PUM Images, Single Sign-On and Unified Navigation: Getting everyone on the same page.

I have been experimenting with PeopleSoft PUM Images for the past few months and I really like that they can provide Vanilla Functionality quickly, getting a brand new PIA environment setup in a few hours.

With PUM Images, there are far less technical challenges to worry about, thus freeing up time and resources to focus on functionality.  I have spent some of this saved time setting up an environment that uses two PUM Images, and successfully connecting them via SSO, and Unified Navigation.

I strongly recommend going through this article: and getting the following working because there are a number of key things you can take advantage of when using a PUM Image:

  • App Designer ~ use data mover, edit peoplecode etc.
  • SQL Developer ~ SYSADM access to run update queries
  • PIA access on your browser ~ VP1 account access 
  • Access to Web Logic Admin Console ~ https://serverURL/console username: system password Passw0rd can allow you to check sessions.

The setup makes for an excellent development environment.  I also found this article useful: 
  • WinSCP for file Edits and Transfers ~ edit configuration.properties files
  • PSAdmin commands ~ reset web server, reset app server, clear app server cache, Tuxedo commands

for more PSADMIN related configuration information.

Other advantages include the ability in Oracle's Virtual Box to Snap Shot your server instances.  It is very easy to make a snapshot, then if you blow up your environment from making a config change, it is very easy to revert back.



Our Goal:

Final Result: IH 8.54 Connecting with FS 8.54 via unified Navigation using two separate PUM Images.

The picture above is what we want to get working.  Using a PeopleSoft IH server to connect to the main menu of a PeopleSoft Financials Server via Unified Navigation.



I have complied a list of steps that when followed in sequential order, gets two PUM images: IH (Image 1) and FSCM (Image 13) working using Single Sign-On and Unified Navigation.  I'd like to use these environments as a "Vanilla Vanilla" environment, to help troubleshoot issues.  This environment isn't perfect, but I have found it very useful to take certain variables (load balancing, environmental differences) out of the equation.


Getting Started


First of all, you will need a pretty new machine to get this going: I am using a Windows 7 PC with 8 gigs of Memory ~ I'd recommend a little more, but this does seem to be sufficient for our purposes.

Please use these settings at your own risk!  This process simplifies security, but is VERY unsecure: be sure not to allow external access to these environments.  Currently I am also having a session persistence issue in these environments (occasionally getting logged out, especially when toggling between the Home and Guest Tabs): if I come up with a fix, I'll update here.  Edit: I found this was related to using non delivered web profile caching settings.  With delivered web profile caching set, I think this was working correctly.


Virtual Box Settings




Download and Install Oracle Virtual Box
Import Appliance OVA Files: (steps found in the articles listed above)
  • IH-910-UPD-001.OVA (Interaction Hub with 8.54.10 on 9.1 R3)
  • FSCM-920-UPD-013.OVA  (Financials with 8.54.11 on 9.2 Image 13)
Check out the PUM Homepage to find these files ~ you'll need download access via Oracle Support

If you are running on 8GB of Memory, I have had some success throttling the memory down to 3072 MB each, and didn't notice any issues on the servers. (this way you leave a little memory for your OS).

Take snapshots of your vms now, so you have base config. (I find this useful so you don't have to re-import them all over again).

Power on IH VM, and follow on-screen defaults with exceptions:
*Make note of your IP address: by default, it should be: 192.168.56.101
Do you want to manually configure hostname? Yes
Set hosthame to ih.ps.com
Set Connect ID Password to peop1e
No to Installing SES (this was for performance reasons)
sign in as root
run the command: vi /etc/hosts
press i to insert
add the following line to the bottom of the file:
192.168.56.102 fs.ps.com fs
press esc
press :wq to save


Power on FS VM, and follow on-screen defaults with exceptions:
*Make note of your IP address: by default, it should be: 192.168.56.102
Do you want to manually configure hostname? Yes
Set hosthame to fs.ps.com
Set Connect ID Password to peop1e
No to installing SES (this was for performance reasons)
sign in as root
run the command: vi /etc/hosts
press i to insert
add the following line to the bottom of the file:
192.168.56.101 ih.ps.com ih
press esc
press :wq to save


in windows update HOSTS file: 

Click Start > All Programs > Accessories.
Right-click Notepad and select Run as administrator.
Click Continue on the Windows needs your permission UAC window.
When Notepad opens, click File > Open.
In the File name field, type C:\Windows\System32\Drivers\etc\hosts.
Click Open.
Make the necessary changes to the file.
Click File > Save to save your changes.

add the lines:
192.168.56.101 ih.ps.com
192.168.56.102 fs.ps.com
and save


on IH and FS run command shutdown -r now

take snapshots of your VMS now, so you have base + admin config

sign into your severs with the VP1 (same password) account using two different web browsers:

via: ih.ps.com:8000 and fs.ps.com:8000





Nodes Setup

On IH

Goto: 
Main Menu > PeopleTools > Integration Broker > Integration Setup > Nodes



Search For ANONYMOUS
Set Default User ID to PAPP_USER and Save
Click the Portal Tab
Confirm Tools Release to 8.54
Confirm Application Release to Portal Solutions 9.1
Confirm Content URI Text to: http://ih.ps.com:8000/psc/ps/
Confirm Portal URI Text to: http://ih.ps.com:8000/psp/ps/

Search for PSFT_PA (IH default Local node)
Set Node Password to VP1
Check segment aware checkbox
Save

Search for EMPL (IH portal host node)
Check segment aware checkbox
Click the Portal Tab
Confirm Tools Release to 8.54
Confirm Application Release to Portal Solutions 9.1
Confirm Content URI Text to: http://ih.ps.com:8000/psc/ps/
Confirm Portal URI Text to: http://ih.ps.com:8000/psp/ps/
Save

Search for PSFT_EP (FS default Local node)
Set Authentication Option to Password
Set Node Password to VP1
Check segment aware checkbox
Click the Portal Tab
Set Tools Release to 8.54
Set Application Release to Financials/SCM 9.20.
set Content URI Text to: http://fs.ps.com:8000/psc/ps/
set Portal URI Text to: http://fs.ps.com:8000/psp/ps/
Save



Search for ERP (FS portal host node)
Check segment aware checkbox
Click the Portal Tab
Set Tools Release to 8.54
Set Application Release to Financials/SCM 9.20.
set Content URI Text to: http://fs.ps.com:8000/psc/ps/
set Portal URI Text to: http://fs.ps.com:8000/psp/ps/
Save


On FS
Goto: 
Main Menu > PeopleTools > Integration Broker > Integration Setup > Nodes

Search For ANONYMOUS
Set Default User ID to VP1 and Save
Click the Portal Tab
Confirm Tools Release to 8.54
Confirm Application Release to Financials/SCM 9.20.
Confirm Content URI Text to: http://fs.ps.com:8000/psc/ps/
Confirm Portal URI Text to: http://fs.ps.com:8000/psp/ps/


Search for PSFT_EP (FS default Local node)
Set Authentication Option to Password
Set Node Password to VP1
Check segment aware checkbox
Click the Portal Tab
Confirm Tools Release to 8.54
Confirm Application Release to Financials/SCM 9.20.
Confirm Content URI Text to: http://fs.ps.com:8000/psc/ps/
Confirm Portal URI Text to: http://fs.ps.com:8000/psp/ps/
Save



Search for ERP (FS portal host node)
Check segment aware checkbox
Click the Portal Tab
Confirm Tools Release to 8.54
Confirm Application Release to Financials/SCM 9.20.
Confirm Content URI Text to: http://fs.ps.com:8000/psc/ps/
Confirm Portal URI Text to: http://fs.ps.com:8000/psp/ps/
Save


Search for PSFT_PA (IH default Local node)
Set Authentication Option to Password
Set Node Password to VP1
Check segment aware checkbox
Click the Portal Tab
Set Tools Release to 8.54
Set Application Release to Portal Solutions 9.1
set Content URI Text to: http://ih.ps.com:8000/psc/ps/
set Portal URI Text to: http://ih.ps.com:8000/psp/ps/
Save

Search for EMPL (IH portal host node)
Check segment aware checkbox
Click the Portal Tab
Set Tools Release to 8.54
Set Application Release to Portal Solutions 9.1
set Content URI Text to: http://ih.ps.com:8000/psc/ps/
set Portal URI Text to: http://ih.ps.com:8000/psp/ps/
Save



Gateway Setup



For IH Navigate to
Main Menu > PeopleTools > Integration Broker > Configuration > Gateways
Hit the search button to load up the LOCAL gateway ID
copy the URL: http://ih.ps.com:8000/PSIGW/PeopleSoftListeningConnector from IH to the same location on FS


for IH navigate to: 
Main Menu > PeopleTools > Integration Broker > Configuration > Gateways
Click the Gateway Setup Properties Link
-Username administrator
-Password password

**Oracle recommends that IH be at the Same Level or Greater tools version over all remote content providers ~ but I did get this working.


-add PeopleSoft Node: PSFT_EP, //fs.ps.com:9000, VP1, VP1, 8.54.11 
-Set Domain Password to PS for default app server and both nodes.
-Ping Node
Click Ok


for FS navigate to: 
Main Menu > PeopleTools > Integration Broker > Configuration > Gateways
Click the Gateway Setup Properties Link
-Username administrator
-Password password
-confirm PeopleSoft Node: PSFT_PA, //ih.ps.com:9000, VP1, VP1, 8.54.10 exists already (it should be the same since we are using 1 gateway)
-Ping Node
Click Ok


SSO Setup



On IH:
Navigate to: Main Menu> PeopleTools>Security>Security Objects>Single Signon
Add node PSFT_EP 
Save

On FS:
Navigate to: Main Menu> PeopleTools>Security>Security Objects>Single Signon
Add node PSFT_PA 
Save



Run Domain



On IH:
Navigate to: PSFT_EP: Main Menu>PeopleTools> Integration Broker> Integration Network WorkCenter
Click Configuration Status on Left
Click Domain Active
For ih.ps.com set Domain Status to Active
Press Update
Press Refresh
Press Update again all 3 status strings should be active




On FS:
Navigate to: PSFT_EP: Main Menu>PeopleTools> Integration Broker> Integration Network WorkCenter
Click Configuration Status on Left
Click Domain Active
For fs.ps.com set Domain Status to Active
Press Update
Press Refresh
Press Update again 2 status strings should be active



Auth  Token Settings:


For both IH and FS

From the virtual box unix console:
Sign in as root

run the following commands:

su psadm2      [set user command]
psadmin        [run the psadmin utility]
4              [navigate to the Web Server utility]
1              [administer a domain]
1              [peoplesoft domain]
4              [configure this domain]
6              [configure Auth Token]
.ps.com        [type .ps.com then press enter]
s              [save]

quit out, and 'exit 'psadm2


Reboot Server (as root: shutdown -r now)
Clear everything on your browser: Ctrl+Shift+Delete


Implement Single Sign-Off

Using WinSCP, connect to: 192.168.56.101 as root and browse to directory:
Browse to:

/home/psadm2/psft/pt/8.54/webserv/peoplesoft/applications/peoplesoft/PORTAL.war/WEB-INF/psftdocs/ps

Locate the signin.html file
Right-click and edit it

under:

<body onload="ptSignon().login();">

add the two images:

<img style="display:none;" src="http://ih.ps.com:8000/psp/ps/EMPLOYEE/EMPL/?cmd=logout"/>
<img style="display:none;" src="http://fs.ps.com:8000/psp/ps/EMPLOYEE/ERP/?cmd=logout"/>

Save the file, and reboot your web server (similar instructions to the Auth Token Settings above, except shutdown and boot the web server).

Testing

are nodes Pingable:

Via IH
Goto
Main Menu > PeopleTools > Integration Broker > Integration Setup > Nodes
Search for: PSFT_PA
Click the Connectors Tab
Click Ping Node... Success?
Search for: PSFT_EP
Click the Connectors Tab
Click Ping Node... Success?


Via FS
Goto
Main Menu > PeopleTools > Integration Broker > Integration Setup > Nodes
Search for: PSFT_PA
Click the Connectors Tab
Click Ping Node... Success?
Search for: PSFT_EP
Click the Connectors Tab
Click Ping Node... Success?


Unified Nav



Add Remote Content for Unified Nav (the link in the work center appears to be broken):
Browse to Main Menu > People Tools > Portal > Structure and Content
Click Add Folder
Name: CUST_FINANCE
Label: Finance
Valid From Date (choose yesterday)



Name: FOLDERID
Attribute Value:PSFT_EP:PORTAL_ROOT_OBJECT
Translate: UNchecked
Name: LOCATION
Attribute Value:REMOTE
Translate: UNchecked
Name: NODE
Attribute Value:PSFT_EP
Translate: UNchecked
Name: PORTAL
Attribute Value:EMPLOYEE
Translate: UNchecked

Save.

Unified Nav Fix:


From: https://support.oracle.com/epmos/faces/DocumentDisplay?id=1957232.1 

Still don't seem to see the Main Menu > Finance Folder at this point in my PUM image.  Running this fix in APP Designer seems to get stuff working.


1. Login into the IH App-Designer and open the App Package: PT_NAV2 
2. Open the class, PT_NAV2.NavHover 
3. Go to the method "getFolderContents" and find the below code and add 
"&Disable = "TRUE";" code and it should become like this: 
  
         &Disable = "TRUE"; 
         rem Remote Folder/Cref Security Validation; 
         If (&Location = "REMOTE" And 
               &Disable <> "TRUE") Then 
            If (&CrefId <> "" Or 
                  &FolderId <> "") Then 
               %This.CheckUnFldrAccess(&CrefId, &FolderId, &RemoteNode); 
               &CrefId = %This.crefSecList; 
               &FolderId = %This.fldrSecList; 
            End-If; 
         End-If; 
4. Go to the method "getUniNavBreadcrumbPathHTML" and find the below code and 
add "&Disable = "TRUE";" code and it should become like this: 

  &Disable = "TRUE"; 

         If (&Location = "REMOTE" And 
               &Disable <> "TRUE") Then 
            If (&CrefId <> "" Or 
                  &FolderId <> "") Then 
               %This.CheckUnFldrAccess(&CrefId, &FolderId, &RemoteNode); 
               &CrefId = %This.crefSecList; 
               &FolderId = %This.fldrSecList; 
            End-If; 
         End-If; 


The Main Menu -> Finance Folder should now be available.

Going forward, I hope others (perhaps even oracle support) can begin to configure environments such as the ones illustrated above, as together we can help each other isolate problems and work together for solutions.

Troubleshooting

Snapshots  & Server Time Issue: 

After reverting to a "hot snapshot" SSO stops working:

As mentioned before, taking snapshots is a great way of ensuring you have a back up of the whole system before making any big changes.   One thing to note though, is to keep an eye on the server time.  I did a restore of a snapshot from a few weeks ago, and it me weaked havoc on a Token Expire cookie: unified nav and sso stopped working. Ensure the server times on your systems are current (you can run the $ date command as root).  If you notice the time is way off, you can do a cold boot of the VM, by powering it off and on and ensure the correct date is set.