Layer7 Access Management

Tech Tip : CA Single Sign-On : SiteMinder ERP Agent for PeopleSoft - PeopleSoft User Auditing Limitation

  • 1.  Tech Tip : CA Single Sign-On : SiteMinder ERP Agent for PeopleSoft - PeopleSoft User Auditing Limitation

    Posted 10-07-2016 05:40 AM

    Question:

     

    Peoplesoft presently has the capability to audit user logins, and how many sessions are open for each user.  The Tuxedo application server management produces this information, and running the 'pstools' commandline application produces the audit output below.  After implementing the Siteminder ERP Agent v5.6 for PeopleSoft however, instead of seeing the real username, only "DEFAULT_USER" appears in the logs.

     

    LMID User Name Client Name Time Status Bgn/Cmmt/Abrt
    ----- --------------- --------------- -------- ------- -------------
    testserv01 testba WSH **:**:** IDLE 0/0/0
    testserv01 testba WSH **:**:** IDLE 0/0/0
    testserv01 testba JSH **:**:** IDLE 0/0/0
    testserv01 DEFAULT_USER testserv02.mck+ 0:06:15 IDLE/W 0/0/0
    testserv01 DEFAULT_USER testserv02.mck+ 0:00:22 IDLE/W 0/0/0
    testserv01 DEFAULT_USER testserv02.mck+ 0:16:11 IDLE/W 0/0/0

     

    In the above screen capture excerpt, all "DEFAULT_USER" usernames should instead be actual usernames. How can we have the usernames in place of DEFAULT_USER.

     


    Environment:  

     

    ERP Agents 5.6 SP4

     

     

     

    Answer:

     

    It is not possible to obtain individual username information at Tuxedo for every sign in request when the ERP Agent is deployed.  The reason for this is that the Siteminder ERP Agent deployment requires allowing public access for the web profile with which the PeopleSoft web server is configured.  On setting up this public access property, Tuxedo logs will only contain the information of the userid which is configured or set to have public access permissions for this web profile. Per the PeopleSoft agent guide documentation, this userid is set to DEFAULT_USER; So Tuxedo will only have information of DEFAULT_USER signing in irrespective of the actual username signing in.

     

    KB : TEC484935