Audit compliance in few companies require additional level of security in online applications to confirm whether the person who fills and submits the company compliance documents is the intended person only.
We had one such client with a requirement,when a user clicks submit button on a PeopleSoft page user should be re-authenticated with enterprise user id and password before allowing him to successfully submit the page.
We had TAM SSO implemented at the organization level. So PeopleSoft function RevalidatePassword() doesn't help us.
Below are the steps of our approach:
1) Created a new PS component which will be opened in a new window on clicking the submit button on which re-authentication has to occur.Select a record (eg: INSTALLATION) that doesn't have any key field as search record for this new component.
2) Register the new component in a dummy navigation which will be hidden from all the users. Access permission will be given to all those users who will be hitting this authentication included submit button.
3) After registering the component get the content reference URL of this new navigation. Below is the sample mocked up URL for our
example.
http://Psoft.dummy.com:9999/psp/ps/EMPLOYEE/HRMS/c/ROLE_EMPLOYEE.SUBMIT_CHALLENGE.GBL
This URL has to be included in enterprise TAM's challenge list. Whenever user clicks on submit button from TAM hosted PeopleSoft environment this authentication component will be opened in new window. As we have this component in TAM's challenge list, enterprise standard authentication page will be displayed.
4) On successful authentication by the user our PeopleSoft authentication component will be displayed.Our requirement was to display the successful authentication disclaimer message giving user OK button to close this window.
Hey Shyam,
ReplyDeleteWhat is "TAM's challenge list" ? What causes TAM's challenge list to be authenticated.