles as part of the integration Role assignment for Self-Service:  Role assignment for Self-Service Currently, UW-Platteville still handles authorization to PeopleSoft using static roles in the system There are processes that occur at log in and during a batch process that assign roles Want to explore dynamic assignment as we re-engineer our IPS How self-service roles are determined:  How self-service roles are determined Student Role 'select emplid from ps_stdnt_enrl where emplid = :1 and stdnt_enrl_status = 'E'' Instructor Role 'select emplid from ps_class_instr where emplid = :1' Advisor Role 'select advisor_id from ps_stdnt_advr_hist where advisor_id = :1' UW-Platteville’s LDAP authentication solution:  UW-Platteville’s LDAP authentication solution Keep in mind, we are leveraging our IPS As such, everything is driven off of people having active UW-P user accounts As I said before, we cloned the delivered code in PeopleTools and customized Custom configuration pages:  Custom configuration pages Custom configuration pages:  Custom configuration pages A note about LDAP and SSL:  A note about LDAP and SSL It appears that the business interlinks that support LDAP used an older version of the Netscape SSL SDK If people want to use LDAP over SSL, a certificate database (cert7.db) needs to be generated in the same format Easiest way to do it is to export the certificate out of a 4.X version of Netscape browser LDAP Authentication PeopleCode:  LDAP Authentication PeopleCode General flow for the authentication code Through the restricted session function, have the ability to easily restrict access for maintenance LDAP Authentication PeopleCode:  LDAP Authentication PeopleCode Because UW-Platteville keeps our profile name the same as our username we can build the distinguished name instead of looking it up Currently, we have users in two contexts so need to look in two places, thus the multiple DN support. LDAP Authentication PeopleCode:  LDAP Authentication PeopleCode The function to set the authentication result is the final step The globals are set to keep track of what profile id was finally used to log on Globals are used by the profile sync later LDAP Profile Synchronization PeopleCode:  LDAP Profile Synchronization PeopleCode Code checks for a global distinguished name This indicates the authentication was successful To make life easier, all profiles are upper cased LDAP Profile Synchronization PeopleCode:  LDAP Profile Synchronization PeopleCode Need to instantiate an instance of the USER_PROFILE component interface Look to see if we need to create or modify the user LDAP Profile Synchronization PeopleCode:  LDAP Profile Synchronization PeopleCode Build or modify the profile based on information in the PS database and the defaults on the configuration page Run the process to maintain the self-service roles Steps to implement LDAP authentication - IPS:  Steps to implement LDAP authentication - IPS Remember, we have an existing IPS Building an IPS is not trivial Need to set the scope Need to find a technology platform Need to define authoritative sources Need to build it, test it and then deploy it Steps to implement LDAP authentication – PS to LDAP:  Steps to implement LDAP authentication – PS to LDAP For UW-Platteville’s custom solution, build the online objects in PeopleSoft If you are using LDAPS, place the certificate database file in the domain directory of the app servers Configure it Enable signon PeopleCode Restart the app servers Summary:  Summary Overview of Identity Provisioning at UW-P’ville Description of current system Summary of re-engineering efforts PeopleSoft and LDAP Some comments on supporting self-service UW-Platteville’s LDAP authentication solution Questions and Discussion:  Questions and Discussion

Related presentations


Other presentations created by WoodRock

VoIP endfassung
18. 06. 2007
0 views

VoIP endfassung

Lone Wolf Presentation
22. 04. 2008
0 views

Lone Wolf Presentation

Guersenfinal
17. 04. 2008
0 views

Guersenfinal

10 bridge
16. 04. 2008
0 views

10 bridge

Reveiwfinal spring
14. 04. 2008
0 views

Reveiwfinal spring

ch03 edit
13. 04. 2008
0 views

ch03 edit

Howcroft CME
10. 04. 2008
0 views

Howcroft CME

ARPA07distribute
09. 04. 2008
0 views

ARPA07distribute

PowerPoint Presentation 2007
07. 04. 2008
0 views

PowerPoint Presentation 2007

Central Asia short
30. 03. 2008
0 views

Central Asia short

APALSAGeneralMeeting
27. 03. 2008
0 views

APALSAGeneralMeeting

elements compounds mixtures
04. 01. 2008
0 views

elements compounds mixtures

Moodle for english teachers
27. 06. 2007
0 views

Moodle for english teachers

YagerDOE2005
17. 09. 2007
0 views

YagerDOE2005

JESSICA2 HKJU Dec 18 2002
17. 09. 2007
0 views

JESSICA2 HKJU Dec 18 2002

wipo smes del 07 www 76775
24. 09. 2007
0 views

wipo smes del 07 www 76775

SAR presentation Final
24. 09. 2007
0 views

SAR presentation Final

Politics ml Z
02. 10. 2007
0 views

Politics ml Z

sparkles
04. 10. 2007
0 views

sparkles

Extreme Makeover
17. 09. 2007
0 views

Extreme Makeover

current status ebxml cppa tc
29. 10. 2007
0 views

current status ebxml cppa tc

ast201 2007 lect11
28. 11. 2007
0 views

ast201 2007 lect11

judicial
28. 08. 2007
0 views

judicial

Laptop Security
28. 08. 2007
0 views

Laptop Security

hammer fatriv
28. 08. 2007
0 views

hammer fatriv

Air Monitoring
23. 10. 2007
0 views

Air Monitoring

CONFINED
07. 11. 2007
0 views

CONFINED

Kansas GRB 5
15. 11. 2007
0 views

Kansas GRB 5

ATS
16. 11. 2007
0 views

ATS

Lecture 4 Bioterrorism Dunne
17. 11. 2007
0 views

Lecture 4 Bioterrorism Dunne

wieser sybase
20. 11. 2007
0 views

wieser sybase

rushdie
21. 11. 2007
0 views

rushdie

Napoleon I
26. 11. 2007
0 views

Napoleon I

SonnetOL
11. 08. 2007
0 views

SonnetOL

Steve Lafferty optimized
11. 08. 2007
0 views

Steve Lafferty optimized

Tibetian test 2
11. 08. 2007
0 views

Tibetian test 2

Plumbing an Information Space
02. 01. 2008
0 views

Plumbing an Information Space

Tree of Life 3 11 03
11. 08. 2007
0 views

Tree of Life 3 11 03

savas dangerous offenders
11. 08. 2007
0 views

savas dangerous offenders

Memory Revisited
12. 10. 2007
0 views

Memory Revisited

Dermatology Revision
05. 01. 2008
0 views

Dermatology Revision

FROM THE DISCOVERY OF HELIX
16. 10. 2007
0 views

FROM THE DISCOVERY OF HELIX

504d AACR poster 2005 cfg
30. 10. 2007
0 views

504d AACR poster 2005 cfg

Zeeberg
17. 09. 2007
0 views

Zeeberg

sweep
11. 08. 2007
0 views

sweep

Industrialization Ideology
26. 10. 2007
0 views

Industrialization Ideology

CS438 08 Bridges
28. 12. 2007
0 views

CS438 08 Bridges

sa advocacy
24. 09. 2007
0 views

sa advocacy

CausalArguments
26. 11. 2007
0 views

CausalArguments

JostDeutschAwards
07. 01. 2008
0 views

JostDeutschAwards

Class24ImlicatureExp
19. 02. 2008
0 views

Class24ImlicatureExp

Lars Nord Presentation at HA2005
08. 10. 2007
0 views

Lars Nord Presentation at HA2005

ConEvals
27. 02. 2008
0 views

ConEvals

moodle themes
27. 06. 2007
0 views

moodle themes

Moodle lokalp
27. 06. 2007
0 views

Moodle lokalp

Moodle na UE final
27. 06. 2007
0 views

Moodle na UE final

SIRESENAC06
06. 03. 2008
0 views

SIRESENAC06

Seance 4 Alissa fr
24. 10. 2007
0 views

Seance 4 Alissa fr

SKita gesture
11. 08. 2007
0 views

SKita gesture

8 lessons learnt from nms
18. 03. 2008
0 views

8 lessons learnt from nms

WORKING IN THE EU INSTITUTIONS
20. 03. 2008
0 views

WORKING IN THE EU INSTITUTIONS

semantic web applications
25. 03. 2008
0 views

semantic web applications

FutureofNews
05. 10. 2007
0 views

FutureofNews

sxu 1 05 06
11. 08. 2007
0 views

sxu 1 05 06

canarias
23. 10. 2007
0 views

canarias

Reintegration ProgramFinal
28. 12. 2007
0 views

Reintegration ProgramFinal

G Abaee
22. 11. 2007
0 views

G Abaee

tromsoe
11. 08. 2007
0 views

tromsoe

glazerbusan
12. 10. 2007
0 views

glazerbusan

Stockholm Tutorial June 2001
12. 03. 2008
0 views

Stockholm Tutorial June 2001

TF Rschede
18. 06. 2007
0 views

TF Rschede

telwisa 5
18. 06. 2007
0 views

telwisa 5

Teitler Framework
18. 06. 2007
0 views

Teitler Framework

STRUMENTI tris DI ATTUAZIONE
18. 06. 2007
0 views

STRUMENTI tris DI ATTUAZIONE

strategic plan
18. 06. 2007
0 views

strategic plan

STEROIDS
18. 06. 2007
0 views

STEROIDS

Slide musso taranto
18. 06. 2007
0 views

Slide musso taranto

V 005 Gierke
18. 06. 2007
0 views

V 005 Gierke

Vorlesung BGB AT 1
18. 06. 2007
0 views

Vorlesung BGB AT 1

violenza
18. 06. 2007
0 views

violenza

Varma
18. 06. 2007
0 views

Varma

usenix
18. 06. 2007
0 views

usenix

unter Mitglieder wenn das geht
18. 06. 2007
0 views

unter Mitglieder wenn das geht

Unterrichtsbeobachtu ng
18. 06. 2007
0 views

Unterrichtsbeobachtu ng

Traechtigkeit
18. 06. 2007
0 views

Traechtigkeit

todoslossantosanual
02. 11. 2007
0 views

todoslossantosanual

vortrag we mu 220602
18. 06. 2007
0 views

vortrag we mu 220602

SOR Legal Updates 2006 141962 7
11. 08. 2007
0 views

SOR Legal Updates 2006 141962 7

Bigwood 1
13. 03. 2008
0 views

Bigwood 1

lrec metadata
14. 11. 2007
0 views

lrec metadata

termininfo D2D Konferenz2006
18. 06. 2007
0 views

termininfo D2D Konferenz2006

3320 l09
17. 09. 2007
0 views

3320 l09

typologie
18. 06. 2007
0 views

typologie

antalya
03. 09. 2007
0 views

antalya

sermonpp thy will be done
11. 08. 2007
0 views

sermonpp thy will be done

gabriel
24. 09. 2007
0 views

gabriel

tack2
24. 09. 2007
0 views

tack2

VORTRAG BW
18. 06. 2007
0 views

VORTRAG BW

The Perils of Childhood Obesity
11. 08. 2007
0 views

The Perils of Childhood Obesity

GT TurkeyCountryPresent ation
23. 10. 2007
0 views

GT TurkeyCountryPresent ation

Open Everything 3 9
01. 10. 2007
0 views

Open Everything 3 9

arnaud
28. 09. 2007
0 views

arnaud

file1180026507
22. 10. 2007
0 views

file1180026507

yasinsky
24. 09. 2007
0 views

yasinsky

healthy body esteem
03. 10. 2007
0 views

healthy body esteem

moodle presentation epfl final
27. 06. 2007
0 views

moodle presentation epfl final

37 Yale SA Program Overview 07
24. 09. 2007
0 views

37 Yale SA Program Overview 07

song slides
11. 08. 2007
0 views

song slides

Stuttgart
18. 06. 2007
0 views

Stuttgart

site wsa
29. 02. 2008
0 views

site wsa

pearson
24. 09. 2007
0 views

pearson

09 s4 fr
11. 03. 2008
0 views

09 s4 fr

EPS
17. 10. 2007
0 views

EPS

OARS CRJ 2006
24. 09. 2007
0 views

OARS CRJ 2006

7Paul Hopkin
11. 12. 2007
0 views

7Paul Hopkin

Sofia 29 09 30 02
23. 11. 2007
0 views

Sofia 29 09 30 02

CSI NetSec2004
29. 10. 2007
0 views

CSI NetSec2004

santTOPch11
11. 08. 2007
0 views

santTOPch11

HumanCapitalFINAL
24. 09. 2007
0 views

HumanCapitalFINAL

Carmelo Polino
22. 10. 2007
0 views

Carmelo Polino

Poeplau ECLOUD07
03. 01. 2008
0 views

Poeplau ECLOUD07

peytonap
17. 09. 2007
0 views

peytonap

BUTE 2005feb Milano COST291
16. 10. 2007
0 views

BUTE 2005feb Milano COST291