Escolar Documentos
Profissional Documentos
Cultura Documentos
Process Security
The PeopleSoft Enterprise Process Scheduler is a background processing and scheduling facility. Process Scheduler can be
used to assign Process Definitions to various Process Groups and then grant or restrict user access to those groups using
Security Administration. If a process definition is not assigned to a user’s authorized process groups, the user does not
have permission to run that process.
Object Security
Object Security governs access to the individual metadata definitions for development purposes. Record definitions, Field
definitions, Page definitions, and others created with the Application Designer integrated development environment are
controlled with Object Security. This facility is used to protect specific object definitions from being modified by
developers. There is also an option to restrict access to entire object types.
Query Security
PSQuery is an ad hoc reporting tool used to generate SQL queries to retrieve information from application tables. Each
PSQuery user can be assigned access to specific tables for building and running queries. PSQuery Access Groups provide
data level access control at the table and column levels. Queries are created and then operators are assigned to those
groups using PSQuery Security. PSQuery Security is enforced only when using PSQuery - it does not control runtime page
access to table data.
1 Goldman Sachs, Independent Insight, US Technology Strategy IT Spending Survey, January 12, 2006
Row Security views are special types of SQL views that can be used to configure control access to individual rows of data
stored in the application database tables. PeopleSoft Enterprise applications come with built-in, row-level security
functions tailored to specific applications. For example, PeopleSoft Enterprise Human Capital Management includes
security tables that support the restriction of operator access to employee rows according to organizational roles or to
allow an operator to view and update rows only for employees in their department.
PeopleCode can restrict access to specific fields or columns within application tables. For example, if a certain user role
should be able to access only certain pages but not be able to view a specific field on those pages (e.g., compensation
rate), PeopleCode can be used to hide the field for that role.
Pluggable Cryptography
Pluggable encryption augments the existing support for encryption. This technology enables you to secure critical
PeopleSoft Enterprise application data and communicate securely with other businesses. It enables you to extend and
improve cryptographic support for data in PeopleTools. It also provides strong cryptography with the flexibility to change
and grow by incrementally acquiring stronger and more diverse algorithms for encrypting data.
Any data used in an application can be encrypted by invoking PeopleCode to apply your preferred encryption algorithms.
These algorithms from can be obtained from various vendors’ cryptographic libraries. The features of pluggable
cryptography include:
• Access to a robust set of algorithms (symmetric and asymmetric ciphers, password-based encryption, hashes,
media access controls, signatures, enveloping, encoding, and writing and processing secured messages).
• The ability to encrypt, decrypt, sign, and verify fields in a database.
• The ability to encrypt, decrypt, sign, and verify most external files.
• A secure keystore for encryption keys of widely varying types.
• The ability to convert data from one encryption scheme to another.
The functional elements of pluggable cryptography are:
• A dynamic link library (DLL) for each supported encryption library that uses C glue code to convert each
cryptographic library’s application programming interface (API) into a unified plug-in with an API accessible
from PeopleCode.
• A universal keystore that handles all forms of encryption keys, protected with row-level security.
• A sequence, or chain, of algorithms that you define for a specific encryption task. These algorithms are applied in
turn to transform data from its original form into a desired final form.
Integrating PeopleSoft Enterprise user profiles with LDAP directories provides PeopleSoft Enterprise customers with the
following benefits:
• Customers can use a single, centralized user profile for PeopleSoft Enterprise applications and other Enterprise
applications. This results in lower maintenance costs and fewer errors because user attributes are not stored
redundantly.
• Customers can leverage PeopleSoft Enterprise business events and data to drive LDAP user profile and group
creation and maintenance. For example, when an employee is hired within the PeopleSoft Enterprise Human
Capital Management system, an event can be triggered within the PeopleSoft Enterprise application that results
in the creation of a user profile in the LDAP directory. The customer can then leverage this profile information
across all their enterprise applications.
Industry leading directory sever technologies have been certified with the PeopleTools architecture: Oracle Internet
Directory, Novell eDirectory, Sun ONE, and Microsoft Active Directory. The integration between the PeopleSoft
Enterprise architecture and the directory are written using native LDAP standards, therefore customers can essentially use
any LDAP version 3 compliant server. The implementation of LDAP is fully LDAP v3 compliant and supports use of
SSL (LDAPS) to secure the interface to the directory.
It should also be noted that PeopleSoft Enterprise applications use an open, extensible authentication API for directory
server integration. Other authentication schemes can easily leverage these same APIs. For example, PeopleSoft Enterprise
applications seamlessly integrate with PKI (Public Key Infrastructure) authentication services, third party single signon
solutions, or other services. For more information on integrating with other authentication mechanisms, see the
Enhanced Authentication—Signon PeopleCode section of this paper.
It is important to allow only authorized users to gain access to your system. Moreover, it is important to ensure that it is
indeed the authorized user that is accessing the systems, and not omeone using an authorized user’s credentials.
Authenticating users is an important aspect for internet security and the stronger the authentication mechanism the better.
Another authentication feature provided is Signon PeopleCode. Signon PeopleCode allows for authentication with many
different authentication mechanisms.
Signon PeopleCode:
When someone tries to login to PeopleSoft Enterprise, the signon process can be controlled through Signon PeopleCode.
Signon PeopleCode is PeopleCode that is triggered each time a user tries to login. The directory authentication feature
uses this Signon PeopleCode to invoke an LDAP integration process, but it is fully customizable. Some customers may
choose to use Unix security instead of LDAP. This can be done with minimal Signon PeopleCode. Perhaps a customer
wants to validate logins from internal IP addresses one way and external IP addresses in another, not an issue with with
Signon PeopleCode.
Strong authentication refers to methods beyond the basic User ID and Password pair most commonly used to access
application. Typically, strong authentication mechanisms employ two factor authentication where something the user has,
in his or her possession, and something the user knows is required to authenticate to the system. Examples of two-factor
authentication mechanisms include hardware tokens (e.g., in addition to a password, a physical device must be in
possession of the user to log on) and digital certificate based authentication (e.g., users authenticate to a Public Key
Infrastructure using their digital certificate and password or other additional authentication means).
A number of built-in features are provided to support various authentication means, including strong authentication.
These features are quite flexible, intended to enable PeopleSoft Enterprise applications to fit into the authentication
mechanism of most any security infrastructure. These features leverage built in facilities to support web server based
authentication and LDAP directory authentication. This is discussed in the next section.
The externalized signon process largely involves the 3rd party system authenticating the user by whatever technique is
supported by the 3rd party system (e.g., digital certificate, user id/password, hardware token, smart card, biometric device,
etc.). When externalizing the authentication to PeopleSoft Enterprise to a 3rd party system, the PeopleSoft Enterprise
web server is configured to not present a separate PeopleSoft Enterprise login prompt. The steps in this externalized
signon processes are outlined below.
Externalized Signon Process flow:
1. The 3rd party system authenticates the user based upon user-entered input.
2. The 3rd party system passes the user’s ID (e.g., PeopleSoft Enterprise User ID, directory DN) to the PeopleSoft
Enterprise servlet.
3. The ID is passed to the signon PeopleCode on the application server.
4. When using a directory with PeopleSoft Enterprise, then PeopleSoft Enterprise obtains User Profile information
from the directory. If not using a directory, then the User Profile information is obtained from the PeopleSoft
Enterprise database.
5. Log the user onto the PeopleSoft Enterprise application with appropriate authorizations per the User Profile.
As illustrated, the externalized signon process enables PeopleSoft Enterprise to leverage the centralized authentication
services of a 3rd party solution, thus extending its inherent benefits into PeopleSoft Enterprise. As mentioned, this
process very flexible, deliberately designed to fit easily into many environments and architectures. Because the process is
implemented in signon PeopleCode, the countless virtues and capabilities within PeopleCode can be applied to the signon
and authentication/authorization logic.
To further illustrate this flexibility, the ID passed into PeopleSoft Enterprise in step 3 above need not be the actual
PeopleSoft Enterprise User ID. Out-of-the-box signon PeopleCode features for LDAP directory integration enable User
Profile information to be obtained from a directory. Thus, for many 3rd party authentication mechanisms the ID that is
passed into PeopleSoft Enterprise in step 3 is merely the authenticated user’s distinguished name (DN). The DN serves as
a pointer into the directory where PeopleSoft Enterprise User Profile information can be obtained, including the user’s
actual PeopleSoft Enterprise User ID. In this manner, it is very easy to use an email address as the PeopleSoft Enterprise
User ID. In this case, PeopleSoft Enterprise merely uses the contents of the mail attribute of the user object in the
directory as the PeopleSoft Enterprise User ID to log on to the PeopleSoft Enterprise application.
This flexibility and extensibility is very important in a collaborative enterprise since one application in your organization
cannot dictate or drive the security for the entire organization.
Securing the Web server to Application Server Interface: The communications interface between the PeopleSoft
Enterprise web server and application server is provided through the use of BEA Jolt middleware. Encrypting Jolt traffic
is a standard configuration option that includes support for strong encryption.
With its open architecture, the PeopleTools architecture supports the leading commercial database platforms. The
communications interface between the application server and the database server is provided through the use of the
database connection interfaces provided with each particular database. Most database connection interfaces provide
means to encrypt the connections to the database.
Deploying PeopleSoft Enterprise to be accessible from the internet requires a network infrastructure that limits direct
access to critical elements. In the PeopleSoft Enterprise architecture, the most critical elements of the architecture are the
PeopleSoft Enterprise Application Server and the PeopleSoft Enterprise database server. The web server is not as critical
because it does not employ business logic or access application data). It is important to note that since PeopleSoft
Enterprise applications all leverage the same PeopleTools architecture, the references to PeopleSoft Enterprise elements
apply in the same way to all PeopleSoft Enterprise applications such as Customer Relationship Management, PeopleSoft
Enterprise Portal solutions, Human Resources Management Systems, Financial, Supply Chain, etc.
The general method to limit direct access to critical elements is not unique to PeopleSoft Enterprise and employs two
firewalls. The outer firewall permits access from the internet while the inner firewall only permits access from that which
has already made it past the outer firewall. In this way, there is a somewhat safe-haven zone, commonly referred to as a
de-militarized zone or DMZ. Best practices strongly suggest the basic firewall and network configuration is well
established and tested before adding the PeopleSoft Enterprise elements into the network architecture.
Firewall/DMZ configurations
In deploying PeopleSoft Enterprise applications in a DMZ configuration the primary decision surrounds whether to place
the web server within the DMZ or behind it. There are of course many other potential combinations, but these primary
alternatives are discussed below. Both configurations are very secure and reasons to implement one over the other will
likely depend on specific characteristics of your network security topology and policies. In general though, the further
back behind firewalls the better, for placing PeopleSoft Enterprise elements in the network architecture.
The configuration employs a reverse proxy in the de-militarized zone. All PeopleSoft Enterprise elements, including the
PeopleSoft Enterprise web server are behind the inner most firewall.
A reverse proxy is simply a server (not part of PeopleSoft Enterprise) that employs two network interfaces, one to the
external internet and the other to the internal network. In this fashion, the reverse proxy protects the PeopleSoft
Enterprise environment by preventing any direct access to the PeopleSoft Enterprise web server from the external
internet. The reverse proxy forwards any HTTP(S) requests received from the outside on to the PeopleSoft Enterprise
web server. Similarly, any responses from the PeopleSoft Enterprise web server are forwarded back to the requestor
(browser or system).
One of the primary characteristics of this configuration above is its simplicity in terms of firewall configuration. The
firewalls need only be configured to allow standard traffic through, namely HTTP, or HTTPS if using Secure Sockets
Layer (SSL) on the PeopleSoft Enterprise web server. Another characteristic of this configuration is that even if the
Reverse Proxy in the DMZ is compromised, there’s essentially no PeopleSoft Enterprise information or data on it that
can be exploited.
The configuration with a reverse proxy in the DMZ providing access to PeopleSoft Enterprise elements behind the inner-
most firewall has been deployed successfully within internal PeopleSoft Enterprise implementations. In this manner, end
user browsers and systems accessing PeopleSoft Enterprise appear to be accessing the PeopleSoft Enterprise web server
directly from the internet, when in fact they are really only able to access the reverse proxy server. Moreover, no
noticeable degradation in performance has been detected using this type of configuration.
Figure 5: PeopleSoft Enterprise Web Server in DMZ
This configuration places the PeopleSoft Enterprise web server within the de-militarized zone; PeopleSoft Enterprise
Application Server and Database Server are behind the innermost firewall. In the above configuration, the PeopleSoft
Enterprise web server resides within the DMZ protected by the outer-most firewall. This configuration permits direct
external access to the PeopleSoft Enterprise web server while restricting direct access to the PeopleSoft Enterprise
application server.
The outer-most firewall need only be configured to allow standard traffic through, namely HTTP, or HTTPS if using
Secure Sockets Layer (SSL) on the PeopleSoft Enterprise web server. A unique characteristic to this configuration
surrounds the interface between the PeopleSoft Enterprise web server and application server.
The communication protocol between the PeopleSoft Enterprise web server and application server is provided through
the use of BEA Jolt middleware. When the PeopleSoft Enterprise web server resides in the DMZ, per Figure B above,
Jolt traffic needs to pass through a firewall. The innermost firewall then needs to be configured to allow the Jolt traffic
between the appropriate ports on the web server and application server. While configuring the firewall to allow Jolt traffic
is a simple, documented process, it is not generally as familiar to network administrators as configuring a firewall to allow
HTTP or HTTPS traffic.
Whether to choose a configuration with the PeopleSoft Enterprise web server behind the DMZ or within it is subject to
debate. Generally speaking, the further back the elements are located behind the outer perimeter the more secure the
system—at least from the external internet.
Having the web server within the DMZ can provide some performance gains as the web server is closer to the edge
perimeter but this comes with increased exposure as the web server is directly accessible from the internet.
IN CONCLUSION
Security is of paramount concern to Information Technology organizations today. Protecting against computer criminals,
limiting the “insider threat,” and ensuring compliance with privacy, data breach, and financial accountability laws are now
top priorities for IT executives. Security features such as access control, user authentication, data encryption, and audit
support have therefore become important software buying criteria.
As demonstrated throughout this paper, PeopleTools provides the appropriate mechanisms to support native and
enterprise security services. Whether its authorizing end users, integrating with directory services or securing PeopleSoft
Enterprise applications for external access, PeopleTools offers robust mechanism to secure and protect your application
assets.
Security and PeopleSoft Enterprise
July 2006
Contributing Authors: Jim Ellis, Michael Seymour, John Heimann
Oracle Corporation
World Headquarters
500 Oracle Parkway
Redwood Shores, CA 94065
U.S.A.
Worldwide Inquiries:
Phone: +1.650.506.7000
Fax: +1.650.506.7200
oracle.com