Our first goal is to go from a vanilla installation of PeopleSoft IH to one which allows a multitude of users with different roles to access different PeopleSoft content.
As I mentioned in the previous article, it is important to become familiar with the Setting up PeopleSoft Interaction Hub with PeopleSoft Applications red paper.
Basically this document describes the steps needed to configure Integration Broker (IB) and Single Sign On (SSO). I would suggest meticulously following this article, with the assistance of your PS Admin. A lot of things can go awry in these early steps (we came across a lot of issues with typos in the Node URIs).
When these steps are complete you should be able to do the following:
TESTING SSO (troubleshooting steps are below)
a) Create user TESTPORTAL in IH and one of your remote content providers, say HR.
b) Assign the 3 delivered roles to TESTPORTAL in both environments:
- PAPP_USER
- EOPP_USER
- PeopleSoft User
Via Main Menu -> PeopleTools -> Security -> User Profiles -> Add New Value: TESTPORTAL
 |
| minimum settings General Tab |
 |
| minimum settings ID Tab |
 |
| minimum settings Roles tab |
these 3 roles have the minimum permission lists needed to see content when connecting to two servers.
c) Login to HR as TESTPORTAL and copy the URL for Main Menu -> My System Profile
d) Log out of HR and Login to IH as TESTPORTAL and Pate the URL you copied into the address bar. If the URL opens, without asking you to Sign In again, we confirm that SSO is working, and we are off to the races!
TESTING IB NODE CONFIG (troubleshooting steps are below)
Once SSO has been confirmed as working, we need to test that we setup our Nodes Correctly. It is important to understand the naming conventions of your Nodes.
Building off the example above, with the same account created above.
a) Login to IH as TESTPORTAL
b) Navigate to Main Menu -> My System Profile
Let's take a closer look at the URL on your IH server:
yours should look similar to this:
https://ENVIRONMENT/psp/SITENAME/EMPLOYEE/EMPL/c/MAINTAIN_SECURITY.USERMAINT_SELF.GBL?CONTENT_PARAMETERS
a) Login to IH as TESTPORTAL
b) Navigate to Main Menu -> My System Profile
Let's take a closer look at the URL on your IH server:
yours should look similar to this:
https://ENVIRONMENT/psp/SITENAME/EMPLOYEE/EMPL/c/MAINTAIN_SECURITY.USERMAINT_SELF.GBL?CONTENT_PARAMETERS
Take note of EMPL ~ this should be the Employee Portal Host name for the Interaction Hub Environment.
c) To test the default Local Node, change EMPL to PSFT_PA: the page should load exactly the same as it did before. Testing the default local node, will ensure Integration Broker is setup correctly: We'll get into why this is important later.
d) To test the HR Employee Portal Host name, change PSFT_PA to HRMS: the page should load exactly the same as it did before, with one important caveat: we are not viewing My System Profile on the HR server.
Let's say the user TESTPORTAL doesn't want Email User Selected for their Workflow Attributes
e) Uncheck Workflow Attributes: Email User on your HR environment My System Profile and Save.
f) You should now be able to tell the difference when you toggle between HRMS and EMPL,
SUMMARY
After configuring ~ SSO and IB Nodes, in our Hypothetical Environment the Portal Administrator should be aware of the following Node configurations:
It is important to know the names of these going forward. We will examine the structure of the Peoplesoft URL in more detail, as it gives us a lot of information that is very useful.
TROUBLESHOOTING
Again there are a lot of things that can go wrong when you are configuring SSO and Nodes on IH and your Remote Content Providers. Here is a list that I use to troubleshoot any issues.
a) Confirm the User Account Exists on all Required PeopleSoft Servers:
c) To test the default Local Node, change EMPL to PSFT_PA: the page should load exactly the same as it did before. Testing the default local node, will ensure Integration Broker is setup correctly: We'll get into why this is important later.
d) To test the HR Employee Portal Host name, change PSFT_PA to HRMS: the page should load exactly the same as it did before, with one important caveat: we are not viewing My System Profile on the HR server.
Let's say the user TESTPORTAL doesn't want Email User Selected for their Workflow Attributes
e) Uncheck Workflow Attributes: Email User on your HR environment My System Profile and Save.
f) You should now be able to tell the difference when you toggle between HRMS and EMPL,
SUMMARY
After configuring ~ SSO and IB Nodes, in our Hypothetical Environment the Portal Administrator should be aware of the following Node configurations:
| Node Type | IH | HR |
|---|---|---|
| Employee Portal Host Name | EMPL | HRMS |
| Default Local Node | PSFT_PA | PSFT_HR |
It is important to know the names of these going forward. We will examine the structure of the Peoplesoft URL in more detail, as it gives us a lot of information that is very useful.
TROUBLESHOOTING
Again there are a lot of things that can go wrong when you are configuring SSO and Nodes on IH and your Remote Content Providers. Here is a list that I use to troubleshoot any issues.
a) Confirm the User Account Exists on all Required PeopleSoft Servers:
- The username on the account must be identical on the two servers
- Ensure it's not locked out
- Ensure it has the 3 core Security Roles: PAPP_USER, EOPP_USER, PeopleSoft User: your Security Admin will likely want to make a customized Role that has a Combination of these 3 roles within it.
- Carefully check the addresses of your default Local and Employee Portal Host Name nodes. Via Main Menu -> People Tools -> Integration Broker -> Integration Setup -> Nodes: Select the one in question, and via the Portal tab, ensure the URL is correct. (even note the trailing slash here).
- There are likely Default User ID / Node Password permissions issues (in the Node Definitions Tab) that can occur: ensure whoever is configuring these (ie your PS ADMIN) has a strategy for setting these properly. (Especially if accounts like VP1 / PS will be disabled).
No comments:
Post a Comment