|
Peoplesoft v8/LDAP Issues
from 1/22 - 1/23 Meeting with Jeff Pernoud (Peoplesoft)
Meeting Date: 1/23/02
Purpose: To identify issues and impacts
surrounding the Peoplesoft v8 upgrade with regards to LDAP, HTMLAccess,
and other portal services. The focus of the meeting was on short-term
issues, particularly those things needed to get us up in version 8 with
the functionality we have today.
| Attendees: |
Tom Jordan |
Middleware |
| |
Linda Pruss |
Middleware |
| |
Phil Koenig |
Middleware |
| |
Pam Stangl |
Middleware |
| |
Jon Miner |
Middleware |
| |
Scott Fullerton |
Architecture |
| |
Ozzyie Chen |
Apps Tech |
| |
Tim Aucremann |
LIRA |
| |
Stefan Wahe |
Security |
| |
Kathy Caya |
Apps Tech |
| |
Dave Ruhde |
DRMT |
| |
Dale Lucier |
DRMT |
| |
Nina Boss |
DRMT |
| |
Kathy Gleeson |
DRMT |
NOTE: Not all attendees were present
for all aspects of discussion
Major Discussion Points and Conclusions
When will ISIS need to use LDAP to
authenticate users?
Who's working on mapping
functionality from 7 to 8?
When do we convert facstaff to
use Netid?
Applicants do not have access
to the portal
What else needs to happen?
Issue
When will ISIS need to use LDAP to authenticate
users?
Conclusion
Immediately (or at least immediately after the
upgrade, ie August).
Discussion
Peoplesoft has changed the security model in their
self-service applications to require all users to authenticate to the
Peoplesoft system. In technical terms, we need OPRID’s for every student
in version 8, where a single (system-level) OPRID was sufficient in
version 7.
It appears that using a single, system-level OPRID
in version 8 would require some extensive modification (including
modifying most, if not all, of the pages that students would see).
While the change is an overall security and
auditing improvement, it does mean that our existing HTMLAccess
applications will no longer function. It appears that the quickest path
to restoring the functionality that users have today is to allow them to
use self-service functions present in version 8 of SA, while using LDAP
authentication (which Peoplesoft supports and which is in place for
other applications, including the My UW portal).
Please look at this graphic
for an example of how we believe this will work.
Issue
We don't know what functions currently offered via
HTMLAccess, EASI, or IVR map to Peoplesoft 8 self-service functions.
Conclusion
Someone should be working on mapping existing
functionality to new facilities available with Peoplesoft SA v8. The
group listed above did not know of any efforts to map functionality
between 7 and 8, and this is a critical step in preserving existing
functionality. This task is relatively urgent.
Issue
In switching Peoplesoft to use LDAP authentication,
we may or may not choose to convert those faculty and staff that
currently have Peoplesoft operator ID's.
Conclusion
It doesn't appear that there are many technical
issues surrounding this, so the decision should be based on support and
direction.
Issue
Applicants do not exist in LDAP presently, and do
not have access to the portal.
Conclusion
If we provide a mechanism for applicants to
interact with Peoplesoft Self-Service functions using the existing model
(a service account into Peoplesoft), applicants don't need to be added
to LDAP.
This assumes that applicants only need access to
Peoplesoft information, and don't need to log into the portal for other
reasons. Hopefully, the e-Infrastructure group will bring to light any
additional requirements.
What else needs to happen?
There were a number of other issues that came up
(roles, session management) in the course of this meeting that need to
be addressed. Some require engaging the ISIS project folks on campus,
others may require additional consulting services from Peoplesoft.
Tom Jordan is following up on getting the ISIS
project management engaged in the issues raised here.
Ozzyie Chen is working with DRMT and the portal
folks to work out the particulars of how LDAP authentication w/Peoplesoft
via the portal can be done.
|
