The Peoplesoft Sign on Process
THE PEOPLESOFT SIGNON PROCESS
The following six steps will walk us through the PeopleSoft signon process and explain where the Signon Peoplecode comes into play here.
1. As is the process in ALL PeopleSoft applications, the user signs on with their User ID & Password and the system then validates the ID & password against the PSOPRDEFN table. If ID & Password are valid, then the user is successfully signed on. This will be done no matter what type of authentication process you are going to use. You cannot get around this, as this is the way the application is designed to work.
2. If the initial signon authentication against the PSOPRDEFN table is unsuccessful, then the system Checks to see if LDAP Authentication Signon Peoplecode is enabled. If it is not, then the user is denied access assuming that the user is trying to authenticate with their LDAP user id and password.
3. If the LDAP Authentication Signon Peoplecode is enabled, then system invokes LDAP Authentication with the directory via the LDAP_SEARCH and LDAP_BIND Business Interlinks.
4. Using these businesses interlinks the Signon Peoplecode will then validates the User ID & Password Against the directory using the values you have setup in the directory authentication setup pages.
5. If the Directory does not validate the User ID & password, then the Directory Authentication fails, the PeopleSoft Authentication fails, and the user is denied access. This failure could happen for a number of Reasons.
6. However, if the directory authentication is successful, then a user profile is created using the USER_PROFILE Component Interface, assuming you have the USER_PROFILESYNCH is enabled as Part of your LDAP authentication setup, the PeopleSoft Authentication is validated, and the signon is Successful.
SIGNON PEOPLECODE
There are three technologies used during this signon process and they are signon Peoplecode, business Interlinks, and USER_PROFILE component interface.
Signon Peoplecode is the ability to execute Peoplecode during the signon process. Any Peoplecode Program can be executed at signon time. PeopleSoft delivers LDAP Authentication Signon Peoplecode As of People Tools 8.
LDAP Authentication Signon Peoplecode uses the LDAP Business Interlink and the USER_PROFILE Component Interface (UPCI) to verify the USER NAME and PASSWORD and automatically update or Create the user profile information in the PeopleSoft database if it does not already exist.
The LDAP_SEARCH and LDAP_BIND Business Interlinks are called by Signon Peoplecode for LDAP authentication and come delivered, ready to use, with PeopleSoft 8.
The LDAP Business Interlink provides an Application Programming Interface (API) to LDAP with Peoplecode. The API is used to access LDAP compliant directories.
The first thing you need to do is to navigate to the PeopleTools > Maintain Security > Setup > Directory
Authentication page. – to do the set for Directory access server.
- Posted by
Ganesh A.M
2 comments:
-
it is good and usefull.
I am just going thru your blogspot. and getting lot of useful and detail information. Thanks for that.
-
Hi...
The info is good. But as a starter I feel its a little confusing.
for e.g.
"LDAP Authentication Signon Peoplecode uses the LDAP Business Interlink and the USER_PROFILE Component Interface (UPCI)"..
is LDAP Busines interlink a interlink in itsef or it represents all types of LDAP busines interlinks ??
in the later para:
he LDAP_SEARCH and LDAP_BIND Business Interlinks are called by Signon Peoplecode for LDAP authentication and come delivered, ready to use, with PeopleSoft 8.
From this understand that,LDAP_SEARCH and LDAP_BIND are two types of LDAP busines interlinks, hence I conclude
"LDAP Business Interlink " is not an interlink in itself.. I gues..the para 1 should have
"LDAP Business InterlinkS" so that it makes clear that there can be multiple "LDAP Business InterlinkS" and the "LDAP Business Interlink" is not a business interlink in itself.