PeopleSoft Technology Blog

Two new release value propositions are now available: one covers PeopleTools 8.50, another covers Enterprise Portal 9.1. Both documents provide an overview of the value proposition for the enhancements that are planned for PeopleTools 8.50 and Enterprise Portal 9,1. Both are intended to help you assess the business benefits of these products and to plan your information technology (IT) projects and investments.

PeopleTools RVP
Enterprise Portal RVP

Here is synopsis of the PeopleTools RVP:
The PeopleTools 8.50 release continues Oracle’s commitment to protect and extend the value of your PeopleSoft implementation, provide additional technology options and enhancements that reduce ongoing operating costs, as well as improve the end user’s experience.
Key areas of investment include:
• Extending the PeopleSoft service-enabled architecture.
• Improving the user experience.
• Lowering your total cost of ownership.

The value of PeopleTools 8.50 is grounded in our normal process of including accumulated bug fixes as well as enhancements based upon customer feedback. As a result, we added features that will simplify the integration of your heterogeneous environments, run your business more efficiently, improve the end user’s experience, and increase cost effectiveness. Many of the enhancements of this release involve improving the end user’s productivity through improved usability enhancements, page performance, and integrated related content.

In sum, PeopleTools 8.50 continues to deliver unparalleled customer choice that ensures support of the latest technical innovation with the industry’s lowest cost of ownership and improved user satisfaction.

Key areas and features of PeopleTools 8.50 are:
• Related content
• Improved integration technology
• Greater end-user productivity
• Supported platforms

And here is a synopsis of the Portal RVP:
The PeopleSoft Enterprise Portal 9.1 release continues our strategy that began with release 8.8: to provide rich functionality beyond a simple portal framework. PeopleSoft Enterprise Portal offers a rich set of functional Web 2.0 features, which distinguishes it from conventional framework portals. In addition to new framework improvements and benefits accrued from PeopleTools 8.50, we have added functional features to the PeopleSoft Enterprise Portal—especially in Collaborative Workspaces—that will enable you to introduce Web 2.0 concepts and practices into your enterprise with a resulting improvement in user effectiveness, efficiency, and profitability.

There are a few social networks focused on PeopleTools and Enterprise Portal available on Oracle's Mix networking platform:

PeopleTools General
PeopleSoft Enterprise Portal
PeopleSoft, more than just Tools

If you would like to share information and ideas with other Oracle/PeopleSoft customers and Oracle employees, these are good places to visit.

Let us know if there are other useful networks outside of Oracle where PeopleSoft customers, consultants, and other interested parties meet.

This introduces one of an occasional series which will be created by the PeopleTools Development Team. (remember, if you have any comments on this or any post, click on the email link on the "About" panel)

WS-Security: Publishing outbound SOAP messages using WS-Security

This document is a set of setup steps for Integration Broker Outbound WSS message on PeopleTools 8.48 and 8.49 ONLY.

PeopleTools provides support for WS-Security standard enabling secure web services. It implements Oasis standard 1.0 WS-Security schema which conforms to Web Services Security Standard 1.0.

Within this framework, PeopleSoft implements:
• Username Token Profile 1.0
• X.509 Token profile 1.0

Peoplesoft use X.509 token profile in conjunction with Username Token Profile.
The PeopleSoft implementation of WS-Security :
A) Username Token Profile.
-----------------------------------------
1. Username Token with Password as ClearText **.
2. Username Token without Password.

Both options above can be enabled with X.509 Token Profile.

B) X.509 Token Profile.
--------------------------------------
1. Digitally Signed.
2. Encryption.
3. Digitally Signed and Encrpytion.

Encryption only applies to SOAP header.
Digital Signature applies to both SOAP header and body.

Notes: **
If there is a concern on the password, one can use SSL over HTTP or Encryption from WS-Security.

We’ll discuss how to publish an outbound SOAP message for a service operation for WS-Security.

Steps detailed below assume you have already configured integration gateway and a service operation on your environment. For more details on setting up gateway and service operation refer to 8.49/8.48 Peoplebooks.

To enable Encryption and Digital signature, certificates in Java keystore must be correctly set up and configured. wss.properties file is used to list details about the keystore location and password to it. interop.jks is used as the default keystore file. If you need to use a different keystore you can edit wss.properties file accordingly. You should also ensure the password defined in wss.properties is in sync with the password set for your keystore.

Password in wss.properties can be stored encrypted using pscipher utility. For the default interop.jks keystore it is stored encrypted.

wss.properties file and interop.jks are located at ...\PSIGW.war\WEB-INF\classes on your webserver.

Set Up: For our example below we will use QE_PO_SYNC as our service operation that we will publish with WS-Security. Note: As mentioned at the beginning of the post these instructions only apply for outbound messages

1. To enable the digital signature for the outbound service operation.
a. Create keypair [public key and private key] value through java keytools utility.

b. Alias name for your keypair must match your Default Local node.
For example, if the default local node is defined as “qe_local”, we would generate keypair as below:
keytool -genkey -alias QE_LOCAL -keyalg RSA -keysize 1024 -dname "CN=QE_LOCAL, OU=PeopleTools, O=Oracle, L=Pleasanton, ST=California, C=US" -keypass interop -keystore interop.jks -storepass interop

c. Generate CSR for this public key and get it signed by CA.

d. Downloaded the signed public key cert and Root CA

e. Import Root CA and the signed public key cert.

f. Enable digital signature on the remote node. In our example we have defined QE_IBTGT as the remote node. Navigate to PeopleTools->Integration Broker->Integration Setup->Nodes. On WS-Security tab set authentication token type to ‘Username Token’ and enable ‘Digitally Signed'.

This process will ensure the soap message will be signed. It is signing the header and the body. This means the whole soap message.

2. To enable the encryption for the outbound service operation.
a. Import public key and Root CA of the third party application into your keystore. For our case here it will be interop.jks

b. Ensure third party’s public key with the Alias name must match with the Remote Node name. In our case that would be QE_IBTGT.

Import cert as below:
keytool -import -alias qe_ibtgt -file qe_ibtgt.cer -keypass interop -keystore interop.jks -storepass interop

Note: It is not required for cert file name to match cert alias name.

c. Enable encryption on the remote node, QE_IBTGT. Navigate to PeopleTools->Integration Broker->Integration Setup->Nodes. On WS-Security tab set authentication type to ‘Username Token’ and enable ‘Encrypted’ flag.

If you are signing the message in addition to encrypting it then you would have both the flags, for encryption and signature enabled

Troubleshooting:

One of the common issues is that UserName token is not generated and you get an empty header. In those cases ensure

a. Remote node that tied with the service operation has WS-Security enabled. Navigate to
PeopleTools -> Integration Broker -> Integration Setup -> Nodes. Verify authentication token type is set to ‘Username Token’

b. IB supports various connector types. For Web Service Secruity you need to have HTTPTARGET connector enabled. Verify it accordingly on the Connectors tab.

c. In cases you need to investigate further and report issues to Global Support to help diagnose the problem, turn on the message log set to level 5 in intergrationGateway.properties file. It generates MsgLog.html and ErrorLog.html that provide useful information to support analyst to help identify the problem. It is located at: …\PSIGW.war\WEB-INF.