Getting Client IP Address in PeopleSoft

When running PeopleSoft behind a load balancer the client IP address is sometimes not reported correctly on the PSACCESSLOG table, or when using the built-in PeopleCode functions.  This definitely occurs when using Netscaler, as this is what I have the most experience with and what I have had others ask about, but other load balancer products may cause the same behavior.

To get an accurate IP address you must configure the load-balancer to pass this information, which can be done using the HTTP header "X-forwarded-for".  Here is some information on Netscaler.  Refer to your load balancer documentation for details on this setup.

https://docs.citrix.com/en-us/netscaler/10-1/ns-tmg-wrapper-10-con/ns-lb-wrapper-con-10/ns-lb-advancedsettings-con/ns-lb-advancedsettings-cip-tsk.html


Once the load balancer is configured use PeopleCode to read the header for the actual client IP address.  You can create your own access log tables or write conditional logic based on the values.

The function below retrieves the client IP address from the "X-forwarded-for" header using the %Request object.  In this case I am simply inserting the information into a custom table.  This particular example would be called from Signon PeopleCode, so in this context %SignonUserID is the user attempting to login.  In other places %UserID would give you the currently-logged-in user. 


Function MY_ACCESSLOG_INSERT() 

Local string &userid; 
Local string &clientip; 
Local string &comments; 

&userid = %SignonUserId; 
&clientip = %Request.GetHeader("X-forwarded-for"); 
SQLExec("INSERT INTO %Table(MY_ACCESSLOG) VALUES (:1,:2,SYSDATE,:3)", &userid, &clientip, &comments); 

End-Function;


If you need to troubleshoot, or just want to see all the HTTP headers available to PeopleCode, use the code below to create an array of the header names. 



Local string &headers_out;

/* example to show all available header names */
&http_headers = %Request.GetHeaderNames();
For &i = 1 To &http_headers.len
&headers_out = &headers_out | "; " | &http_headers [&i];
End-For;

MessageBox(0,"",0,0, &headers_out);


The psadmin.io blog also has an excellent post on configuring Weblogic to read this header and write the information to the Weblogic access logs, which is simply configuration.

http://psadmin.io/2016/11/24/load-balancers-and-client-ip-addresses


At this point I do not have a good way to get the correct IP address into the delivered PSACCESSLOG table, but that would be a customization that I would probably prefer to avoid anyway.  I think the approaches above can meet most requirements.


Comments

Post a Comment

Popular posts from this blog

PeopleSoft PUM Image Maintenance

Image
The PeopleSoft PUM Image VMs seems to work pretty well once installed.  There is very little maintenance that I have had to perform on these environments and I can always start over by rebuilding the VM if I really break something.  Still, there have been some small issues recently that have required digging into the these environments so here are some notes to help. Database Administration The Oracle Database runs within the same VM and can be accessed using TNS with SQLPlus, SQL Developer, or most other Oracle-compatible tools.  However, I recently needed to make some adjustments to the SYSADM privileges.  For this I needed to connect as SYSDBA. 1. Login to the VM as root   (this account was setup when you installed the image) 2. Switch to the oracle  account.  This is the database owner. su - oracle 3. You then need to know the database name to connect to.  The easiest way is to look for the pmon process.  In the example be...
Read more

Records in a PeopleSoft Component

This simple SQL can be used to identify the records that are used behind an online PeopleSoft component.  Sometimes you just need to look at the data, sometimes you need to write scripts to manipulate or export the data.  The code below includes only the SQL Table and SQL View record types and filters out records and fields that are only related-display. Yes, you could open App Designer to find the pages and records within the component, but I wanted a quicker way that would show only the records most likely to contain the data.  I especially do not want to parse through the numerous temp tables and work records that will show up in App Designer for some components. This should work on Oracle databases.  It has bind variables to accept the component name as input so you may need to replace or pass the values, depending on your SQL tool. There are several ways to find the component name while online, if you need to.  In some environments Ctrl+Shift+J may wo...
Read more