Professional Documents
Culture Documents
PeopleTools Workflow & Approval Workflow Engine (AWE) setup with SSL
Contains:
SSL Setup PeopleTools Workflow Setup Approval Workflow Engine (AWE) Setup Final Testing
Table of Contents
Table of Contents .................................................................................................................................................. 4 Chapter 1 - Introduction........................................................................................................................................... 5 Structure of this Red Paper Related Materials 5 5
Chapter 2 - SSL Setup............................................................................................................................................. 6 Setup 6 Submitting the Private Key to Authority.....................................................................................................................................9 Downloading the certificate for Browser...................................................................................................................................14 Getting the Public Key sent by Authority..................................................................................................................................16 Downloading the Intermediate CA............................................................................................................................................16 Importing the certificate into Keystore of Webserver...............................................................................................................18 Settings in Webserver console for SSL to work........................................................................................................................20 Chapter 3 - SMTP Settings on Application Server............................................................................................... 27 Settings in psappsrv.cfg file to enable SMTP 27
Chapter 4 Testing the Tools Workflow.............................................................................................................. 29 Chapter 5 Setting up eProcurement Approval Framework..............................................................................30 Activating Workflow for Business Unit Setting up Approval Process Definition for Requisition 34 37
Chapter 6 Creating Requisitions........................................................................................................................ 47 Chapter 7 Requisition Approvals....................................................................................................................... 53 Appendix A Validation and Feedback................................................................................................................ 60 Customer Validation Field Validation 60 60
7/16/2013
PeopleTools Workflow & Approval Workflow Engine (AWE) setup with SSL
Chapter 1 - Introduction
This Red Paper is a practical guide for technical users, installers, system administrators, and programmers who implement, maintain, or develop applications for your PeopleSoft system. In this Red Paper, we discuss guidelines on how to implement SSL, PeopleTools Workflow and Approval Workflow Engine (AWE) with eProcurement Requisitions as an example. Much of the information contained in this document originated within the PeopleSoft Global Support Center and is therefore based on "real-life" problems encountered in the field.
RELATED MATERIALS
This paper is not a general introduction to AWE setup. We assume that our readers are experienced IT professionals, with a good understanding of Workflow and AWE. To take full advantage of the information covered in this document, we recommend that you have a basic understanding of Workflow, Security, eProcurement and how to use PeopleSoft applications. This document is not intended to replace the documentation delivered with the PeopleTools 8.49 or 8.49 PeopleBooks. We recommend that before you read this document, you read the Workflow related information in the PeopleTools PeopleBooks to ensure that you have a well-rounded understanding of our Workflow technology.
SETUP
Generating Private key Go to command prompt and turn the drive which hosts your PSHOME
Navigate to your PSHOME>>Webserv >>Domain>>bin directory. This bin directory contains the command file, which will generate the Private Key for this Webserver. The file name is pskeymanager.cmd.
7/16/2013
PeopleTools Workflow & Approval Workflow Engine (AWE) setup with SSL
The command to generate private key is <pskeymanager.cmd create>. This command needs to be used as follows:
Press enter and this will start generating the Private Key. It will ask for the password, which will be used later to import certificate in keystore. Please note that this password is very important and it should be noted without fail. For this test, password is provided as password. Press enter:
It will now ask for alias for the keystore. This alias name is very necessary and important and Unique. Only through this alias, the webserver will allow to import the specific certificate into keystore. Alias is provided as Test in this case:
It will then ask for common-name. This common name is also important, as Public key/ certificate will be having the naming convention including this common name. Generally, common-name should be given as machine name on which Webserver is running. In this case, common name is give as toolsserver
It will then ask for other details like your Organization name, address etc. Fill in the appropriate information. Following screen shot will show the details filled for this setup:
After this information was provided, it will ask for the password so that all this information will be saved with the private key. Use the same password which was set above:
7/16/2013
PeopleTools Workflow & Approval Workflow Engine (AWE) setup with SSL
Press enter after providing the password and it will verify whether the information is given correct or not. Say Yes if you have provided all the information correctly and hit enter. It will generate the Private Key as follows. Please note that the junk text, which is shown below, is the key generated.
The generated key that is shown above will be saved by default in a text file in your Webserver domain directory. The path will be E:\PSHOME\Webserv\Domain. It will be saved as <Test_certreq.txt> where Test is your alias name provided earlier in the steps. Open the file and see the contents. Make sure to retain every single character including the five hyphens (-) before and after the BEGIN and END tags. This is very IMPORTANT.
Submitting the Private Key to Authority After generating the key, it should be submitted to authority in order to obtain the certificate. In this test, Verisign is used as the certificate authority to provide the SSL certificate. Navigate to the following URL and paste the contents from Test_certreq.txt file. This content is the private key generated by your Webserver and when it will be submitted with Verisign, they will provide Public Key/Certificate based on this. This private key has all the information, which was provided during creation of this key.
URL: https://www.verisign.com/ssl/buy-ssl-certificates/free-ssl-certificate-trial/index.html
Click on Free Trial button and it will show the Welcome page detailing the process.
7/16/2013
PeopleTools Workflow & Approval Workflow Engine (AWE) setup with SSL
Click on Continue button and it will ask few details about your Organization and address etc. Provide all the details. Make sure that you should provide your correct email address as Verisign will send the Public key on your email address only:
Click on continue. It will ask for the Server Platform. As this trial is done on Weblogic webserver and it is not listed, select Server not listed option. In the box provided, paste the contents from <Test_certreq.txt> file. Make sure to select all from the file and paste. DO NOT leave any single character: Also select the Webserver for the question asked about usage. See the screen shot below covering both the points:
11
Note that the server platform is selected as Server not listed, private key generated is pasted in the box provided and usage is selected as Webserver. Click on continue and it will show the details from your Private key and will ask some general pass phrase inputs. Provide the information and click on continue. It will show the details of your technical contact and subscriber agreement.
7/16/2013
PeopleTools Workflow & Approval Workflow Engine (AWE) setup with SSL
Review the same and click on Accept. It will show the page confirming your order for the certificate.
13
After some time, you will receive an email from Verisign containing the Public key.
Downloading the certificate for Browser In order for your certificate to function properly, you must download and install the Root certificate in each browser you plan to use for SSL. Download the browser certificate from the following URL: URL: http://www.verisign.com/server/trial/faq/index.html
Installing the certificate in browser Follow the instructions below (mentioned on above shown page itself) to load certificate into browser.
7/16/2013
PeopleTools Workflow & Approval Workflow Engine (AWE) setup with SSL
Click select all and save the certificate into a file with a .cer extension. In this test, the file is saved as TestCA.cer. Make sure to remove the .txt extension. You can save the file in PSHOME>>Webserv>>domain directory.
15
Open a Microsoft IE Browser. Go to Tools > Internet Options > Content > Certificates Click Import. A certificate manager Import Wizard will appear. Click Next. Browse to the location of the recently stored root (done in step 2). Select ALL files for file type. Select the certificate and click Open. Click Next. Select Automatically select the certificate store based on the type of the certificate. Click Ok. Click next then Finish. When prompted and asked if you wish to add the following certificate to the root store, click Yes.
Getting the Public Key sent by Authority Check your email, as Verisign will send the certificate/public key in email. Downloading the Intermediate CA As Verisign will send the Trial certificate, you need to import Trial intermediate certificate also so that SSL certificate will work properly. Note: This extra Intermediate certificate installation on every other Webserver except Microsoft IIS. As this test is done on Weblogic, this steps needs to be followed. Download the Intermediate CA from the following URL and copy in text file.
URL: http://www.verisign.com/support/verisign-intermediate-ca/trial-secure-server-intermediate/index.html
7/16/2013
PeopleTools Workflow & Approval Workflow Engine (AWE) setup with SSL
Hit select all, copy and paste the content in text file i.e. Notepad.
Concatenating the Intermediate CA and Public Key Copy/concatenate the certificate sent in your email (in junk characters format) in the same text file just Below the recently pasted Intermediate certificate. Make sure that both (Intermediate+SSL certificate) should be in same text file with all the characters. SSL certificate should be below (concatenated) to the Intermediate certificate from the very next line. Just put one ENTER at the end of Intermediate certificate end paste the SSL certificate. Save the file as <common-name>-cert.pem. In this case, common name was <tools-server> given as the machine name on which Webserver is installed. The file name finally saved is tools-servercert.pem in the bin directory of your Webserver domain. The bin directory was referenced earlier in this document.
17
Importing the certificate into Keystore of Webserver The final step is to IMPORT the certificate in the keystore of Webserver so that it will provide the secure environment. The command to import the certificate is pskeymanager.cmd import.
Press Enter and it will ask for password and alias. Make sure to provide correct password and alias, which were set above. The password provided is password and alias provided is Test
7/16/2013
PeopleTools Workflow & Approval Workflow Engine (AWE) setup with SSL
It will ask for the file name to be imported into keystore. The file which needs to be imported here is toolsserver-cert.pem which contains Intermediate and Public certificates as saved above
Press enter and it will show that the certificate is not trusted. Type Yes on the prompt and hit enter.
It will show that the certificate is imported into the key store
19
The successful import can also be verified from PSHOME>>Webserv>>Domain>>Keystore. It must be having recently imported pskey file. Verify the date/time stamp.
Settings in Webserver console for SSL to work Login into Webserver console and enable the SSL. The URL for Webserver console will be http://webserver machine name:http port
Click on Access Weblogic Server Console link Provide the user name and password. The default user name is system and password is password if not set otherwise during PIA install. Click on Lock & Edit button on the Left Hand Side pane to modify the settings
7/16/2013
PeopleTools Workflow & Approval Workflow Engine (AWE) setup with SSL
21
Click on Keystores tab and select as Custom Identity and Custom Trust. Provide passphrase as Password (created in the beginning) in both Identity and Trust columns and hit save:
7/16/2013
PeopleTools Workflow & Approval Workflow Engine (AWE) setup with SSL
Click on SSL tab and provide the alias created and hit save: 23
7/16/2013
PeopleTools Workflow & Approval Workflow Engine (AWE) setup with SSL
Log out from the console window and restart Webserver for changes to take effect.
Verifying the SSL setup Log back in again on the console. Make sure to login with the secure URL this time. For example: https://tools-server:httpsport. The difference in this login URL is the port number and https protocol. The https port is set during PIA setup. You can use as per your port settings.
25
7/16/2013
PeopleTools Workflow & Approval Workflow Engine (AWE) setup with SSL
Chapter 3 - SMTP Settings on Application Server SETTINGS IN PSAPPSRV.CFG FILE TO ENABLE SMTP
1. Make sure that SMTP settings are correct in Appserver configuration file. Following are the settings for SMTP in psappsrv.cfg file: [SMTP Settings] ;========================================================================= ; Settings for SMTP mail ; Allow Dynamic Changes under [Domain Settings] has no effect on these controls ;========================================================================= ; Dynamic change allowed for SMTPServer SMTPServer=specify SMTP server name here
; Dynamic change allowed for SMTPPort SMTPPort=25 (This is always a default port) ; Dynamic change allowed for SMTPServer1 SMTPServer1= (Optional) ; Dynamic change allowed for SMTPPort1 SMTPPort1=0 (Optional) ; Dynamic change allowed for SMTPSender SMTPSender=specify the sender email address here ; Dynamic change allowed for SMTPBlackberryReplyTo SMTPBlackberryReplyTo= ; Dynamic change allowed for SMTPSourceMachine SMTPSourceMachine=specify the IP address of Application Server box here ; Dynamic change allowed for SMTPCharacterSet SMTPCharacterSet=UTF-8 (this is the supported char set) ; Dynamic change allowed for SMTPEncodingDLL SMTPEncodingDLL= SMTPGuaranteed= SMTPTrace=0
27
SMTPSendTime=0
7/16/2013
PeopleTools Workflow & Approval Workflow Engine (AWE) setup with SSL
Note: Uptill Chapter 4, Workflow setup and testing is completed. The next portion i.e. Chapter 5 will focus on to setup eProcurement and testing it.
29
Assigning required Permission Lists Assign permission list ALLPAGES and EPPV1000 (epro Requisitions) to all the 3 roles created.
Creating new Users with valid email address Create 3 new users in the system with the name Wendy, Chrisbaker and Patrick. Assign valid email ids to all these three users
Assigning Roles and Supervisor to users Assign LEVEL1 to Wendy along with PeopleSoft user role
7/16/2013
PeopleTools Workflow & Approval Workflow Engine (AWE) setup with SSL
Assign Chrisbaker as Supervisor to Wendy and make sure to check routing preferences checkboxes
31
Assign Patrick as Supervisor to Chrisbaker and make sure to check routing preferences checkboxes
7/16/2013
PeopleTools Workflow & Approval Workflow Engine (AWE) setup with SSL
Assign LEVEL3 to Patrick along with PeopleSoft user role and make sure to check routing preferences checkboxes in Workflow tab.
Open VP1 user and assign Wendy as Supervisor to VP1 and make sure to check routing preferences checkboxes in Workflow tab.
33
Verifying the final approval chain Now the approval chain should look like this: VP1>>Wendy>>Chrisbaker>>Patrick
7/16/2013
PeopleTools Workflow & Approval Workflow Engine (AWE) setup with SSL
Make sure Workflow Approval Required checkbox is checked. Also make other settings as shown below
35
Configuring Workflow rules Configure ePro Workflow rules. Navigate to eProcurement>>Administer Procurement>> Maintain Workflow>>User List Definition>>hit search>>select Supervisor by userid
7/16/2013
PeopleTools Workflow & Approval Workflow Engine (AWE) setup with SSL
37
7/16/2013
PeopleTools Workflow & Approval Workflow Engine (AWE) setup with SSL
Modify setting for Requisition Either make changes in the existing one or Save As the existing one and save the new one with same name i.e. SHARE. Following screen will appear after selecting Requisition for setid of SHARE
Please note that this is the MOST IMPORTANT screen and all the major setup needs to be done here only. Make all the changes as shown in above screen. Some of the setting will be shown as default but some are very important to verify: a) Process id should be Requisition b) Definition ID should be SHARE c) Status should be Active d) In Stages scroll area, Stage # should be 1 and provide relevant description. Make sure that the level should be Header only e) In Paths area, give relevant description and Source should be Static f) In steps, select Supervisor by Userid for Approver User List and provide relevant description as shown.
39
Note: By default, there will be two stages. One, which is shown above and second, will be named as Fiscal Approval. Than can be viewed from View All link on stages bar. Make sure to delete Fiscal else in the final process, there will be two approval chains shown.
Setting up Details and Criteria for Paths After setting this up carefully, click on Details link on Paths. Verify the setting as shown below and click OK
7/16/2013
PeopleTools Workflow & Approval Workflow Engine (AWE) setup with SSL
a) Make sure to select the Record as REQ_HDR_VW and Field Name as BUSINESS_UNIT b) Verify the criteria operator and other settings. c) Click OK and come to main page
Setting Details for each of the 3 steps Note: There are no self-approval criteria set for any of the step. Make sure to uncheck self approval check box.
41
a) Above screen is for Level1 step details. Make sure to check Sequence #, relevant description, Approver Role name and Number of approvers needed as shown above. Note: It will be important for other two steps details also as shown below Step # 2
7/16/2013
PeopleTools Workflow & Approval Workflow Engine (AWE) setup with SSL
Step # 3
43
Setting Criteria for each of the 3 steps Set Criteria for each of the 3 steps one by one. a) Criteria for step # 1. Make sure to fill all the details as shown below
7/16/2013
PeopleTools Workflow & Approval Workflow Engine (AWE) setup with SSL
45
7/16/2013
PeopleTools Workflow & Approval Workflow Engine (AWE) setup with SSL
Creating new Requisition Login as VP1 (if you are not already) and navigate to eProcurement>>create requisition
Make sure to check Business Unit. It should be US100 and click on continue. Select Special Request tab and Special Item from the list
47
Fill the form as shown below. Note that this is a testing Requisition. Details can be filled as per requirement from lookup options
7/16/2013
PeopleTools Workflow & Approval Workflow Engine (AWE) setup with SSL
Reviewing the created Requisition Click on Review and Submit link on the top bar
49
Save and Preview before submit Click on Save & preview approvals.
Verifying the approval chain You will see that the approval chain is successfully built
7/16/2013
PeopleTools Workflow & Approval Workflow Engine (AWE) setup with SSL
Submit Click on Submit to submit the Requisition. As soon as the Requisition is submitted, a clock icon is visible on Wendys box. This means that it is on Awaiting Approval from first level.
51
7/16/2013
PeopleTools Workflow & Approval Workflow Engine (AWE) setup with SSL
Verifying the Email of Supervisors Verify from the email box of Wendy. There should be an email for this Requisition waiting for approval.
Email: =========================================================== A requisition has been entered which requires your attention. Requester: Business Unit: Requisition ID: Requisition Name: Date: VP1 US100 OPERATIONS 0000000061 0000000061 2008-07-09
You can navigate directly to the approval page by clicking the link below. https://server:httpsport/psp/FSCM9/EMPLOYEE/ERP/c/PV_MAIN_MENU.PV_REQ_APPROVAL.GBL? Action=U&BUSINESS_UNIT=US100&REQ_ID=0000000061 ============================================================ Note: The URL generated in email is in secure format. This is due to SSL implementation on the environment.
Approving Requisitions Click on the URL provided in the email received by Wendy.
---------------------------------------A requisition has been entered which requires your attention. Requester: Business Unit: Requisition ID: Requisition Name: Date: VP1 US100 OPERATIONS 0000000061 0000000061 2008-07-09
You can navigate directly to the approval page by clicking the link below. https://server:httpsport/psp/FSCM9/EMPLOYEE/ERP/c/PV_MAIN_MENU.PV_REQ_APPROVAL.GBL? Action=U&BUSINESS_UNIT=US100&REQ_ID=0000000061
53
Click on the Approve button to approve the Requisition. As soon as this Requisition is approved by Wendy, approval chain will be shown as Chrisbaker for LEVEL2 approver
7/16/2013
PeopleTools Workflow & Approval Workflow Engine (AWE) setup with SSL
Access the email box of Chrisbaker and email request will be there from Wendy for second level approval
A requisition has been entered which requires your attention. Requester: VP1 Business Unit: US100 OPERATIONS Requisition ID: 0000000061 Requisition Name: 0000000061 Date: 2008-07-09 You can navigate directly to the approval page by clicking the link below. https://server:httpsport/psp/FSCM9/EMPLOYEE/ERP/c/PV_MAIN_MENU.PV_REQ_APPROVAL.GBL? Action=U&BUSINESS_UNIT=US100&REQ_ID=0000000061 Click on the URL and it will go to Chrisbakers approval page
Click on the Approve button to approve the Requisition. As soon as this Requisition is approved by Chrisbaker, approval chain will be shown as Patrick for LEVEL3 approver
55
Access the email box of Patrick and email request will be there from Chrisbaker for final level approval
A requisition has been entered which requires your attention. Requester: VP1 Business Unit: US100 OPERATIONS Requisition ID: 0000000061 Requisition Name: 0000000061 Date: 2008-07-09 You can navigate directly to the approval page by clicking the link below. https://server:httpsport/psp/FSCM9/EMPLOYEE/ERP/c/PV_MAIN_MENU.PV_REQ_APPROVAL.GBL? Action=U&BUSINESS_UNIT=US100&REQ_ID=0000000061
7/16/2013
PeopleTools Workflow & Approval Workflow Engine (AWE) setup with SSL
Click on the Approve button to approve the Requisition. As soon as this Requisition is approved by Patrick, approval chain will be shown as completed.
57
After this final approval, one email will go to VP1 (original requester) stating that Requisition is approved.
The following requisition has been "Approved". Requester: Business Unit: Requisition ID: Requisition Name: Date: VP1 US100 OPERATIONS 0000000061 0000000061 2008-07-09
You can navigate directly to the approval page for more information by clicking the link below. https://server:httpsport/psp/FSCM9/EMPLOYEE/ERP/c/PV_MAIN_MENU.PV_REQ_APPROVAL.GBL? Action=U&BUSINESS_UNIT=US100&REQ_ID=0000000061
Click on the URL and it will directly go to VP1s Requisition review page
7/16/2013
PeopleTools Workflow & Approval Workflow Engine (AWE) setup with SSL
Important Note: As this test was done on and for HTTPS environment, you will notice that all the emails which will come to Approvers is having URL in HTTPS format. If SSL is not implemented on the environment, URL will be in HTTP format only.
59
CUSTOMER VALIDATION
PeopleSoft is working with PeopleSoft customers to get feedback and validation on this document. Lessons learned from these customer experiences will be posted here.
FIELD VALIDATION
PeopleSoft Consulting has provided feedback and validation on this document. Additional lessons learned from field experience will be posted here.
7/16/2013
PeopleTools Workflow & Approval Workflow Engine (AWE) setup with SSL
61
7/16/2013
PeopleTools Workflow & Approval Workflow Engine (AWE) setup with SSL
July 2008 Author: Amit Jain Contributing Authors: [OPTIONAL] Oracle Corporation World Headquarters 500 Oracle Parkway Redwood Shores, CA 94065 U.S.A. Worldwide Inquiries: Phone: +1.650.506.7000 Fax: +1.650.506.7200 oracle.com Copyright 2006, Oracle. All rights reserved. This document is provided for information purposes only and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission. Oracle, JD Edwards, PeopleSoft, and Siebel are registered trademarks of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.
62