Sunday, March 22, 2009

PeopleSoft as a Password Authentication "Ticket" Server

My post Generating an AuthToken for SwitchUser demonstrates how to acquire and expire PeopleSoft authentication tokens. Using this approach, you could hook any custom application into the PeopleSoft security model, allowing PeopleSoft to manage security for many of your custom enterprise applications. Continuous token (ticket) validation could be implemented through a very simple web service that calls SwitchUser and returns the result. If SwitchUser returns true, then the token is valid.

Really, if you are interested in a centeralized, integrated security solution, then you should speak with your Oracle rep about Oracle's Identity Management Suite.

2 comments:

Kevin Weaver said...

Hi Jim,

I have a question regarding Portal and HCM authentication. I looking at an issue that we keep seeing in our logs with an error homepageT. The odd thing is that when I see this error I notice that the appserver is returning a TOKEN with a datetime in the past?

Here is an example that I pulled out of the logs using splunk. It is from last night at 6:42 PM, but the PS_TOKEN is from around 1 PM.

11/30/16
6:42:30.000 PM
PSAPPSRV.25861 (2237) [2016-11-30T18:42:30.855 GetCertificate](3) Returning context. ID=KCW002, Lang=ENG, UStreamId=184230855_25861.2237, Token=PSFT_PA/2016-11-30-12.42.30.154553/KCW002/ENG/jF5gZnpx36fbqtZ1/Ui6/l2EH+Q=

11/30/16
6:42:31.000 PM
PSAPPSRV.17534 (7567) [2016-11-30T18:42:31.230 KCW002@mydata.intranet.umb.com (IE 11.0; WIN7) HomepageTemplate](0) Duplicate cookie PS_TOKEN received. Value1=PSFT_HR/2016-11-30-12.34.08.336246/KCW002/ENG/mqOGbeHMB8V7U0eYA/cA6fAGW4g=, Value2=PSFT_PA/2016-11-30-12.42.30.154553/KCW002/ENG/jF5gZnpx36fbqtZ1/Ui6/l2EH+Q=.

What do you think is going on here and how do you think we can fix it?


Oh, and Congrats on your new job!

Jim Marion said...

@Kevin, it is a great question. I have no idea.