In the parts 1 & 2 about implementing SSO for the application , We have covered a high level explanation about how the solution works with details about the setup required & downloading, deploying and configuring the AppGateway Services. Incase you haven't looked into the part 1 & 2 yet, please do look into it before proceeding with Part 3. In this part , we would be covering about how to configure Enterprise Application and tag it to the APPGW Services.
Step 1: Create Enterprise Application
Enterprise Application needs to be created for configuring the SSO Resources and authentication policies.
Logon to IDCS using an administrator account.
Click on Menu -> Applications -> Add.
Select the type as - Enterprise Application.
Provide the Application Name, description & Application URL. Application URL should be the APPGW Load balancer/APPGW URL which was created in part2.
Save and Click on SSO Configuration Tab.
Expand resources and add 3 resources as below -
Name : Favicon , URL - /favicon.ico
Name : Logout , URL - <custom URL of your app> , URL Query String - <Custom string of your app>
Name : Root , URL - /.* , Enable Regex
Expand Authentication policy and create managed resources as below -
Name : Favicon, Authentication Method - Public
Name: Logout , Authentication Method - Form+Logout
Name : Root, Authentication Method - Form or Accesss Token, Add below headers - Name: OAM_REMOTE_USER , Value: User Name
Name: PS_SSO_UID , Value: User Name
Name: USERLOGGEDIN , Value: User Name
Save & activate the Enterprise Application, associate it with users or groups intending to access the SSO App.
Step 1.2: Associate the Enterprise application with the Azure policies
Associate the Enterprise Application created with the already existing Azure AD IDP Policies. Add it to the list of the Applications.
Associate the Enterprise Application created with the already existing Sign-on Azure Policies.Add it to the list of the Applications.
Step 1.3: Configuring the AppGateway with the Enterprise application created:
Add the Enterprise Application created in the above step to the IDCS – AppGateway with the below configuration.
Name : Select the Enterprise Application from the list
Host: Select the Host configured in the AppGateway
Resource Prefix: /
Origin Server: <https://applicationURL mentioned in backend.conf>
Additional Properties: port_in_redirect off;
Save the AppGateway setup.
Logon to the APPGW Server -> Docker container and restart the docker container’s ngnix web services to have it with the updated Enterprise Application.
Step 1.4: Configure the SSO policies in PeopleSoft Application
Please refer to the below URL for changes on the PeopleSoft Application/Code to enable SSO for the environment.
Step 2: SSO Validation:
It's now time to validate your SSO. Try hitting the AppGW URL and see if it's able to invoke the IDCS/Azure AD and complete the authentication before pushing the connection to the PeopleSoft application.
Thanks guys for looking into my article, please feel free to post your queries/suggestions in the contact us page. I will try to respond as soon as I can. Please note that this is a generic article implemented on my personal system and the article is strictly my personal view on the implementation.
Comments