tag:blogger.com,1999:blog-34020393.post6988966662618568973..comments2024-03-27T10:59:38.307-07:00Comments on Jim's PeopleSoft Journal: Desktop Integrated SignonJim Marionhttp://www.blogger.com/profile/12995110203807924786noreply@blogger.comBlogger69125tag:blogger.com,1999:blog-34020393.post-85556838824590967712018-11-15T21:26:43.423-08:002018-11-15T21:26:43.423-08:00@Unknown, the most common cause of this issue is a...@Unknown, the most common cause of this issue is an improper URL. Make sure the portal is included in the target PeopleSoft URL and that it matches the URL you would expect to see after logging in.Jim Marionhttps://www.blogger.com/profile/12995110203807924786noreply@blogger.comtag:blogger.com,1999:blog-34020393.post-78795778730943583012018-07-17T05:15:05.248-07:002018-07-17T05:15:05.248-07:00Hi Jim,
Sorry for receiving this old thread.We are...Hi Jim,<br />Sorry for receiving this old thread.We are trying to integrate Siteminder with PeopleSoft.We are having few issues while integration.Siteminder team has created a link but it is not bypassing the sign on page.Moment we login it gives us an error saying 'Could not open registry'Parthhttps://www.blogger.com/profile/06816391034598026031noreply@blogger.comtag:blogger.com,1999:blog-34020393.post-18261654166730973172016-05-20T16:05:07.462-07:002016-05-20T16:05:07.462-07:00Hello Jim & Rajat,
I can't find anymore i...Hello Jim & Rajat,<br /><br />I can't find anymore info and help from Oracle Supprot, wonder if you can share the knowledge with me.<br /><br />We tried to follow PeopleTools 8.52 PeopleBooks to setup Kerberos SSO, the keytab file does contain the valid HTTP://@DOMAIN.COM but when web server boots and we issue the URL:////?/tab=DEFAULT command, it shows with "Invalid Token". The web server is running under local admin account, but when I try to setup startPIA as window service using the AD account (after the SETSPN command), it won't recognize this account. Do you know the PeopleSoft server needs to be running using the AD account we setup in AD? <br /><br />Thanks,<br />YiAnonymoushttps://www.blogger.com/profile/17609204365851528023noreply@blogger.comtag:blogger.com,1999:blog-34020393.post-62676211489856022592016-03-14T04:11:03.264-07:002016-03-14T04:11:03.264-07:00hello Jim,
We are upgrading Peoplesoft Tools from...hello Jim,<br /><br />We are upgrading Peoplesoft Tools from PT 8.51 to PT 8.54.14. We had Kerberos SSO with AD working fine with PT 8.51 but we are struggling to get it working with PT 8.54. We see some changes to web.xml but overall Kerberos classes and signon peoplecode remains same. Any suggestion from you will be great. We are trying to do same steps as we did in PT 8.51.<br /><br />Thanks<br />RajatRajathttps://www.blogger.com/profile/14501864956429782546noreply@blogger.comtag:blogger.com,1999:blog-34020393.post-91278109404441034352015-12-06T07:21:05.533-08:002015-12-06T07:21:05.533-08:00@Arshad, the only supported method for implementin...@Arshad, the only supported method for implementing SAML 2.0 is to use Oracle Identity Suite in front of PeopleSoft. There are several organizations, however, that are quite happy with their Shibboleth implementations.Jim Marionhttps://www.blogger.com/profile/12995110203807924786noreply@blogger.comtag:blogger.com,1999:blog-34020393.post-80725798184280339712015-12-05T01:18:24.689-08:002015-12-05T01:18:24.689-08:00Hi Jim
Sorry to revive one of your old blog posts...Hi Jim<br /><br />Sorry to revive one of your old blog posts. I am trying to find some information on implementing SSO for PeopleSoft (PT 8.54) using ADFS (SAML2.0 or later) but cant seem to find any information on this.<br /><br />Do you know if this is possible to do? If yes, does it require any additional components? I was reading in one of the forums that they used IIS as a proxy server for the integration between PeopleSoft and ADFS.<br /><br />However I cannot find any detailed information on this. Let me know if you can help with this.<br /><br />Regards<br />ArshadArshadhttps://www.blogger.com/profile/15729562499201009071noreply@blogger.comtag:blogger.com,1999:blog-34020393.post-15346340069457165112015-10-28T06:18:42.608-07:002015-10-28T06:18:42.608-07:00Dear Jim,
I have a query that we are facing some ...Dear Jim, <br />I have a query that we are facing some session overridden issues in production.<br />Actually we are invoking peoplesoft SIGNON peoplecode with a diffent user.<br />At signon peoplecode there are two options either using %singonuser or you can set a particular user account. we have set a user to invoke the signon peoplecode.<br /><br /><br /> But it seems like sometimes sessions are getting overidden as to invoke signon peoplecode the user is same for different users.<br /><br />Could you please suggest how to avoid session overlapping.Chandra Rawathttps://www.blogger.com/profile/03791974785553834301noreply@blogger.comtag:blogger.com,1999:blog-34020393.post-72037252157378138042013-01-04T12:49:06.344-08:002013-01-04T12:49:06.344-08:00@Gustavo, I believe those are just warnings (yello...@Gustavo, I believe those are just warnings (yellow squiggly instead of red squiggly) telling you that Java 1.6 has a better way to handle Collections, but the old way still works.<br /><br />Other than confirming everything is configured, I don't have any idea why it isn't working. You might try checking your HTTP requests from browser to server using Fiddler to make sure you are getting the NTLM challenge response. If you have Firefox and don't have it configured for NTLM, it will prompt you to allow NTLM, so that will be a good indicator that the ServletFilter is working as well. Another point to check is to see if your web server is validating tokens against your directory server. You can check this with a network sniffer configured to trap communication between your web server and directory server. I don't think you will be able to decipher the communication. The key is just whether it actually connected and received a response.<br /><br />The other thing to check is to ensure that your signon PeopleCode is firing. But the fact that you are able to test the value of XX_REMOTE_USER tells me you already tested that. You might also print all of the HTTP headers to a file to see if the header has a different name.<br /><br />In your servletfilter, you can also print to a file to make sure that it is handling requests. If you aren't seeing output in a log file for each request, then your servlet filter isn't getting called and that would point to a web.xml configuration issue.Jim Marionhttps://www.blogger.com/profile/12995110203807924786noreply@blogger.comtag:blogger.com,1999:blog-34020393.post-56299251651965271522013-01-04T10:27:42.720-08:002013-01-04T10:27:42.720-08:00Hi Jim, I couldn't find any error on the files...Hi Jim, I couldn't find any error on the files you mentioned. The only thing that I noticed when editing Java class (I'm not a Java programmer) for the latest JCIFS version is that in getHeaderNames function the Eclipse editor shows warnings like the following:<br /><br />Type ArrayList is a raw type. References to generic type ArrayList should be parameterized<br /><br />Or the following error in "headers.add(e.nextElement())":<br /><br />The method add(string) in the type vector string is not applicable for the arguments (Objects)<br /><br />So, do you have any idea what to check/review?<br />Regards,<br />GustavoAnonymoushttps://www.blogger.com/profile/10765593352506128034noreply@blogger.comtag:blogger.com,1999:blog-34020393.post-31594321568201008632013-01-04T10:10:50.005-08:002013-01-04T10:10:50.005-08:00@Gustavo, it is good to hear that you had everythi...@Gustavo, it is good to hear that you had everything working before. I don't see any reason it would stop working after an upgrade. The PIA_servlets.log file is specific to PeopleSoft servlets and won't likely log errors from the JCIFS ServletFilter. Take a look at your web server's stdout and stderr log files as well.Jim Marionhttps://www.blogger.com/profile/12995110203807924786noreply@blogger.comtag:blogger.com,1999:blog-34020393.post-16606379349969162212013-01-04T09:22:03.516-08:002013-01-04T09:22:03.516-08:00Hi Jim, I have an issue in my environment. In the ...Hi Jim, I have an issue in my environment. In the past, we implemented your solution on a PT8.45 env and it's working fine. But after upgrading to PT8.52, it's not working anymore. We tried and the sentence "%Request.GetHeader("XX_REMOTE_USER");" it seems that it doesn't work, because the &userName variable it's empty.<br />We are using the same Jcifs than before (1.2.25b version) even we tried with the last one, but it didn't work too.<br />The new web.xml file was configured the same as the old one.<br />We have a WAS 7 webserver over a AIX machine, so we can't implement Desktop Single Sign On with Kerberos, according to the Oracle Support.<br />PIA_servlets logs shows the following:<br /><br />WARNING psft.pt8.auth.PSCacheHashTable init PSCacheHashTable: warning, configDir doesn't exist: %WEBSERVER_HOME%/%DOMAIN_NODE%/%WEBAPP%/WEB-INF/psftdocs<br /><br />System.out shows:<br />PSAuthenticator authenticate QEDMO Web server authentication failure<br /><br />Application Server log shows:<br />PSAuthenticator authenticate QEDMO <br />Web server authentication failure<br />Failed to execute GetCertificate request<br /><br />Do you have any ideas?<br />Regars<br />GustavoAnonymoushttps://www.blogger.com/profile/10765593352506128034noreply@blogger.comtag:blogger.com,1999:blog-34020393.post-88702765729847826992012-08-03T08:07:02.886-07:002012-08-03T08:07:02.886-07:00@Kannan, good job resolving all of the other issue...@Kannan, good job resolving all of the other issues! Is your Microsoft domain server named LDAP.MYDOMAIN.COM? It sounds like the jcifs servlet is not able to connect to LDAP.MYDOMAIN.COM.Jim Marionhttps://www.blogger.com/profile/12995110203807924786noreply@blogger.comtag:blogger.com,1999:blog-34020393.post-56321702348035348342012-08-03T07:36:41.036-07:002012-08-03T07:36:41.036-07:00I was able to fix the java code issue, compiled j...I was able to fix the java code issue, compiled java files and moved class files as you as said. I also added Peoplecode and enabled single signon. <br /><br />I got the following error in Weblogic log.<br /><br /> <br />#### <> <> <[ServletContext(id=78388235,name=PORTAL,context-path=)] Servlet failed with IOException<br />java.lang.Throwable: LDAP.MYDOMAIN.COM<br /> at jcifs.netbios.NameServiceClient.getAllByName(Ljcifs/netbios/Name;Ljava/net/InetAddress;)[Ljcifs/netbios/NbtAddress;(NameServiceClient.java:307)<br /> at jcifs.netbios.NbtAddress.getAllByName(Ljava/lang/String;ILjava/lang/String;Ljava/net/InetAddress;)[Ljcifs/netbios/NbtAddress;(NbtAddress.java:463)<br /> at jcifs.smb.SmbSession.getChallengeForDomain()Ljcifs/smb/NtlmChallenge;(SmbSession.java:75)<br /> at jcifs.http.NtlmHttpFilter.negotiate(Ljavax/servlet/http/HttpServletRequest;Ljavax/servlet/http/HttpServletResponse;Z)Ljcifs/smb/NtlmPasswordAuthentication;(NtlmHttpFilter.java:157)<br /> at jcifs.http.NtlmHttpFilter.doFilter(Ljavax/servlet/ServletRequest;Ljavax/servlet/ServletResponse;Ljavax/servlet/FilterChain;)V(NtlmHttpFilter.java:121)<br /> at weblogic.servlet.internal.FilterChainImpl.doFilter(Ljavax/servlet/ServletRequest;Ljavax/servlet/ServletResponse;)V(FilterChainImpl.java:27)<br /> at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run()Ljava/lang/Object;(WebAppServletContext.java:6987)<br /> at weblogic.security.acl.internal.AuthenticatedSubject.doAs(Lweblogic/security/subject/AbstractSubject;Ljava/security/PrivilegedAction;)Ljava/lang/Object;(AuthenticatedSubject.java:321)<br /> at weblogic.security.service.SecurityManager.runAs(Lweblogic/security/acl/internal/AuthenticatedSubject;Lweblogic/security/acl/internal/AuthenticatedSubject;Ljava/security/PrivilegedAction;)Ljava/lang/Object;(SecurityManager.java:121)<br /> at weblogic.servlet.internal.WebAppServletContext.invokeServlet(Lweblogic/servlet/internal/ServletRequestImpl;Lweblogic/servlet/internal/ServletResponseImpl;)V(WebAppServletContext.java:3892)<br /> at weblogic.servlet.internal.ServletRequestImpl.execute(Lweblogic/kernel/ExecuteThread;)V(ServletRequestImpl.java:2766)<br /> at weblogic.kernel.ExecuteThread.execute(Lweblogic/kernel/ExecuteRequest;)V(ExecuteThread.java:224)<br /> at weblogic.kernel.ExecuteThread.run()V(ExecuteThread.java:183)<br /> at java.lang.Thread.startThreadFromVM(Ljava/lang/Thread;)V(Unknown Source)<br />> <br /><br />Please let me your thoughtAnonymoushttps://www.blogger.com/profile/14913946165917965266noreply@blogger.comtag:blogger.com,1999:blog-34020393.post-41291489349522382842012-08-02T10:37:38.225-07:002012-08-02T10:37:38.225-07:00@Kannan, you may have to change the Java to make i...@Kannan, you may have to change the Java to make it work. This post was for Java 1.4 and is 5 years old. You can still use it, but will need to update some of the code to user newer versions of Java.<br /><br />To deploy, copy the class files into your webserver's PORTAL/WEB-INF/class es or WEB-INF/lib directory.Jim Marionhttps://www.blogger.com/profile/12995110203807924786noreply@blogger.comtag:blogger.com,1999:blog-34020393.post-58095320934947765252012-08-02T07:38:18.042-07:002012-08-02T07:38:18.042-07:00Jim,
I am very sorry to keep disturbing you and...Jim, <br /><br /><br />I am very sorry to keep disturbing you and hope you don't mind to clarify doubts. I have two issues. <br /><br />1. I got the following error when i compile the java<br /><br />Project: C:\Users\kchidamb\Desktop\Single Sign on\Java Code\jcifs-1.3.17\jcifs-1.3.17.jpr<br />C:\Users\kchidamb\Desktop\Single Sign on\jcifs-1.3.17\jcifs_1.3.17\src\jcifs\http\NtlmHttpServletRequest.java<br />Error(51,42): ')' expected<br />Error(60,10): cannot find class Vector<br />Error(60,31): cannot find class Vector<br /><br />2. How to move this code to Weblogic server. <br /><br />I appreciate your timely help<br /><br />Thanks,<br />KannanAnonymoushttps://www.blogger.com/profile/14913946165917965266noreply@blogger.comtag:blogger.com,1999:blog-34020393.post-20362463963611506492012-08-01T08:28:47.025-07:002012-08-01T08:28:47.025-07:00@Kannan, you can usually ignore warnings. The deco...@Kannan, you can usually ignore warnings. The decode(String) method still exists, but Java recommends that you use the decode(String, String) method instead. The deprecated method does not specify a character encoding. If you want to resolve it, replace it with decode(thevariable, "UTF-8"). See <a href="http://stackoverflow.com/questions/6138127/how-to-do-url-decoding-in-java" rel="nofollow">this example</a> on Stack Overflow.Jim Marionhttps://www.blogger.com/profile/12995110203807924786noreply@blogger.comtag:blogger.com,1999:blog-34020393.post-81956732529420644092012-08-01T06:26:45.555-07:002012-08-01T06:26:45.555-07:00Hi Jim,
I got the following warning message when ...Hi Jim,<br /><br />I got the following warning message when i compile in Jdeveloper form NTMLHTTPURLCONNECTION.JAVA <br /><br />Warning(539,38): decode(java.lang.String) in java.net.URLDecoder has been deprecated<br /><br />I am expecting your guidance to correct this warning message.Anonymoushttps://www.blogger.com/profile/14913946165917965266noreply@blogger.comtag:blogger.com,1999:blog-34020393.post-90162544757530021842012-07-31T17:24:04.190-07:002012-07-31T17:24:04.190-07:00@Kannan, your error didn't post.@Kannan, your error didn't post.Jim Marionhttps://www.blogger.com/profile/12995110203807924786noreply@blogger.comtag:blogger.com,1999:blog-34020393.post-54545260372467234002012-07-31T07:23:40.178-07:002012-07-31T07:23:40.178-07:00Jim,
Thanks for your response. We are using Peopl...Jim,<br /><br />Thanks for your response. We are using PeopleTool 8.48.09, HCM 9 and Weblogic 8.1. I have downloaded JCIFS(1.3.17) htlmhttp filter and Jdeveloper. I did edit the NtlmHttpServletRequest.java and set version to 1.4 from default. I got the following warning. Can you please advice me?Anonymoushttps://www.blogger.com/profile/14913946165917965266noreply@blogger.comtag:blogger.com,1999:blog-34020393.post-60222547246928445282012-07-20T10:36:27.210-07:002012-07-20T10:36:27.210-07:00@Kannan,
You are right, a lot has changed. This p...@Kannan,<br /><br />You are right, a lot has changed. This post was for NTLM. Most today should use Kerberos. I haven't kept up with jcifs because PeopleTools now includes the Kerberos SDK. If you are using 8.51 or higher, take a look at the PeopleTools Kerberos SSO SDK. It implements a lot of the same principles as outlined here, but uses kerberos instead of NTLM.Jim Marionhttps://www.blogger.com/profile/12995110203807924786noreply@blogger.comtag:blogger.com,1999:blog-34020393.post-45923616280493897262012-07-20T06:33:59.429-07:002012-07-20T06:33:59.429-07:00Jim,
We are trying to Desktop Integrated Signon t...Jim,<br /><br />We are trying to Desktop Integrated Signon to PeopleSoft. You are having very useful information People Like me. I am going to learn Java basics as per advice and going to implement this. Your also all posts on 2007 but there so much changes in JCIFS between. Do you want to me download latest on or JCIFS delivered before 2007. Please advice meAnonymoushttps://www.blogger.com/profile/14913946165917965266noreply@blogger.comtag:blogger.com,1999:blog-34020393.post-51280347512167936322012-06-14T13:00:33.282-07:002012-06-14T13:00:33.282-07:00@Vikas, The OTN Forum would be a better place to a...@Vikas, The <a href="https://forums.oracle.com/forums/forum.jspa?forumID=432" rel="nofollow">OTN Forum</a> would be a better place to ask this.<br /><br />I was just reading about PeopleSoft's optimistic locking design in David Kurtz's <a href="http://www.amazon.com/PeopleSoft-Oracle-DBA-David-Kurtz/dp/1430237074" rel="nofollow">PeopleSoft for the Oracle DBA</a> book.<br /><br />You can do what you desire. If the record has a last modified date/time stamp, it will be really easy because you can SQLExec that field and compare to the current time, or, actually if the DB is different, then Just return a true/false by comparing the last update time stamp to the database current time stamp. If you don't have a last update time stamp, then you will have to perform a field by field, row by row compare. Not fun.Jim Marionhttps://www.blogger.com/profile/12995110203807924786noreply@blogger.comtag:blogger.com,1999:blog-34020393.post-23268842794836615322012-06-14T12:48:06.962-07:002012-06-14T12:48:06.962-07:00Hi Jim,
dont know if this is the right post to put...Hi Jim,<br />dont know if this is the right post to put this question on:<br />I have a page which saves data as soon as the user clicks on a view_details button. this means, if there are two users working on the same rows of the base records, one or the other will get a "Page data inconsistent with the database" error. On page activate, I want to be able to query whether another user is working on the same rows on the same page and show a message if this is true. Have you ever done this?<br /><br />Thanks for your help as always..<br />VikasVikas Bhartiyahttps://www.blogger.com/profile/12858712530623723851noreply@blogger.comtag:blogger.com,1999:blog-34020393.post-48319890333699064672011-10-18T00:44:11.415-07:002011-10-18T00:44:11.415-07:00We need to add one condition in Signon Peoplecode ...We need to add one condition in Signon Peoplecode to get authenticated by Peoplesoft otherwise you will get "Web server authentication failure"<br /><br />The changed code as follows<br /><br /> If (&foundSlash > 0) Then /* Added to avoid error */<br /> If (Len(&userName) > 0) Then<br /> SetAuthenticationResult( True, &userName);<br /> Else<br /> SetAuthenticationResult( False, &userName, "Web server authentication failure");<br /> End-If; /* Added to avoid error */<br /> End-IfSKBodigahttps://www.blogger.com/profile/03804444818891219331noreply@blogger.comtag:blogger.com,1999:blog-34020393.post-28218587773373919902011-10-17T11:47:00.461-07:002011-10-17T11:47:00.461-07:00No Jim, I didn't add anything in signon peopl...No Jim, I didn't add anything in signon peoplecode all I had to do was to use different "?cmd" in the link. for peoplesoft authentication it is "?cmd=login" and for Desktop SSO "?cmd=start". <br /><br />As I used filter-mapping to use peoplesoft servlet class for athentication, that bypasses the NTLM servlet and for the signon peoplecode even it gets executed will be of no use when it doesnot find the username(ADid). <br />that way it worked.<br /><br /><br /><br />One morething I forgot to mention,I used different webprofiles for each site.SKBodigahttps://www.blogger.com/profile/03804444818891219331noreply@blogger.com