Beruflich Dokumente
Kultur Dokumente
2
Agenda
• Presentation and Demo – approximately 45 minutes
• Q&A Session – approximately 15 minutes
• Please hold all questions to the end of the session.
• To ask a question, move your cursor to the top of the screen and select the
‘bubble’ icon next to the moderator’s name.
• A dialog box will open. Enter your question and select “Send.”
• During the Q&A session your question will be read and an answer will
follow.
3
ATTENTION – AUDIO INFORMATION
Thank you.
4
Safe Harbor Statement
5
<Insert Picture Here>
7
Single Signon Explained
8
Example Transaction
9
The Single Signon Token
10
PS_TOKEN Cookie Example
• PS_TOKEN.
• Domain
• End of session
• Data Field (base
64 encoded
Token)
11
Node Configuration
• Default Local
Node
• Password/Cert
• Node Type
• URIs
• Trusted Nodes
12
Node Details
13
Logical Layout of SSO Communication
Enterprise Portal DB Content Provider DB
• Default Local
PSFT_PA PSFT_CP
Nodes Default Local Node Default Local Node
Password=PANODE Password=CANODE
• Matching URI=itself
Trusted Node
URI=itself
Trusted Node
Remote Node
name
• Password
Sync
PSFT_CP PSFT_PA
Remote Node Remote Node
Password=CANODE Password=PANODE
URI=CP Database URI=PA Database
Trusted Node Trusted Node
14
Common Single Signon Issues:
15
Common Single Signon Issues (cont.)
16
Baseline Configuration
17
Typical Display
18
Common Errors
19
Scenario 1
Scenario 1
No Password defined for the Default Local Node of Portal in the
Portal database. (Authentication option set to None)
Result 1
Control will be redirected to the signon page and the error “Your
User ID and/or Password are invalid.” will be displayed
Resolution 1
Password needs to be set on Default Local Node and the
password needs to match the remote node in Content provider.
20
Scenario 2
Scenario 2
Password defined for portal Remote Node in content provider does
not have a password, or the password does not match the one in
portal
Result 2
Control will be redirected to the signon page and the error “Your
User ID and/or Password are invalid.” will be displayed
Resolution 2
Password need to match exactly between the two environments,
Portal and content provider nodes
22
Scenario 3
Scenario 3
Default Local Node of portal is not defined as a trusted node in the
content provider
Result 3
Control will be redirected to the signon page and the error “Your
User ID and/or Password are invalid.” will be displayed
Resolution 3
• Default Local Node of portal should be defined as a trusted node in
content provider
• Navigate to Peopletools > Security > Security Objects > Single
Signon to add a trusted node (8.4 and above)
• Navigate to Peopletools > Maintain Security > Setup > Single Signon
(8.1x)
24
Scenario 4
Scenario 4
Userid exists in Portal but not in the content provider
Result 4
Control will be redirected to the signon page and the error “Your User ID
and/or Password are invalid.” will be displayed
Resolution 4
Userid need to match in both the environment for single signon to work
successfully.
26
Scenario 5
Scenario 5
Hosted by node of Portal not defined as a remote node in content
provider with the URL pointing back to portal
Result 5
The following error would be displayed in pagelets or target pages.
“STR_PCMINVPORTAL: Invalid portal name EMPLOYEE in
request. Portal not defined. Unable to process request with an
invalid portal.”
Resolution 5
Make sure that the Hosted by node of portal is defined as a remote
node in the content provider with the URL pointing back to portal
29
Scenario 6
Scenario 6
If both the portal and the content provider share the same
webserver or if the PIA sitename is mismatched (typo/case)
Result 6
The port would get flip flopped and would give error “cannot
open http://url….configuration.properties
java.lang.NullPointerException”
Resolution 6
1. Move one web server to a different machine.
2. Add a second DNS entry for the web server in the same domain.
3. Set the defaultPort and defaultScheme or In 8.44+, the Default
Addressing on the Virtual Addressing tab of the Web Profile on
both systems.
4. Fix the PIA sitename.
31
Scenario 7
Scenario 7
Node name not properly used while creating the Content
Reference (CRef)
Result 7
“Authorization Error -- Contact your Security Administrator”
Resolution 7
Make sure to use the content provider node or a node with the
same URI value while creating a CRef. If any other local node is
used, it will result in the authorization error.
32
Scenario 8
Scenario 8
Content provider node defined as a local node in portal instead
of Remote note
Result 8
“You are not authorized to access this component”
Since the node is local, the component is being looked up in
portal and it doesn’t exist there.
Resolution 8
Content Provider node should always be a remote node and not a
local node in portal.
34
Senanario 9
Scenario 9
Node URI value is case sensitive
Result 9
“This is not a valid site. The site name is case sensitive.“ error message
is seen in PIA window.
Resolution 9
This error can be resolved by using the proper case for the PIA
SiteName in the URI value of your Node Definition.
For example, if a customer is using
http://server.company.com/psc/epprd/ in the URI value, but the
actual URL value when you navigate to the site is
http://server.company.com/psc/EPPRD/ it will cause this error.
36
Frequently Asked Questions
37
Notes:
• For 8.1x PeopleTools, it has been noted that there can only be a
7-character password on the nodes max (so corresponding
nodes must be the same as well).
• If the AuthTokenDomain wasn't setup when PIA was installed (on
either the content provider or the portal) then typically we see
expiration issues with the content provider. Thus you get the
signon screen. This is because customers add the
AuthTokenDomain to the webprofile, but fail to add the domain to
the webserver's configuration. When seeing single signon
related expiration issues, that you check the weblogic.xml for the
session cookie domain and if it's not there, re-run the PIA install.
Check this for the portal and all web server content providers.
41
Notes: Continued
42
Opening A Case With GSC
If you are unable to resolve your issue, the following should be sent to
the GSC analyst handling the case:
43
Questions
thomas.hassler@oracle.com
44
Where to find additional information
• Customer Connection:
On the home page select
Advisor Webcasts
• Please submit your comments:
• Advisorfeedback_us@oracle.com
45
Questions
• To ask a question, move your cursor to the top of the
screen and select the ‘bubble’ icon next to the moderator’s
name.
46
THANK YOU
47