Table of Contents

Tutorial: Configure Datawiza to enable Azure AD (Microsoft 365) SSO and MFA to Oracle PeopleSoft

6 minutes read
Confident businessman pointing at coded data on computer screen while explaining it to female colleague at meeting
Table of Contents

Tutorial: Configure Datawiza to enable Azure Active Directory (Azure AD) Multi-Factor Authentication (MFA; 2FA) and Single Sign-On (SSO) to Oracle PeopleSoft

This tutorial shows how to enable Azure Active Directory (Azure AD) Single Sign-On (SSO) and Azure AD Multi-Factor Authentication (MFA) for an Oracle PeopleSoft application using Datawiza Access Proxy (DAP), which was called Datawiza Access Broker (DAB) previously.

Benefits of integrating applications with Azure AD using DAP include:

Scenario description

This scenario focuses on Oracle Peoplesoft application integration using HTTP authorization headers to manage access to protected content.

In legacy applications, due to the absence of modern protocol support, a direct integration with Azure AD SSO is difficult. Datawiza Access Proxy bridges the gap between the legacy application and the modern ID control plane, through protocol transitioning. DAP lowers integration overhead, saves engineering time, and improves application security.

Scenario architecture

The scenario solution has the following components:

  • Azure AD: The Microsoft cloud-based identity and access management service, which helps users sign in and access external and internal resources.
  • Datawiza Access Proxy: A lightweight container-based reverse-proxy that implements OpenID Connect (OIDC), OAuth, or Security Assertion Markup Language (SAML) for user sign-in flow. It transparently passes identity to applications through HTTP headers.
  • Datawiza Cloud Management Console (DCMC): A centralized console to manage DAP. DCMC has UI and RESTful APIs for administrators to configure Datawiza Access Proxy and access control policies.
  • Oracle Peoplesoft application: Legacy application going to be protected by Azure AD and DAB.

Understand the SP initiated flow by following the steps mentioned in Datawiza and Azure AD authentication architecture.

Prerequisites

Ensure the following prerequisites are met.

Getting started with Datawiza Access Proxy

To integrate Oracle Peoplesoft with Azure AD:

  1. Sign in to Datawiza Cloud Management Console.
  2. The Welcome page appears.
  3. Select the orange Getting started button.Proxy 
Access Broker

  4. In the Name and Description fields, enter the relevant information.

  5. Select Next.

Deployment Name

  6. On the Add Application dialog, use the following values:

Property

Value

Platform

Web

App Name

Enter a unique application name.

Public Domain

For example: https://ps-external.example.com

For testing, you can use localhost DNS. If you aren’t deploying DAB behind a load balancer, use the Public Domain port.

Listen Port

The port that DAB listens on.

Upstream Servers

The Oracle Peoplesoft implementation URL and port to be protected.

  7. Select Next.

  8. On the Configure IdP dialog, enter the relevant information.

Note: DCMC has one-click integration to help complete Azure AD configuration. DCMC calls the Microsoft Graph API to create an application registration on your behalf in your Azure AD tenant.

  9. Select Create.

Configure IdP

  10. The DAB deployment page appears.

  11. Make a note of the deployment Docker Compose file. The file includes the DAB image, also the Provisioning Key and Provision Secret, which pulls the latest configuration and policies from DCMC.

Provision Key

SSO and HTTP headers

DAB gets user attributes from IdP and passes them to the upstream application with a header or cookie.

For the Oracle Peoplesoft application to recognize the user correctly, there’s another configuration step. Using a certain name, it instructs DAB to pass the values from the IdP to the application through the HTTP header.

  1. In Oracle Peoplesoft, from the left navigation, select Applications.
  2. Select the Attribute Pass subtab.
  3. Use the following values.

Property

Value

Field

Email

Expected

PS_SSO_UID

Type

Header

Note: This configuration uses the Azure AD user principal name as the sign in username used by Oracle Peoplesoft. To use another user identity, go to the Mappings tab.

SSL Configuration

  1. Select the Advanced tab.

  2. Select Enable SSL.

  3. From the Cert Type dropdown, select a type.

  4. For testing purposes, we’ll be providing a self-signed certificate.

SSL

 Note: You have the option to upload a certificate from a file.

Enable SSL

  5. Select Save.

Enable Azure AD Multi-Factor Authentication

To provide an extra level of security for sign-ins, enforce multifactor authentication (MFA) for user sign-in. One way to achieve this is to enable MFA on the Azure portal.

  1. Sign in to the Azure portal as a Global Administrator.
  2. Select Azure Active Directory > Manage > Properties.
  3. Under Properties, select Manage security defaults.
  4. Under Enable Security defaults, select Yes and then Save.

Enable SSO in the Oracle Peoplesoft Console

To enable SSO in the Oracle JDE environment:

Login to Peoplesoft Console

http://{your-peoplesoft-fqdn}:8000/psp/ps/?cmd=start using Admin credentials (Example: PS/PS).

PeopleSoft Console

  2. Add a default public access user to Peoplesoft

   a. From the main menu, navigate to PeopleTools > Security > User Profiles > User Profiles > Add a New Value.

   b. Select Add a new value

Create user: PSPUBUSER and enter the password

Create user: PSPUBUSER and enter the password

    d. Select the ID tab and choose the type as none

   3. Configure the web profile.

        a. Navigate to PeopleTools > Web Profile > Web Profile Configuration > Search > PROD > Security to configure the user profile.

        b. Check the Allow Public Access box and then enter the user id PSPUBUSER and password.

         c. click Save

web configuration

  4. Enable SSO

      a. Navigate to PeopleTools > Security > Security Objects > Signon PeopleCode 

      b. Select the Signon PeopleCode page

      c. Enable the OAMSSO_AUTHENTICATION and then click Save

  5. Configure PeopleCode using the PeopleTools application designer.

       a. Navigate to File > Open > Definition: Record > Name: FUNCLIB_LDAP.

       b. Open FUNCLIB_LDAP

Open FUNCLIB_LDAP

      c. Double click on this record

      d. Right-click LDAPAUTH > View PeopleCode

      e. Search for the getWWWAuthConfig() function. Change &defaultUserId = “”; to &defaultUserId = PSPUBUSER

      f. Double check the user Header is PS_SSO_UID for OAMSSO_AUTHENTICATION function. Save the record definition.

OAMSSO_AUTHENTICATION

Test an Oracle PeopleSoft application

Testing validates the application behaves as expected for URIs. To test an Oracle PeopleSoft application, you validate application headers, policy, and overall testing. If needed, use header and policy simulation to validate header fields and policy execution.

To confirm Oracle PeopleSoft application access occurs correctly, a prompt appears to use an Azure AD account for sign-in. Credentials are checked and the Oracle PeopleSoft appears.

Next steps

Written by the Datawiza team — hope you enjoyed! Join us if you have any questions or need any help on our Discord server. 

Join our Discord server today! 👋Join
+