Nested under the WEB-INF/psftdocs directory of your PeopleSoft web server, you will find several HTML templates. Even though the title of this post references the signout template specifically, the concepts outlined in this post are relevant to the other templates as well.
As you browse the delivered templates, you will notice that several templates include JSP/ASP style tags used to insert text into the template. To include additional localized text in the signout.html template, you can add an entry to your language's text.properties file. For example, to include the text Please contact the IT Help Desk for further information in your template, add the following text to the text.properties file.
6000=Please contact the IT Help Desk for further information
To insert that text into your template, add
<%=6000%> to your template.
href attribute of the Sign out link.
For our PeopleSoft Portal we have a few <img src="https://..." height="0" width="0"/> tags to call logout procedures in other systems our portal links to. We have added those logout URLs to our text.properties file because we also reference the same links in the exception.html, expire.html and a few others. By including the links in the text.properties files we can maintain those links in one place and this makes it easier when we move between our non-production environments.
Even though PeopleSoft uses numeric codes in the file, it is just a regular java properties file. So at least as of tools 8.46 you can use alpha keys, for example:
Then our template files look like this near the </body> tag:
<img src="<%=FINLOGOUT%>" height="0" width="0"/>
Perfect John!! That is an outstanding example of how to use the text.properties file. Thank you for sharing this tip. I really appreciate it! You are correct, you can use any valid Java properties file key. To avoid naming collisions, I suggest developers add a common prefix to their keys. For example, myUniversityInitials.finlogout=...
By the way, the single signout technique you employ is very critical when using portal or any other scenario where you are using PeopleSoft single signon. For those of you readers that are not familiar with single signoff, you can read more about it in PeopleBooks at Home > PeopleBooks > Enterprise PeopleTools 8.49 PeopleBook: Security Administration > Implementing Single Signon > Configuring PeopleSoft-Only Single Signoff.
It's true that you can't do much with the PeopleSoft delivered logout page in terms of making it more dynamic - the entry in the Web Profile for the logout page needs to point a file on the local file system so that the parsing that you're talking about can take place.
However, you can always set up the logout page to forward elsewhere. That forwarded link can be as dynamic as you want.
Obviously you don't want to count on this from a security standpoint, but it can be handy for usability. We had a recent customer that was doing integration with a non-PeopleSoft portal and wanted the signout page to send the users back into the portal. The redirect in the PeopleSoft signout page works well for that.
Exactly! Thank you for the clarification Chris. In our organization, we actually use the signout template the same way.
Nice article. Do you know if there is a way to log a user out of their session via peoplecode.
@hasan, that is a very good question, and probably good enough to warrant a short blog post! I am not aware of a signout/logout PeopleCode function. I am, however, aware of a couple of ways to log a user out from PeopleCode. My first recommendation is to execute %Response.Redirect(%Request.ContentURI | "?cmd=login") where fscm is the name of your "site." Of course, you could make the URL more flexible by parsing the pieces out of the
As an alternative, if you have anonymous authentication enabled in your web profile, then you can use SwitchUser to switch to the anonymous user. Use this option if you use enterprise portal with a guest signon. The problem with this option is that it doesn't clean up the app server and web server session. It does switch the user to a less privileged user, but keeps a session on the app server. The Redirect, on the other hand, will clean up the app server and web server sessions.
Thats a great idea! Thanks for the tip.
Have you come across a requirement wherein user should get an error/warning message when trying to signout if she has a pending worklist item?
Any idea how to configure this?
@Vikas, I have not seen that requirement before. The problem that you will have is that there is no sign out event. I am not aware of a hook into the signout process. The template shown here actually appears after the users session is destroyed. I am not aware of a way to securely query a user's worklist after the user is signed out. You could create a web service that returns the count of unworked items and call that from Ajax. The user's ID is available in a cookie. The count of unworked items might be considered safe information to share and not a security risk. If that is the case, then you could display the count of unworked items through Ajax, but it would be after the user signed out.
By the way, if someone knows of a way to capture the signout prior to signout, I would love to hear it...
Thanks for your response. I will surely log back if I come up with something using your ideas.
When we have an unsaved component and we click on Sign Out, there is a prompt asking whether we want to continue without saving. How does this event get fired? Can we tweak this process to query psworklist before leaving peoplesoft?
Just a thought!
Rather than modify the page directly, you can use something called Monkey Patching to override the delivered warning message.
I was working on pagelets and AWE based upon your new book :) which is quite helpful. Thanks for releasing this material. I have 2 questions 1. How to create a new template in peoplesoft , until now I have been using default template while registering any component.
2. If i want to create a new pagelet based on PSquery, I also want to hyperlink first field and when user clicks on it it open the component in seperate window showing all the details. It seems quite easy in peoplecode but not sure how to use peoplecode in Pagelets as I am very ver new. Another similar Question is , how to throw a person on a component(without search record) after he logs in (This component just show some details and also Menu and other top things should not be shown (I believe that can be achieved by a template)) . I know I have asked quite many things but I am very very keen to learn these things as project here has some demands like this.
Is there a way to show different signout page to different users based on their role or any other attribute
@Rohan, by the time PeopleSoft calls the signout template, the user is already signed out, so there wouldn't be any information about the user available to the template.
Thanks for the reply.
We are using single signon. We can store the information in a cookie at the time user logs in through an external website. Now when the user selects to enter the peoplesoft portal, its authentication details are passed through this cookie.
I want to ask- Is it possible to use this information inside the cookie to pre-decide that this user gonna see xyz page when it clicks sign out.
Jim, I have run into an issue with the logout URL. We are accessing the FIN application from the portal and when the page expires, the expired page shows the FIN URL and not staying on the portal URL. I have researched enough to understand where the redirect is happening but in vain. Please help me on how to go about it.
@Sumasini update the portal tab of your FSCM and EMPL nodes to have the psp and psc URL of your Interaction Hub and FSCM system. Do this in both Interaction Hub and FSCM. Restart and clear cache. That should be all there is to it.
Is your New Window link behaving the same way as logout? Is it taking you out of the portal branding and into FSCM?
If it isn't caused by improperly configured nodes, then you may want to file a support case because this may be a bug in your tools version.
We have a strange problem in our Portal Production. When the user clicks the "Sign Out" it takes 5 minutes for the server to respond and sign them out. But this only happens when the user has a Pagelet that on their homepage that is from our HCM node? If the user has no pagelets from the HCM node, then it the sign out happens right away, if they have either the Company Directory or Team Calendar pagelets from HCM it takes 5 minutes and a couple of seconds to sign them out? Do you have any thoughts or ideas on this really strange problem?
@Kevin, check your app server logs and file a support ticket. That is unusual behavior and may require a patch to resolve.
Thanks Jim. We already have a support ticket with Oracle, but we have not heard from them in two weeks. Thought I would try you and see if you have ever heard of anything like this problem we are having.
We have a situation where the PS token is getting swapped (via Switch User) at the App server and the original user ends up seeing the data of an anonymous user. PN: There is no specific code to call the SwitchUser command.
Do you know of any reasons behind this automatic switch at the server level and any potential solution to work around it?
@Raj, I do not. You should file an Security Vulnerability support case with global support.
Any idea, how can we make signout page dynamic when we have SSO implemented?
Here is the story:We have single sign on configured.
Currently user go from HR system to ELM system and when user signs out,irrespective of from where user signsout, It lands to HR system login page.
Now, we are bringing an ELM standalone system but only for certain group of users.
Due to single sign on, when i sign out from new ELM system, it redirects me to HR login page.
Is there any way to handle the cookies in such a way, when i signout from ELM, it should redirect to ELM login page??
Thank you Jim.
I am placing my html file code here, you might get a clue which is getting ignored by me.
html start tag
head start tag
// Get the current URL
var URL = window.location.href;
// Validate whether the URL contains "ELM"
if(URL.indexOf("ELM") != -1)
// if true, redirect to...
window.location.href = "ELM Link";
// if false, redirect to...
window.location.href = "HR Link";
script end tag
head end tag
html end tag
I tried debugging and on network tab, on click of signout.It seems its trying to redirect to the specific URL infinte times. I could not understand why it is going to loop.
In my case, the first condition gets true and it tries to redirect to first link endless times. Hence error out by giving browser message.
I am sorry Deepika, there isn't enough information here for me to give you an intelligent response. I would need to see the URL and the redirect, but that would not be wise to share in an open forum.
There are a couple of things that can cause a redirect loop:
#1 Two server-side resources are sending location headers that tell the browser to keep bouncing between the two. This can happen with identity management, where the app says it needs a token cookie and redirects to identity management. The identity management software thinks it is there and send you back to the app. You should be able to see if this is the cause by looking at the response headers and response code
Thank you for your feedback. Yes i worked on my conditions and issue is solved.
If we use the %Response.Redirect(%Request.ContentURI | "?cmd=logout") ,the signout is happening,but it is not updating the PSACCESSLOG record LOGOUTDTTM field.
Do you have any clue.
Post a Comment