My post Generating an AuthToken for SwitchUser demonstrates how to acquire and expire PeopleSoft authentication tokens. Using this approach, you could hook any custom application into the PeopleSoft security model, allowing PeopleSoft to manage security for many of your custom enterprise applications. Continuous token (ticket) validation could be implemented through a very simple web service that calls SwitchUser and returns the result. If SwitchUser returns true, then the token is valid.
Really, if you are interested in a centeralized, integrated security solution, then you should speak with your Oracle rep about Oracle's Identity Management Suite.
Hi Jim,
ReplyDeleteI have a question regarding Portal and HCM authentication. I looking at an issue that we keep seeing in our logs with an error homepageT. The odd thing is that when I see this error I notice that the appserver is returning a TOKEN with a datetime in the past?
Here is an example that I pulled out of the logs using splunk. It is from last night at 6:42 PM, but the PS_TOKEN is from around 1 PM.
11/30/16
6:42:30.000 PM
PSAPPSRV.25861 (2237) [2016-11-30T18:42:30.855 GetCertificate](3) Returning context. ID=KCW002, Lang=ENG, UStreamId=184230855_25861.2237, Token=PSFT_PA/2016-11-30-12.42.30.154553/KCW002/ENG/jF5gZnpx36fbqtZ1/Ui6/l2EH+Q=
11/30/16
6:42:31.000 PM
PSAPPSRV.17534 (7567) [2016-11-30T18:42:31.230 KCW002@mydata.intranet.umb.com (IE 11.0; WIN7) HomepageTemplate](0) Duplicate cookie PS_TOKEN received. Value1=PSFT_HR/2016-11-30-12.34.08.336246/KCW002/ENG/mqOGbeHMB8V7U0eYA/cA6fAGW4g=, Value2=PSFT_PA/2016-11-30-12.42.30.154553/KCW002/ENG/jF5gZnpx36fbqtZ1/Ui6/l2EH+Q=.
What do you think is going on here and how do you think we can fix it?
Oh, and Congrats on your new job!
@Kevin, it is a great question. I have no idea.
ReplyDeleteHello Jim,
ReplyDeleteI 'm looking to create PS_TOKEN for a particular userID not %operatorID. Do you already post anything of this sort ?
@Raj, a different user than the one that is already logged in? If you have the User ID and password, then the code in this listing will work.
ReplyDeleteHi jim,
ReplyDeleteI'm tryng to access the full url at sign on peoplecode. I'm thinking to achieve the same using javascript window.location.href command and assign it to peoplesoft variable. can you please let me know on how to achieve this ?
@Raj, The %Request object is available to Signon PeopleCode it has properties that provide the full URL to signon PeopleCode. Since JavaScript runs in a completely separate container, that is going to be challenging. I suppose one approach would be to move any variables into cookies, since those become HTTP headers that would also be part of the Request object. They could also be moved into query string parameters, since the URL is available to Signon PeopleCode. But since the URL is already available, that would just be a solution for any other variables.
ReplyDeleteThanks Jim !! I have one more question. We are redirecting user to Java system but the URL was dynamic and it changes each time. We want to delete the cookies before we redirect the user.
ReplyDeleteI don't have a good solution for cookie deletion. Cookies are just HTTP headers, so you may be able to work with the collection directly. If not, you may need a ServletFilter to filter the response.
ReplyDeleteHello Jim,
ReplyDeleteI'm reading a REST API URL using below code
&doc = &MSG.GetURIDocument();
&com = &doc.DocumentElement;
&emailid = &com.GetPropertyByName("EMAILID").Value;
System is removing + character while reading the data. + is converted as space.
Ex: TEST+CHECK@GMAIL is converted to TEST CHECK@GMAIL.COM
That makes sense because a + in a URL/URI is a space. That is URL encoding. If you want to send a + in a URL, then you will need to URL encode it before sending it.
ReplyDelete