Understanding PeopleSoft Secure Enterprise Search
Oracle Secure Enterprise Search (SES) is a standalone, self-contained product for searching data.
The Suggested Content feature of Secure Enterprise Search (SES/Suggested Content) can be used to federate search requests from SES to other search engines.
In a federated search a master search engine submits a search query to one or more slave search engines, aggregates those results and presents them to the user. Slave search engines are autonomous from the master search engine, in that each slave search engine may use different techniques for indexing and searching its data repositories and subsequently ranking and ordering its search results.
This chapter provides an overview of PeopleSoft Secure Enterprise Search (PS-SES) and discusses:
Preparing for SES Search.
The PS-SES URL Query String.
See Also
www.oracle.com/technology/products/oses/index.html
Understanding PeopleSoft Secure Enterprise Search
PeopleSoft Secure Enterprise Search (PS-SES) enables Oracle SES to search the PeopleSoft portal registry and PeopleSoft Enterprise Portal content such as Action Items, Calendar, Discussion Forums, Collaborative Workspaces, Resource Finder, and Managed Content, and create links to PeopleSoft content.
An SES search on the PeopleSoft Enterprise Portal for “Blogs” might return results such as these:
No direct system administrator database access is required to use PS-SES and no intimate knowledge of PeopleSoft portal data is needed. Security is handled by the PeopleSoft Integration Broker web service framework.
PS-SES Search Request Process
The following diagram illustrates the flow for an SES search.
Flow chart showing the path of a search request from Oracle SES to PSSES
The flow for searching PeopleSoft Enterprise Portal for Oracle SES is:
Oracle SES sends an HTTP request to Peoplesoft PS-SES with these parameters:
Authenticate mode
From node and To node
Portal name and node
Service operation and portal node name
Search index group
Search string
Debug mode
The HTTPListening connector receives the request and passes it to the Integration Broker handler application class to read the URL query parameters.
The Integration Broker handler checks the URL query string for all the mandatory parameters, validates the parameter values, and initiates a Portal search, which is executed using Search API. This is a Verity search and is performed upon the pre-built search indexes.
Integration broker performs a check only on those parameters that are necessary for the connector, such as From node, To node, and Service Operation name. Other parameters, such as Authenticate mode, Portal name, Portal node name, search index group, search string, debug mode are validated by the Entprise Portal application class handler (EPPSR_SES).
Search API applies security using the user context of the default user assigned to the From node. If no From node is assigned then Anonymous node is set as From node by default.
The search results are then wrapped in an XML response and sent back to SES.
SES renders the XML search results with a look and feel similar to a PeopleSoft Enterprise Portal search page.
Preparing for SES Search
Follow these steps to prepare for SES search.
Details for each step are presented in the sections that follow.
Configure for search authentication.
Configure PeopleSoft authentication.
Configure Integration Broker.
Create a new From node.
Define the search index group to be used for searching.
Test your PS-SES configuration.
Configuring PeopleSoft Enterprise Portal for Search AuthenticationYou can perform SES search in authenticated or unauthenticated mode. This section presents considerations for each mode.
Unauthenticated Mode
Unauthenticated mode is primarily used to provide Guest access. In this mode the user can search into those portal contents that are made available to all users without authentication.
In unauthenticated mode the request handler application class executes in the context of the default user ID of the From node (or the Anonymous node, if no from node is provided in the URL).
For this reason Oracle recommends that you assign a user ID to the From node that has the least privileges necessary to perform public search. Unauthenticated search is performed generally by guest users who should not be given access to secured search results. If the permissions of the user ID assigned to the From node are higher than those of the Guest profile then an unauthenticated user will be able to access search results that are above the Guest user security level.
Authenticated Mode
In authenticated mode the user is authenticated using PS_TOKEN and the returned search results are based on the security permissions available to the user.
To search in authenticated mode a user must have a user ID and that has been assigned permissions to view content on the portal. When a validated user performs a search in authenticated mode the user receives search results based on the security permissions for that user ID.
In authenticated mode a SwitchUser call is executed with the PS_TOKEN passed as a cookie. Once a switch user is performed search is executed on the context of the switched user.
Note. It is the From node and not the To node that provides the context for the search.
The following elements must be in place to perform a search in authenticated mode.
The SES install and the PeopleSoft web server must be configured with the same network domain and reside in that same network domain.
Oracle Internet Directory (OID) server must be installed and OID plug-in must be configured for SES.
Consult your OID documentation for details.
When OID is configured correctly a PeopleSoft login link displays on the SES search page.
The PeopleSoft Authentication domain must be set.
This can be done while configuring the web server or using the Web Profile Configuration page.
To set the Authentication Domain access the Web Profile Configuration page (PeopleTools, Web Profile Configuration).
Service operation security must be set for the service operation. At least one permission list belonging to the default User ID of the From or the Anonymous node must be assigned to the service operation.
Access the Web Services page to add the EPPSR_SES_SRCH service to a permission list (PeopleTools, Security, Permission Lists, Web Services).
By default, Anonymous node will have PS_ADMIN as its user ID. This must be changed to a user ID upon whose context search will be conducted.
Note. Oracle does not deliver a permission list that includes the EPPSR_SES_SRCH service.
Configuring PeopleSoft Authentication
To perform a search from SES a user must first login to SES. Then, the first time a users performs a search of the PeopleSoft portal from SES, the PeopleSoft login link is presented. When the user logs in with a valid PeopleSoft user ID and password a PS_TOKEN cookie is generated and a session is established with PeopleSoft. The cookie remains available for the duration of the session.
The PS_TOKEN cookie is passed over to Peoplesoft through the HTTP request each time a search is performed.
The application class request handler retrieves the PS_TOKEN cookie from the HTTP request and uses the SwitchUser function it to change the user ID of the current user logged onto the PeopleSoft system.
The user ID under which search is performed and the user ID configured in the From (or Anonymous) node must be different. For example, suppose the user ID of the From node is PAPP_EMPLOYEE. A user performing an authenticated search from the SES search page must signon to PeopleSoft using the PeopleSoft signon. If the user signs on as PAPP_EMPLOYEE the SwitchUser function executes in the PAPP_EMPLOYEE user context. SwitchUser fails because it cannot switch to the user ID from which it is called.
Note. Oracle recommends that you assign a user ID with the minimum needed privileges to the From or Anonymous node.
Configuring Integration Broker
You do not need to modify Integration Broker unless your customize your application. To support SES these Integration Broker objects are delivered with PeopleSoft Enterprise Portal:
|
Object |
Description |
Navigation |
|
EPPSR_SES_REQ |
Request Message |
PeopleTools, Integration Broker, Integration Setup, Messages |
|
EPPSR_SES_RES |
Response Message |
PeopleTools, Integration Broker, Integration Setup, Messages |
|
EPPSR_SES |
Service |
PeopleTools, Integration Broker, Integration Setup, Services |
|
EPPSR_SES_SRCH |
Service Operation |
Service Operations group box |
|
EPPSR_SES:SES_SRCH |
Request handler |
Access the Handlers tab |
In addition, verify that the following are in place:
Use PS-Admin to verify that the application server has Pub/Sub activated.
Verify that the application server domain status is Active (PeopleTools, Integration Broker, Configuration, Quick Configuration).
Creating a New From Node
If you intend to use an exclusive From node you need a create a new node. If a From node is not specified then the default Anonymous node is used.
Access the Nodes page and create a new node named SES (PeopleTools, Integration Broker, Integration Setup, Nodes)
Access the Node Definitions page and specify the following values:
Node type —External
Active node — Selected
Default User Id — Select the userid on whose context handler is run when run in an unauthenticated mode.
Defining the Search Index Group to be Used for Searching
The search URL takes as a parameter the search index group that will be used for the search.
The PAPP_PORTAL_SEARCH index group by default includes the portal registry index (EMPLOYEE) and other content indexes (EPPCM_DOC, EPPCM_URL, EPPCM_HTML).
If you pass this index group name as the value for IndexGroup parameter then search will be limited to the portal registry and content. If you want to search into other portal search scopes, such as Discussion Forums, Action Items, and so on, you can either add the corresponding index to this index group or create a new index group and add all the needed indexes to it.
When your search index is defined build the index and execute a search to test it. You will use the results of this search to verify your SES search configuration.
See Also
Testing Your PS-SES Configuration
For unauthenticated mode, use this URL:
http://<MachineName:Port>/PSIGW/HttpListeningConnector?authenticate=n&To=PSFT_PA &Portal=EMPLOYEE&Node=EMPL&Operation=EPPSR_SES_SRCH.v1&indexgroup=PAPP_PORTAL_⇒ SEARCH &SearchText=dictionary
For authenticated mode, use this URL:
http://<MachineName:Port>/PSIGW/HttpListeningConnector?authenticate=n&From=SES &To=PSFT_PA&Portal=EMPLOYEE&Node=EMPL&Operation=EPPSR_SES_SRCH.v1 &indexgroup=PAPP_PORTAL_SEARCH&debug=y&SearchText=dictionary
SES URL Query String
To initiate a search SES sends a URL Query String to PS-SES.
The URL is in this format:
http://<MachineName:Port>/PSIGW/HttpListeningConnector/?authenticate=<Y|N> &To=PSFT_PA&Portal=<Portalname>[From=<FromPortalName>]&Node=<Nodename> &Operation=EPPSR_SES_SRCH.v1&indexgroup=<IndexGroupName> [&debug=<Y|N>]&SearchText=<SearchText>
URL Query String Parameters
The following parameters are passed through the URL query string as part of the HTTP request. All parameter values are case insensitive. The order of the parameters does not matter.
|
Authenticate |
If Authenticate is set to Y then PS_TOKEN is validated and used to switch user. If set to any value other than Y the search is performed using the default user ID associated with the default local node. See Authenticated Mode. |
|
From |
This parameter sets the From node in Integration Broker. The Integration Broker handler is run in the userid context of the From node’s default user ID. For example, if the default user ID of the From node is set to GUEST then any search performed will return results corresponding to GUEST. If this parameter is not included in the HTTP Request then Anonymous node becomes the default From node and search is performed using the user ID context of the default Anonymous node. See Authenticated Mode. This parameter is optional. If it is not included then Anonymous node is taken as the From node. |
|
To |
Specify the name of the node that will receive the message. This parameter must be set to the default local node, which is PSFT_PA for PeopleSoft Enterprise Portal. The default user ID of this node does not influence the search results. This parameter is optional if you specified a default target node using the default application server Jolt connect string properties in the integrationGateway.properties file. |
|
Portal |
Specify the portal name into which the search is to be performed. If this parameter is empty or invalid an error message is returned. |
|
Node |
Specify the node that hosts the content. If this parameter is empty or invalid an error message is returned. |
|
Operation |
Specify the service operation name, which for PS-SES is set to EPPSR_SES_SRCH. If this parameter is empty an Integration Broker Gateway error is thrown. |
|
IndexGroup |
Specify the search index group. If this parameter is empty or invalid an error message is returned. SES Search is enabled for the following Search Index Groups. One of these Index group names must be passed as a value for the IndexGroup parameter:
|
|
Debug |
Set Debug to Y to obtain detailed error information. This parameter is optional. By default detailed error information is disabled. |
|
SearchText |
The search string is case insensitive. While searching this is converted into uppercase. If this parameter is empty then the search is not performed. |
Examples
URL example with a From node and the Debug flag
http://PTDMO-099.us.oracle.com:8980/PSIGW/HttpListeningConnector/?authenticate=n &From=SES&To=PSFT_PA&Portal=EMPLOYEE&Node=EMPL&Operation=EPPSR_SES_SRCH.v1 &indexgroup=PAPP_PORTAL_SEARCH&debug=y&SearchText=dictionary
URL example with a From node and the Debug flag
http://PTDMO-099.us.oracle.com:8980/PSIGW/HttpListeningConnector/ ?authenticate=n&To=PSFT_PA&Portal=EMPLOYEE&Node=EMPL&Operation=EPPSR_SES_SRCH.v1 &indexgroup=PAPP_PORTAL_SEARCH &SearchText=dictionary