Thursday, 29 December 2016

Elastic search Installastion and configuration with Peoplesoft

Go through below link.
http://psadmin.io/2016/11/08/deploy-and-configure-elasticsearch/

Monday, 26 December 2016

               Enable Debug log level on the SES

Navigate to ses_home/bin/clexecutor.sh and inside it edit the log level as per need.
So for debug its 2. change it with 2 and you can enable the debug log level. Bounce the ses server afterward.

Thursday, 22 December 2016

PIA domain installed with old method now nee dto make use of psadmin utility to start and stop webserver :-


Make change in .bash_profile 

it should be like below :-

if [ -f /oracle/psoft_scripts/eigenpshrenv ]
 then
        . /oracle/psoft_scripts/eigenpshrenv
fi

export ORACLE_HOME=/oracle/middleware/Oracle_WT1

export ORACLE_INSTANCE=/oracle/middleware/Oracle_WT1/instances/instance1

export COMPONENT_TYPE=OHS

export COMPONENT_NAME=ohs1

export PATH=$ORACLE_INSTANCE/bin:$PATH

and add eigenpshrenv file and you can create folder like I did to separate it, its your wish you create or not. My file is as it is :- 
#
#
# Environment variables specific for PeopleSoft HR
#
#
if [ -f /oracle/tuxedo/tuxedo12.1.3.0.0/tux.env ]
then
  . /oracle/tuxedo/tuxedo12.1.3.0.0/tux.env
fi


if [ -f /oracle/peopletools/8.55/psconfig.sh ]
then
  . /oracle/peopletools/8.55/psconfig.sh
else
   echo "/oracle/peopletools/8.55/psconfig.sh DOES NOT EXIST"
fi
#
export PS_HOME=/oracle/peopletools/8.55
PATH=$PATH:$PS_HOME/bin:$PS_HOME/cblbin:/oracle/psoft_scripts:.;export PATH
#
# NLS_LANG op UTF8
#
export NLS_LANG=AMERICAN_AMERICA.UTF8
#
# Toegevoegde variabelen voor AE
export PS_PRCS_BASE=$PS_HOME/psft/pt/8.55/appserv/prcs
export PS_BIN=$PS_HOME/bin
export PS_AE_BINARY=$PS_BIN/psae
#
# Working directory in het path zetten
#
export PATH=$PATH:.
#
# Aanpassing Oracle 9i $ORACLE_HOME/lib32 vooraan in SHLIB_PATH
#
SHLIB_PATH=$ORACLE_HOME/lib32:$SHLIB_PATH;export SHLIB_PATH
#
# Adds for integration PeopleSoft MQ
#
LD_LIBRARY_PATH=/opt/mqm/java/lib64:$PS_HOME/colrlib:$LD_LIBRARY_PATH:$PS_HOME/bin;export LD_LIBRARY_PATH
MQ_JAVA_PATH=/opt/mqm/java/lib64
CLASSPATH=/opt/mqm/lib64:/opt/mqm/java/lib64:$PS_HOME/colrlib:$CLASSPATH;export CLASSPATH
PS_CLASSPATH=/opt/mqm/lib64:/opt/mqm/java/lib64:$PS_HOME/colrlib:$CLASSPATH;export PS_CLASSPATH
#
#export PS_APP_HOME=/oracle/application/hcm92
#export PS_CUST_HOME=/oracle/pscustom
export PS_CFG_HOME=/oracle/pia_855

close the session and reopen new session and you can make use of psadmin utility to start and stop webserver.

Webserver taking long time to shutdown & PSAdminException: Domain shutdown timeout exceeded


Edit stopPIA.sh script and add  below line

"-Djava.security.egd=file:/dev/./urandom"

after change it should be like below

${JAVA_HOME}/bin/java -Djava.security.egd=file:/dev/./urandom -Dweblogic.system.BootIdentityFile=${DOMAIN_HOME}/piaconfig/properties/wlop.properties weblogic.Admin -url ${URL} FORCESHUTDOWN ${SERVER} 1>${DOMAIN_HOME}/servers/${SERVER}/logs/${SERVER}_shutdown.log 2>${DOMAIN_HOME}/servers/${SERVER}/logs/${SERVER}_shutdownerr.log


Thursday, 15 December 2016

Issue in IE accessing signin hyperlink in cadidate gateway but same is working fine in Chrome

We were facing this issue in our external URL, it was giving problem when we were clicking the signin hyperlink. when we checked the web.xml file our http/https ports were mismatching that is it was same was for PIA domain one that is local URL. so changing the ports in all web.xml and weblogic files fixed the issue. Sometimes back I fixed similar issue related to hyperlink which was fixed after enabling webLogic plug-in enabled in weblogic console, make it yes.

Below locations of web.xml files and check weblogic files too.
 /HttpClusterServlet/WEB-INF/web.xml 
/HttpProxyServlet/WEB-INF/web.xml 
/PORTAL.war/WEB-INF/web.xml 

Thursday, 3 November 2016

Appserver Fails at different different service:-


Today I was getting issue when I was trying to start application server sometime it was failing at PUBSUB when I was disabling PUBSUB then at some other location, Then we tried after lowering the count of PSAPPSRV from 8 to 4 and it started successfully. It was basically because of memory issue of the server.

Thursday, 27 October 2016

PI Version shows 0 even though applied PUM 17

The only environments that will give you factual information for the About PeopleSoft Image will be the actual images themselves.
 
Since fixes can be selectively applied, there isn't really any concept of being on a specific image. But there is a way to find out what we are looking for.
 
With the latest image , create a make me current Change Package. In step 5 where we review the bugs click on the Image Number column heading to sort by Image Number, Click again to sort in reverse order. You would be on the image version one below the lowest number shown.

Tuesday, 25 October 2016

 Peoplesoft on Oracle Cloud FAQ's


I was going through FAQ's, found that it's good to go through this first before exploring it more.


01. What has Oracle announced about PeopleSoft and the Oracle Cloud?

Oracle has announced that customers using e-Business Suite, JD Edwards EnterpriseOne and PeopleSoft can run non-production workloads on the Oracle Compute Cloud Service. Customers have the ability to move their existing Development, Test, Training, Demo and Conference Room Pilot environments to the Oracle Compute Cloud or use the Oracle Compute Cloud for their next Oracle Applications Project.

02. Are there additional fees for using PeopleSoft with Oracle Cloud?

Oracle Cloud resources and services are available for subscription by Oracle customers. Customers who already own a license to PeopleSoft applications may use their Oracle Cloud subscription to provision and deploy a PeopleSoft instance on the Oracle Cloud. The deployed instance may be used for development, testing, training, etc. Once a customer acquires a subscription to Oracle Cloud, no additional PeopleSoft application license or usage license is required.

03. Is Oracle releasing PeopleSoft as a SaaS Application?

No. Oracle has no plans to offer PeopleSoft as a SaaS solution.

04. Do I need to purchase PeopleSoft in order to use it on Oracle Cloud?

Oracle customers who already own a license to PeopleSoft applications may use the Oracle Cloud to host instances of their licensed applications. Oracle’s Compute Cloud uses a “Bring your Own License” model, so customers who wish to use the Oracle Compute Cloud must already own a valid license to the software deployed on virtual machines in Oracle Compute Cloud.

05. If we own a PeopleSoft application license, does it allow us to use Oracle Cloud?

Oracle customers who already own a license to PeopleSoft applications may use the Oracle Cloud to host instances of their licensed applications. There are no additional application license requirements for using Oracle Compute Cloud resources. Oracle Cloud is a subscription priced offering in addition to your PeopleSoft license and support payments.

06. How are subscriptions to Oracle Cloud offered? By user? By CPU? Per Day?

There are multiple ways to subscribe to Oracle Cloud. Your Oracle sales representative(s) can assist you in determining the best option for you.

07. What are some of the ways I can use PeopleSoft with Oracle Cloud?

There are many scenarios where you might benefit from using Oracle’s Compute Cloud with your PeopleSoft applications. Some of these include: 

Demo instances of the latest PeopleSoft application images (PUM Images). Using Oracle’s Compute Cloud and the Oracle Cloud Marketplace, customers will be able to access and deploy an instance of the latest release of PeopleSoft HCM, FSCM and other applications in order to explore our latest features and capabilities. 

Test instances of YOUR PeopleSoft database. Using PeopleSoft’s Deployment Framework and PeopleTools 8.55, customers can easily “Lift and Shift” instances of a PeopleSoft development system to virtual machines in the Oracle Compute Cloud. 

Creation of a complete PeopleSoft Development and Testing environment. Extending the scenario listed above, customers can migrate all of their PeopleSoft Development and Testing instances to the Oracle Compute Cloud. One option that will help developers use a Cloud development environment would be to create Windows Development environments on Oracle’s Compute Cloud in which you deploy the entire PeopleTools Development Client tools. These Cloud based Windows environments can be configured to work with Cloud based development systems and accessed by your developers using Windows Remote Desktop.

08. How do we create an instance of PeopleSoft on Oracle Cloud?

It’s easy. Once you have an Oracle Compute Cloud subscription, you can access the Oracle Marketplace and select PeopleSoft from the Marketplace list of application images. Follow the online guide in order to allocate your account’s compute resources in order to host your own PeopleSoft application image. These images can be used for DEMO purposes, to explore new features or, eventually, as the basis for a Cloud system for PeopleSoft Selective Adoption. There are other ways to use the Oracle Cloud for PeopleSoft described on the PeopleSoft on Oracle Cloud concept page.

09. Can we make customizations on PeopleSoft when we use Oracle Cloud?

Yes, the PeopleSoft software architecture allows for customers to modify or customize their systems, whether the systems are deployed on the Oracle Cloud or within an on premise datacenter.

10. If we develop or test customizations of PeopleSoft on the Cloud, how do we migrate them to our on-premise production system?

PeopleSoft’s tools for managing customizations through the application lifecycle are already Cloud friendly. That is, the same Lifecycle Management tools will be used to migrate changes from Development to Testing and into Production, irrespective of whether the datacenter where those systems reside is on premise or in the Cloud.

11. Will we be able to use PeopleSoft Update Manager (PUM) on the Oracle Cloud?

Yes. There are a number of uses of the PeopleSoft application images and the PeopleSoft Update Manager. The PeopleSoft Image can be used as a demo instance of the latest features of the PeopleSoft application. The PUM tool is used to review and select new features as well as fixes and maintenance as the PeopleSoft team releases them. Those changes are extracted then applied to other PeopleSoft systems for development, testing and eventually, Production. This process works whether those systems are on the Cloud or on premise.

12. Can we use our own custom data with PeopleSoft on the Oracle Cloud?

Yes, the PeopleSoft Cloud Architecture allows you to use our Deployment Framework with our default (DEMO) databases as well copies of your own DEV/TEST databases. This is in fact one of the most powerful scenarios for the Cloud: a complete PeopleSoft development and testing environment on Oracle Cloud that uses your own existing data.

13. Can we use the same certified third-party products we currently use on-premise with PeopleSoft on Oracle Cloud?

Yes, the entire PeopleSoft architecture is the same whether deployed on premise or on Oracle Cloud. All the third party components that comprise a PeopleSoft application instance will be deployed on the Cloud. Oracle’s Cloud strategy should also allow customers to use the Oracle Cloud to host instances of other applications that may be used to integrate with their PeopleSoft systems. Please refer to published capabilities and guidelines for using Oracle Cloud with your non-Oracle workloads.

14. Can we create a multi-node PeopleSoft cluster on Oracle Cloud?

Yes. Using PeopleSoft’s Cloud Architecture, it’s easy to provision and deploy Oracle Compute Cloud resources to function as a complete PeopleSoft multi-node cluster.

15. Will our Cloud based PeopleSoft system be visible to the general public?

No, based on Oracle Compute Cloud’s default security settings, your PeopleSoft instance will only be accessible by your internal users and teams.

16. Oracle provides Database Cloud Service (DBCS) and Exadata Cloud Service (ExaCS), can we use these services with PeopleSoft?

Yes. If you subscribe to Oracle’s DBCS or ExaCS offerings, you will be able to use these database services to host your PeopleSoft database.

17. What tools are used for managing PeopleSoft environments on Oracle Cloud?

There are many options for tools to manage PeopleSoft environments. These options are expanded when considering deployment on the Oracle Cloud. You will be able to use cloud instances of PSADMIN, PeopleSoft Performance Monitor, Oracle Enterprise Manager, the PeopleSoft Application Management Pack, and specific to the Oracle Cloud, you will be able to use Oracle’s Enterprise Manager on Compute Cloud service.

18. Does Oracle provide managed services for PeopleSoft on Oracle Cloud?

Soon. Oracle’s Managed Cloud Services team (OMCS) already provides managed services for PeopleSoft customers and are currently expanding their service offering to include the deployment and management of PeopleSoft instances on the Oracle Cloud. Stay tuned.

19. Does Oracle allow customers to run production instances of PeopleSoft on Oracle Cloud?

We are working to validate that all PeopleSoft production processes can be deployed and configured on the Oracle Cloud. We believe many customers will determine that their requirements for executing PeopleSoft production processes are fully met by a trained applications administration team and the Oracle Cloud.

Thursday, 25 August 2016

Elastic Search

                                                      Elastic Search

So everyone waiting for SES to die, here is something to cheer

https://www.elastic.co/downloads/elasticsearch

PeopleTools 8.55.11 and higher patch levels, customers can now use Elasticsearch which can be configured with PeopleSoft Search Framework.
The search engine is based on the popular search library Lucene.It provides a distributed and full -text search engine with a RESTful web interface and schema-free JSON documents. Elastic search is developed in JAVA and released as open source under ther term of the Apache Licence.

Tech Update - Oracle Finds a New Search Engine for PeopleSoft (Doc ID 2180927.1)

PeopleTools 8.55.11 Elasticsearch Documentation Home Page (Doc ID 2189508.1)  


Thursday, 16 June 2016

CONFIGURING AND TROUBLESHOOTING PEOPLESOFT SINGLE SIGNON

CONFIGURING AND TROUBLESHOOTING PEOPLESOFT SINGLE SIGNON

This resolution is meant to address the most common issues encountered when implementing or modifying Single Signon between PeopleSoft Applications (Enterprise Portal and HR for example).  It doesn't cover 3rd Party authentication or customizations required to authenticate to/from PeopleSoft.  Please note that we require the Portal's PeopleTools version to be >= the Content Provider's PeopleTools version.  We have seen where they run without complying with that rule, but if there is any issue, it will need to be replicated under this configuration before reporting it to development.

*** Definition: Single Signon means that after a user has been authenticated by one PeopleSoft application server, that user can access a second PeopleSoft application server without entering user ID and password again.

*** EXAMPLE TRANSACTION:
See Enterprise PeopleTools 8.49 PeopleBook: Security Administration > Implementing Single Signon > Sample Single Signon Transaction for more details:
1) User Signs on to Enterprise Portal (PA)
2) PA Application Server Authenticates User
3) PA Application Server Generates SSO Token
4) Web Server Creates Cookie in User's Browser
5) User Accesses Content Provider Application (CP)
6) CP Web Server Receives PS_TOKEN Cookie
7) CP Application Server Authenticates PS_TOKEN


*** PS_TOKEN: is generated using either the database's SSL Certificate or User ID, Language Code, Timestamp, Issuing System Default Local Node, Default Local Node Password which is encrypted using SHA1_Hash

*** CONFIGURATION FOR SINGLE SIGNON:
1) The Default Local Node of one system must match in Name and Password to a Remote Node on the second system.  The reverse is also true; the Default Local Node of the second system must be represented with a Remote node of identical Name and Password on the first system.  This is a basic trust relationship model.
2) The AuthTokenDomains must match between systems.  This means that the following must be consistent:
  a) Authentication Domain in the General Tab of the Web Profile must be set
  b) CookieDomain session parameter value must be set in the %PS_HOME%\webserv\sitename\applications\peoplesoft\PORTAL\WEB-INF\weblogic.xml file.
  c) URI values on all nodes involved must include the fully qualified domain name, not simple machine names.
3) If systems use the same web server, defaultPort and defaultScheme must be set on the configuration.properties.  If using 8.44+ PeopleTools, the Protocol and Port must be set on the Virtual Addressing tab of the Web Profile.
4) Nodes MUST use passwords or an SSL certificate.
5) The Nodes (both the Default Local and Remote node) must be trusted in all databases.
6) User ID must exist with same name (not necessarily same password) in both systems.

*** TROUBLESHOOTING COMMON ERRORS:
1) Your User ID and/or Password are invalid
  a) AppServ Log: PeopleSoft Token authentication failed: invalid token signature
  a) Resolution: Password needs to be set on Default Local Node and the password needs to match the remote node in Content provider
  b) AppServ Log: PeopleSoft Token authentication failed: invalid token signature
  b) Resolution: Password needs to match exactly between the two environments, Portal and content provider nodes
  c) AppServ Log: Token authentication failed: issuing node PSFT_PA is not a trusted node
  c) Resolution: Default Local Node of portal should be defined as a trusted node in content provider
Navigate to PeopleTools > Security > Security Objects  > Single Signon to add a trusted node (8.4 and above)
Navigate to PeopleTools > Maintain Security > Setup > Single Signon (8.1x)
  d) AppServ Log: Error Setting Sign on PeopleCode context for User
Error Setting App Server context to user
  d) Resolution: Userid need to match in both the environment for single signon to work successfully

2) STR_PCMINVPORTAL: Invalid portal name EMPLOYEE in request. Portal not defined. Unable to process request with an invalid portal.
  Resolution: Make sure that the Hosted by node of portal is defined as a remote node in the content provider with the URL pointing back to portal.  Typically this involves logging into the Content Provider Database (HR, Financials, CRM , etc.) and opening the EMPL node in that system.  The EMPL node URI values are setup to point back to the Enterprise Portal.  The EMPL node within the Enterprise Portal system hosts the EMPLOYEE registry by default, so if any change has been made, a different node would have to be used.  If The EMPL node of the Content Provider is setup, but is pointing to the wrong domain, the error message should say that the domain is incorrect.

3) Cannot open http://url.  Configuration.properties
  Resolution: Move one web server to a different machine.
Add a second DNS entry for the web server in the same domain.
Set the defaultPort and defaultScheme or In 8.44+, the Default Addressing on the Virtual Addressing tab of the Web Profile on both systems.
Fix the PIA sitename

4) Authorization Error -- Contact your Security Administrator
  Resolution: Make sure to use the content provider node or a node with the same URI value while creating a CRef. If any other local node is used, it will result in the authorization error

5) You are not authorized to access this component
  Resolution: Content Provider node should always be a remote node and not a local node in portal.

6) Link Errors
  Resolution: Although not specifically a part of Single Signon, it's related, and the GSC gets many cases on this.  Our delivered Single Link and Application links (e.g. EPM to Financials for ledgers) use a node, which is not the same as the remote node in your Portal database.  This node is defined as the HPNODENAME in the Portal URL weblib parameter.  In other words, a delivered link may fail because it is trying to pull content from the Portal registry simply because the node it's using hasn't been properly defined.  Let's say you configure your portal with a remote node for the content provider.  Since PeopleSoft has no way of knowing what that node is, we default everything to ERP, HRMS, CRM, etc. to correlate with our applications.  Those delivered nodes do not have the proper URI values in order to attempt a link to the content provider, so the Portal is stuck trying to retrieve that content from it's own registry.  It fails in this, and the error message depends on the Tools versions involved.  Generally, there will be nothing on the screen but a URL which includes the Content Reference URI + the Portal Server URI.  Be sure that the HPNODENAME value is set to a remote node that has it's URI information populated.  The Node Name for the content Reference itself should remain blank or set to LOCAL_NODE.

7) "This is not a valid site. The site name is case sensitive." is received in the PIA window for SSO.  This error can be resolved by using the proper case for the PIA SiteName in the URI value of your Node Definition.

For example, if a customer is using http://server.company.com/psc/epprd/ in the URI value, but the actual URL value when you navigate to the site is http://server.company.com/psc/EPPRD/ it will cause this error.

8) Your Portal and content provider webserver time are not in sync. Make sure the time and timezone are match on both servers.


***NOTES:
For 8.1x PeopleTools, it has been noted that there can only be a 7-character password on the nodes max. (so corresponding nodes must be the same as well).

Also for 8.1x, there is only one Local Node (thus it is default) and node values are configured via App Designer, not online.

If the AuthTokenDomain wasn't setup when PIA was installed (on either the content provider or the portal) then typically we see expiration issues with the content provider.  Thus you get the signon screen.  This is because customers add the AuthTokenDomain to the webprofile, but fail to add the domain to the webserver's configuration.  When seeing single signon related expiration issues, that you check the weblogic.xml for the session cookie domain and if it's not there, re-run the PIA install.  Check this for the portal and all web server content providers.
If re-running the PIA install is not an option, an administrator can modify the %PS_HOME%\webserv\sitename\applications\peoplesoft\PORTAL\WEB-INF\weblogic.xml file manually by adding the following with the proper domain value.  Additionally, the Authentication Domain value (General tab) must be set in all WebProfiles in use.  Here is a sample of how it looks in the WebLogic XML:


CookieDomain.us.oracle.com 
In OAS orion-web.xml, when authentication domain is not set during PIA install, will be missing. Here's example of OAS orion-web.xml when authentication domain is set during PIA install.  Here's an example:

Strange behavior, such as missing images and the following error message, especially on Windows 2000 machines using IE can indicate that the Virtual Addressing tab of the webprofile needs a protocol, server and port set.

Site name is not valid. Check your URL syntax and try again.

On Pre 8.44 systems, this would be the default port and default scheme.

***HTTP/HTTPS:
If the Portal is pulling in HTTPS content, it must be on HTTPS itself.  Anytime SSL is used on the content providers, the Portal source must have SSL as well.  This is a requirement.  Also, when reconfiguring/cloning databases, we often see where the original was HTTPS, but the subsequent clone doesn't have HTTPS setup yet.  So, while it is using HTTP, all of the URI values are still listed with the old protocol type.

Further, if both systems are using HTTPS, it will be necessary to load the ROOTCA and Public Key of the Portal into the Content Provider via PeopleTools > Security > Security Objects, Digital Certificates.  This is required or you will get an error similar to ' Untrusted Server Certificate Chain '.  This simply means that the encrypted request from the Portal can't be decrypted by the Content provider.  Since typically both system's share the ROOTCA when generating their public keys, both systems generally just load all of the following:
1) ROOTCA (generally shared)
2) Local Public Key
3) Remote Public Key of the calling system.

For example, in a Portal > CRM SSO configuration, the CRM system would need the ROOTCA, it's own public key (local), and the public key of the Portal which is making the call (remote).  For two way single signon, the reverse would also be true.  So for Portal <> CRM SSO, the above needs to be completed and then the Portal not only has to have the ROOTCA and it's own public key (local), but also the public key of the CRM system (remote)

***ENVIRONMENTAL CONSIDERATIONS:
When considering setting up Single Signon, many customers wish to have different internal vs. external access.  This means one Intranet website setup and one Internet.  Unfortunately, the PeopleSoft database only has one default local node.  Due to this fact, single signon to content providers will only accept one valid URL for a Portal system.  In this regard, for example, an Enterprise Portal which is access via a Reverse Proxy webserver in a corporate DMZ would have a different URL from it's direct access via the internal (inside the firewall) webserver.  Due to this, the content providers, such as Financials, CRM, HCM, etc. can only validate one of those addresses.  Either the externally available or internally available URL.  This poses a problem for customers who wish to setup SSO for internal users at one URL and for external users at a different URL.
More information about this functionality can be found in the following:
1. Red Paper: Clustering and High Availability for Enterprise Tools 8.4x (Doc ID <<747378.1>>)
2. The Enterprise Portal Installation Guide: PeopleSoft Enterprise Portal Solutions 9 Installation (Doc ID <<701192.1>>)
3. PeopleTools 8.49 PeopleBook: Security Administration > Implementing Single Signon

Every customer's situation is unique, as are their security requirements and infrastructure. For this reason, the GSC can not make recommendations for which path to utilize for Single Signon, as it is considered a Consulting/Implementation matter.  Each customer should evaluate their needs to make appropriate decisions based on requirements.

As the GSC isn't equipped to make recommendations in general, selecting how to implement SSO is considered out of scope. However, general information can be provided which may help and doing the actual setup is straightforward and supported: 
Options Available:
1. Enable a Reverse Proxy Server (RPS) inside the DMZ.  This RPS would handle incoming traffic and redirect to the internal website through 1 port in the firewall. However, since the browser makes direct connections to any content providers, Single Signon (SSO) will not function unless the PeopleSoft Applications (such as HCM or CRM) are also accessible via an RPS system in the DMZ.  This is because the end-user's browser actually makes the connection directly to SSO applications as part of the transaction and from then on accesses that content directly even while Portal makes requests as well.

For this setup, the node URI addresses as well as AuthTokenDomain, must reflect the URL the users will actually use to access the system (i.e. the external URL).  This generally means that either internal and external users must use the same URL to access the system (the external URL), or the internal URL is otherwise redirected or "spoofed" at the DNS level so while it might appear to users they are on the internal URL, they are actually accessing the system via another.  This latter setup for redirection is out of scope.  The PeopleSoft GSC supports setting up the rest of this environment where the internal and external users share the same setup. For more detailed assistance, the Server Tools team in the GSC would need a new SR created asking for "how to setup Reverse Proxy Server".

2. Utilize Load Balancing systems to virtualize the URLs used.  The Load Balancer handles the session affinity and traffic redirection. Implementations such as this are out of scope, but more information can be found in the documentation listed above.   The idea here being that an internal user touching the internal URL is actually remapped to the load balancer URL which is what is used for the Single Signon setup.  The GSC has no documentation on this scenario and customers are urged to discuss with their consulting partner or seek assistance from other customers via Rugs and User Support group websites for PeopleSoft.

3. As is the case at many customers, external (internet) users access a Virtual Private Network, or VPN, system to gain internal access to the network. This essentially puts them on the LAN/WAN and allows for access to content. However, this doesn't usually work for large external customer bases. It has been used for suppliers, contractors, and the like. This is likely the most secure scenario available. and there is no RPS involved in the configuration unless desired as another internal layer of security.  In this scenario all users access the system via an internal URL which is inaccessable via the DMZ.

4. It is possible, however not recommended, to utilize the Enterprise Portal (EP) as a sort of Proxy server itself. Single Signon would take place, but all internally behind the DMZ. The EP system would collect the content from the other PeopleSoft Applications and present it without the need for the users browser to actually "touch" those other applications. For this scenario, the EP system is granted access through an RPS in the DMZ, and the entire system must utilize an HTML template instead of the Default Dynamic Template. The problem here is that most of the Enterprise Portal features rely on dynamic templates and as such this option would limit functionality. This is generally never recommended and is only rarely implemented.


***GSC ASSISTANCE:
If you are unable to resolve the issue, the following should be sent to your GSC analyst handling the case:
1) weblogic.xml or server.xml (Websphere) from both systems
2) Application and PeopleTools releases from both systems
3) SELECT * from PSMSGNODEDEFN from both systems
4) SELECT * from PSNODEURITEXT from both systems
5) SELECT * from PSTRUSTNODES from both systems
6) SELECT * from PSWEBPROFDEF from both systems or the configuration.properties file if 8.1x/8.2x PeopleTools
7) Screenshot of the Content Reference page used to connect to the content provider.
8) AppServer log entry from the Content Provider time-stamped to the failure with test UserID info.

Thursday, 7 April 2016

DPK

DPK 




The PeopleTools DPK comprises of only 4 zip files

Zip1: Bootstrap DPK
Zip2 & Zip3: PeopleTools Server DPK
Zip4: PeopleTools Client DPK

VirtualBox appliance don't package with PeopleTools. It is only available via Application DPK as part of PUM. If you still wants to setup a PeopleTools environment (using PeopleTools DPK) on VirtualBox, he/she will have to do the following steps:

1. Setup a VirtuaBox VM running Linux or Windows Guest OS (Ensure that they also create a separate disk with enough storage)
2. Ensure this VM has access to the PeopleSoft database running on a different host (provisioned separately)
3. Download the PeopleTools DPK (Linux/Windows) into the VirtualBox VM
4. Extract the bootstrap DPK and run the bootstrap to setup midtier PeopleSoft environment

One thing to note though is that, it is not mandatory to use VirtualBox for setting up the PeopleSoft environment.
With new paradigm (DPKs), they can setup PeopleSoft on a Windows host (bare-metal/Virtual) or a Linux host (bare-metal/Virtual).

Monday, 21 March 2016

ORA-01017:invalid username/password;logon denied

ORA-01017:invalid username/password;logon denied

I got this error when I was trying to login Application designer, With same userid/password I was able to login Peoplesoft application.

Solution :- 

Change SYSADM password or
Reset SYSADM password

ALTER USER SYSADM IDENTIFIED BY <<New Password>>

Step 1. Log into DataMover as the Access ID (Bootstrap mode).
Step 2. Then run the following command:

set log c:\temp\sysadm.log;
CHANGE_ACCESS_PASSWORD SYSADM1 <password>;

Thursday, 17 March 2016

Activity Guide in Peoplesoft

Activity Guide in Peoplesoft :-


PeopleSoft 9.2, PT 8.53 offer a simple way to create these using the guided process functionality.
An activity guide lists the tasks (referred to as action items) that need to be completed by a user or group of users.
Navigate to  PeopleTools>Portal>Activity Guide>Manage Activity Guide Templates; click the Create Template button




Give the activity guide ID name, Title, Description, you can select URL from lookup list.
move to next tab Security






Later move to next tab Advance Options, here you can put the value manually or dynamically
You can identify a method that will be executed whenever an activity guide instance is created from this template (either manually by the Create Instance button or programmatically through the activity guide API)












Here you can put delivered record as well as custom record both.
Oracle recommends that Access the Create List Instance page (click the Create Instance button on the Activity Guide Template - Properties page).







Then come to Configure action items.
you specify initial sequence numbers in units of 10 to permit insertion of new action items into an existing sequence. For example, for a simple activity guide with no summary action items, the initial sequence would be:

10, 20, 30, 40 ...
If your activity guide contains summary as well as detail items, then increment the root-level items by 100 instead of by 10. For example:

100 - Summary item 1
  110, 120, 130, 140, ...
200
300
400 - Summary item 2
  410, 420, 430, 440, ...
500

for ex. I took just one so I kept 10







the publish as pagelet
for ex. I took test so got created with ADMN_TEST









you can click ADMN_TEST and fullfill all 5-6 steps of pagelet requirements.

Finally configure workcenter
click create new workcenter page











Later if you will go to assign tasks












it will be part of it and u can run create instance through batch process also













Thank you!!!

Tuesday, 23 February 2016

How to Create OVA File in PT8.55


1. Create a copy of the zip downloaded files from Oracle Support site;

2. Unzip 1st zip archive from your PUM VirtualBox option; in same folder you should have bootstrap DPK setup and all the zip files downloaded from Oracle Support site;

3. Run PowerShell in Administrator mode;

4. In case you do not have permissions to run PowerShell scripts, run the following command:
Set-executionpolicy remotesigned

5. From PowerShell, navigate to the setup folder(bootstrap DPK folder) from the location where you have unzipped the 1st archive(for example: C:\ PUM16\setup where “PUM16” is the main folder with the downloaded zip files ;

6. Run .\pst-dpk-setup.ps1 script file and it will create your .ova file



7. Import ova file into Virtual box;


8. Create a share folder for this virtual machine:



9. Follow the instruction from the Virtual machine;


10. After login with root user, navigate to the shared folder and run the file script:
./psft-dpk-setup.sh


11. Follow the rest of the instructions from the installed Virtual Machine.





Wednesday, 17 February 2016

Structure of PSACCESSPROFILE table in PT8.55 and how to update SYSADM password in PSACCESSPROFILE table?


Structure of PSACCESSPROFILE table in PT8.55 and how to update SYSADM password in PSACCESSPROFILE table?


A new table PSACCESSPROFILE has been created with new longer fields and the addition of fields IN PT 8.55.The PSACCESSPRFL is deprecated and no longer used.
PSACCESPRFL table was replaced with the PSACCESSPROFILE table capable of providing a more secure implementation.

Desc PSACCESSPROFILE
Name               Null     Type          
------------------ -------- ------------------
SYMBOLICID         NOT NULL VARCHAR2(8 CHAR)
STM_ACCESS_ID      NOT NULL VARCHAR2(254 CHAR)
STM_ACCESS_PSWD    NOT NULL VARCHAR2(254 CHAR)
STM_ACCESS_PART1   NOT NULL VARCHAR2(128 CHAR)
STM_ACCESS_PART2   NOT NULL VARCHAR2(128 CHAR)
ENCRYPTED          NOT NULL NUMBER(38)    
STM_ENCRYPTION_VER NOT NULL NUMBER(38)    
VERSION            NOT NULL NUMBER(38)

To update SYSADM password using PSACCESSPROFILE table run below SQL

UPDATE PSACCESSPROFILE SET STM_ACCESS_ID = 'SYSADM', SYMBOLICID = 'SYSADM1', STM_ACCESS_PSWD = 'SYSADM', VERSION = 0, ENCRYPTED = 0;

Running ENCRYPT_PASSWORD * after update statement is mandatory now.

Please use the normal provided methods for encrypting Passwords and those fields will contain the correct information to ensure properly functioning security of your environments Access ID/Password. The proper methods are:

1. Application Designer -> Tools -> Miscellaneous Defintions -> Access Profiles.
2. CHANGE_ACCESS_PASSWORD via Datamover Bootstrap mode.
3. ENCRYPT_PASSWORD *; via Datamover Boostrap mode. (note: this will encrypt any row that has ENCRYPTED field = 0)


Another new feature is

SHA-2 Hash Algorithm and 4096 Key size Support
When generating private keys for application server-based digital certificates, by default PT 8.55 uses the SHA-256 with RSA encryption algorithm and the 4096 key size. When using PSKeyManager to generate private keys for web server-based digital certificates, the default signing algorithm is SHA-256 with RSA encryption. In addition, the PSOPRDEFN table features a new column for SHA-2 hashed passwords.

Thursday, 11 February 2016

Chinese Characters are displaying Incorrectly in Activity Guide



Chinese Characters are displaying Incorrectly in Activity Guide :-

Issue :-

1. Log into PIA (ZHS)
2. Navigate to PeopleTools > Integration Broker > Integration Network center > Verify network status
3. Some of the chinese characters are not translated/displayed properly

Solution :-

The issue can be resolved by applying PT patch 8.54.09.
Following workaround can be applied to resolve the issue for customers who can't apply 8.54.09.

1) Launch the Application designer
2) Login as Super user.
3) Open html object PTAI_ACTIVITYGUIDE_XSL and change the line

   <xsl:output method="html" encoding="iso-8859-1" indent="yes" />
to
   <xsl:output method="html" encoding="utf-8" indent="yes" />

4) Save the change.
5) Clean the browser cache then re-test this issue.

Unified Navigation

Unified Navigation  :-

With Portal 9.1 Feature Pack 1, which was released just over a year ago, came a new feature I finally got the chance to use. Unified Navigation. In this post I’ll walk through setting this up in one of my demo environments.
Using the Unified Navigation WorkCenter makes configuring this feature pretty easy to set up.  And it certainly does seem to take care of the mess of managing security and content references between all your systems.  Oracle has put quite a bit of effort into making the configuration of Integration easier.  With the introduction of the IB Network WorkCenter, configuration of IB has been simplified.  Setting up Unified Navigation leverages the IB Network WorkCenter and the new Unified Navigation WorkCenter.
Before getting started, lets go over a few details.  Keep in mind I am not an Oracle representative and the information I’m providing  in these next bullets is only rehashing item’s I’ve seen in information published by Oracle.
1.  Unified Navagation requires a full fledged license of PeopleSoft Applications Portal if your running PeopleTools 8.52.
2.  PeopleTools 8.53 modified the limited use license for PeopleSoft Applications Portal so starting with 8.53 you can now use Unified Navigation for free if you own PeopleTools 8.53, I don’t know if this is retroactive back to 8.52 or not, talk to your Oracle rep. or just upgrade
3. There are several limitations in 8.52, I’ve not found documentation indicating that there was any change to these limitations in 8.53 yet.  These are described in more detail in the PeopleSoft Applications Portal 9.1 PeopleBook: Portal and Site Administration
  • The full license was originally needed and may still be required.
  • Unified Navigation is not supported as a pagelet, although a pagelet does show as available, documentation indicates it is for use in the WorkCenter only.
  • Navigation to the content providers is supported through the drop-down menu only.  I’ve worked several places where clients have disabled the drop-down menu for their own reasons.  A lot of the time this is because they still have pre 8.50 releases and want to keep a more uniform appearance.
  • Some files may need to be copied to the portal system: Any remote pagelet icons needed and CSS files (only if the portal and contenent provider don’t use the same style)
  • Unified Navigation is only supported for like portal types (EMPLOYEE to EMPLOYEE, CUSTOMER to CUSTOMER, etc.  not EMPLOYEE to CUSTOMER)
  • Character limitations on remote folder names are: { } #
  • Can not add subfolders to a unified navigation remote folder (it looks like you could do that, but it’s not supported).
  • Templates for remote CREFs and remote Dashboards need to conform to standards that are outlined in the Applications Portal 9.1 PeopleBook: Portal and Site Administration
4. Documention indicated that this function could work with Content Provider systems at 8.50+ however other information points to all systems needing to be at least 8.52.02 or later.
Okay, on to the real work.
I will be assuming that your environment is already functioning in a pre 8.52 state.  That is, that IB is setup properly to do the following:
  • Gateway(s) are setup properly
  • Nodes are configured and authentication type is set
  • Single Signon is already configured and working
  • Old methods of Portal Navigation already work
Before I started I did some sanity checks on my environment.  Could I ping all nodes and did the original method of Single Signon work?  I used the PeopleSoft > Financials Supply Chain PT8.4x link to test and it popped me right in to Finance just like I would expect.  Also I tested the Portal Administration > Test > Single Sign On > User Profiles link for my content database. Another success, with that we should be good to start.
Some additional configuration steps are required before we move forward.
  1. Ensure the authentication domain matches for all systems involved
  2. Unified Navigation requires the “generate relative URLs” option be turned off on the Virtual Addressing page of the web profile in use.  This is on by default in all the delivered web profiles as far as I know.  Disable it on all systems involved and restart the web server or use the reloadconfig  command if you have that set up.
  3. All systems require the drop-down menu to be enabled, as previously stated it only works with the drop-down menu, not the pagelet menu on the left hand side.  Enable it if you have disabled it.
  4. On the content provider side a default user id must be set on the ANONYMOUS node, the user should be in both the content and portal system.  Oracle recommends that it be a very low priveleged user.  This also could impact pre-existing configuration required for integration. If your not already using the ANONYMOUS node, I recommend creating a new user for this purpose.  Give this user id access to run the PTUN_SSOTESTER service operation.
  5. On the portal side, create a new node for the PTUN_SSOTESTER sevice operation, copy an internal node to fulfill this. The settings should be confirmed: active = yes, segment aware = yes, authentication option = none, WS Security authentication token type = none, routings = none.  Once the node is created, create an outbound routing for the PTUN_SSOTESTER service operation to your new node.  Deactivate the routing to the WSDL_NODE if it is activated.
1, 2, 3, I took care of easily enough. For 4, I created a new permission list, role, and user specifically for this purpose and assigned that user to the ANONYMOUS node, changing it from the PSADMIN user which is delivered.  I added the user without any role and permissions to the portal system.
UNINAV permlist
Create a Permission List
UNINAV permlist 2
Add the PTUN_USRPERS_SYNC Service
UNINAV permlist 3
Edit the Permissions and set PTUN_SSOTESTER to Full Access
UNINAV role
Add the new Permission List to the Role
UNINAV User
Add the new User
UNINAV User 2
Add the Role to the User
For number 5, I copied the ANONYMOUS node to RP_UNINAV.  By default, the node was active, segment aware, and had an authentication option of none.  The WS Security authentication token type was also none.  If for some reason you’ve changed these on the node you copy from you’ll need to update them.  I verified no routings existed on the node and proceeded to edit the PTUN_SSOTEST service operation.  I inactivated the existing active routing on the WSDL_NODE and added a routing for my new node.
UNINAV node in portal
Create a new node in Portal
UNINAV routing
Pull up the PTUN_SSOTESTER routings
UNINAV routing 2
Deactivate the WSDL_NODE routing and add a new one for your new Node
In order to proceed further, we need to start making configuration changes that, at the moment, I’m not that found of, mainly because it appears we need to use the new IB Network.  I may add reference to why I’m not thrilled with this later.
In both Portal and your Content systems navigate to PeopleTools > Integration Broker > Integration Network.  If your like me and this is your first time here, even though things are running fine, you’ll most likely find that it says the Node Network is Not Configured.
IB Network Config Status 1
Click the link, click save on the following screen, return to the configuration status and things should be good to go.  Saving at that screen officially updates the IB_NETWORK status for the default local node for the first time if it hasn’t been updated by something else already.
IB Network Config Status 2
If after returning the status is still not configured, go back and make sure read the notes at the bottom, at a minimum you must have the default local node configured and part of the network, the integration gateway secure keystore must be set, and any nodes configured but not in the local gateway must have a remote gateway configured.  Look to make sure it’s detecting that your secure keystore is setup properly, there will be a checkmark in the Secure Keystore Value Defined in the top left of the page.  Last I knew Oracle was still delivering the keystore password unencrypted and you had to change that to fix it.  Going forward with PeopleTools 8.53 I believe they are prompting you during install for these passwords.
I’m setting this up in Portal and Finance, therefore, in Portal I should have PSFT_EP setup as a remote messaging node and ERP setup as a portal node pointing to Finance.
portal node config
Conversly in Finance, I would setup PSFT_PA as a messaging node and EMPL as a portal node pointing back to Portal.  I already had this done, as I said this was an already working environment, so nothing for me to change here.
Tthe documentation indicates that these Portal nodes must be added to the new Integration Network facility in order to complete the configuration.  The only way to add them though is to add them to a Gateway (either local or remote).
Unified Navigation WC 1
This appears to only be required on the Portal side.  I added ERP to the gateway that Portal was using, and then was able to add it to the IB Network.  After I added it to the network it was available to choose for the Drop Down Menu configuration and SSO test.  I did not add EMPL to a gateway or IB Network on the Finance side and things worked just fine.
SSO test ERP
After adding the corresponding portal node(s) to your gateway(s), add them to the Integration Network.  Once that is complete, go to Portal Administration > Unified Navigation WorkCenter, expand the Unified Navigation Setup section and test the single sign-on to the Portal node (ERP in my case).  After the test completes successfully, move on to Configure Drop Down Menu.  Select the portal node reference, you’ll notice, only nodes in the Integration Network are available for this selection, thus driving the need to actually add these portal purposed nodes to the gateway as I mentioned previously.  For Folder Label, specify a name you like, such as, Finance Menu or PeopleSoft Finance 9.1.  Folder Name is the content provider menu navigation to share, use the lookup button and the returned tree to select what to bring over.  This allows you to do partial or full menu, for instance, my example does the full tree, but you could choose to do three individual subfolders, and set them up independently.  Local Parent Folder Name is the same as Folder Name but it’s the corresponding location to place the menu on the Portal side.  They are pretty self explanatory.
Drop Down Menu Config
And here is the final product, note the Fianance Navigation at the top of the drop down menu expanding all options since I’m logged in as an admin.
FIN Nav menu
This is a pretty nice update in my opinion.  Doesn’t take long to setup, especially if you already had things working, and is much cleaner than moving CREF’s and security around to provide navigation.

Thursday, 4 February 2016

Change Oracle logo to your company's logo in Peoplesoft page

Change Oracle logo to your company's logo in Peoplesoft page :-

Please perform the following:

1) Using app designer(ENG), open the stylesheet DEFAULT_THEME_TANGERINE_ALT, then search for logo and you should be able to see the following code.

/********************
* Logo
********************/
#pthdr2container #pthdr2logoswan:before {
content: url(%Image(PT_ORACLELOGO_ALT)); =========>>>> Here you can use your custom logo name
width: 130px;
}

2) Create a copy of the delivered objects. For example, PT_ORACLELOGO_ALT(create a project and insert this object to the project, save it then export it to a file)

3) Now save your new image as given in step#1 (please note delivered logo PT_ORACLELOGO_ALT dimension - 113*55 ==>> use the same size for your custom/company logo)

(or)

2) Go to PeopleTools > Portal > Branding > Branding objects. Go to Image tab and click ‘Upload Image object’. Make sure the image dimensions are same as delivered one 113*55
3) In the Modal window,
Name: PT_ORACLELOGO_ALT
Description: Oracle header logo
Image Type: JPG files
Click button "Save"

4) Open PSSTYLEDEF_Tangerine stylesheet, then double click on PSHDR2_SWAN_CSS3. Now search for logo, see the code changes performed with comment /*custom logo*/as below

apply in the target environment.

/* company logo div */
#pthdr2logoswan {
float:%AlignStart;
width: 113px;
height: 55px; /* new for hover menu */
margin:0;
/*position:relative;
top:-29px;*/
padding: 0 5px 0 0;
background:none;
}
#pthdr2logoswan:before {
content: url(%Image(PT_ORACLELOGO_CSS));
/*left: 4px;*/
left: 2px;/*custom logo*/
position: relative;
top: 2px;/*custom logo*/
/*top: 17px;*/
}

5) Stop your App and Web servers.
6) Clear the cache for App and Web servers. Restart them both.
7) Log into PIA again with clean browser cache to view your custom logo.

The purge process did not run because the Oprid configured to start the Process Scheduler did not have the required permissions to run the purge process.

  Purge process - Required permissions The PeopleSoft Oprid used to start the Process Scheduler, as defined in the Scheduler's psprcs.cf...