Oracle Secure Enterprise Search (SES) is a standalone, self-contained product for searching data. The Suggested Content feature of Secure Enterprise Search (SES/Suggested Content) can be used to federate search requests from SES to other search engines. In a federated search, a master search engine submits a search query to one or more slave search engines, aggregates those results, and then presents them to the user. Slave search engines are autonomous from the master search engine, in that each slave search engine may use different techniques for indexing and searching its data repositories and subsequently ranking and ordering its search results.
PeopleSoft Applications Portal provides a web service (the EPPSR_SES_SRCH service) that allows Oracle SES to submit a search query to a PeopleSoft Applications Portal system. The search query interrogates PeopleSoft Applications Portal's native Verity-based indexes and returns the results to Oracle SES.
This web service integration is very different from “Application Search” introduced with the PeopleSoft Search Framework in PeopleTools 8.52. Using the PeopleSoft Search Framework, you can simultaneously deploy PeopleSoft Applications Portal search indexes together with search indexes from other PeopleSoft applications and present those indexes in a single, global Application Search user interface in the portal header. With PeopleSoft Applications Portal 9.1 Feature Pack 1 (FP1), Application Search through the PeopleSoft Search Framework becomes the standard for integration with Oracle SES. The web services integration described in this chapter has been deprecated as of PeopleSoft Applications Portal 9.1 FP1.
This chapter provides an overview of the EPPSR_SES_SRCH web service and discusses:
Configuring your system for Oracle SES search.
The URL query string.
See Also
www.oracle.com/technology/products/oses/index.html
Configuring PeopleSoft Applications Portal for Application Search
The EPPSR_SES_SRCH web service delivered with PeopleSoft Applications Portal enables Oracle SES to search the PeopleSoft portal registry and indexed PeopleSoft Applications Portal content such as action items, blogs, calendars, discussion forums, collaborative workspaces, Resource Finder, and the content management system, and create links to PeopleSoft Applications Portal content.
An Oracle SES search on a PeopleSoft Applications Portal system for “Blogs” might return results such as these:
No direct database access is required to use the EPPSR_SES_SRCH web service and no intimate knowledge of PeopleSoft portal data is needed. Security is handled by the PeopleSoft Integration Broker web service framework.
EPPSR_SES_SRCH Search Request Process
The following diagram illustrates the flow for an Oracle SES search through the EPPSR_SES_SRCH web service:
Flow chart showing the path of a search request from Oracle SES
The flow for searching PeopleSoft Applications Portal from Oracle SES is:
Oracle SES sends an HTTP request to the PeopleSoft Applications Portal system with these parameters:
Authenticate mode
From node and To node
Portal name and node
Service operation and portal node name
Search index group
Search string
Debug mode
The HTTPListening connector receives the request and passes it to the Integration Broker handler application class to read the URL query parameters.
The Integration Broker handler checks the URL query string for all the mandatory parameters, validates the parameter values, and initiates a portal search, which is executed using the search API. This is a Verity search and is performed upon the pre-built search indexes.
Integration Broker performs a check only on those parameters that are necessary for the connector, such as From node, to node, and service operation name. Other parameters, such as authenticate mode, portal name, portal node name, search index group, search string, debug mode are validated by the PeopleSoft Applications Portal application class handler (EPPSR_SES).
The search API applies security using the user context of the default user assigned to the from node. If no from node is assigned, then the ANONYMOUS node is set as the from node by default.
The search results are then wrapped in an XML response and sent back to Oracle SES.
Oracle SES renders the XML search results with a look and feel similar to a PeopleSoft Applications Portal search page.
Follow these steps to prepare for Oracle SES search. The details for each step are presented in the sections that follow:
Configure for search authentication.
Configure PeopleSoft authentication.
Configure Integration Broker.
Create a new from node.
Select the search index group to be used for searching.
Test your configuration.
Important! Due to the introduction of PeopleSoft Application Search, the web services integration described in this chapter has been deprecated as of PeopleSoft Applications Portal 9.1 FP1.
See Also
Configuring PeopleSoft Applications Portal for Application Search
You can perform Oracle SES searches in authenticated or unauthenticated mode. This section presents considerations for each mode.
Unauthenticated Mode
Unauthenticated mode is primarily used to provide Guest access. In this mode the user can search into those portal contents that are made available to all users without authentication.
In unauthenticated mode the request handler application class executes in the context of the default user ID of the From node (or the Anonymous node, if no from node is provided in the URL).
For this reason Oracle recommends that you assign a user ID to the From node that has the least privileges necessary to perform public search. Unauthenticated search is performed generally by guest users who should not be given access to secured search results. If the permissions of the user ID assigned to the From node are higher than those of the Guest profile then an unauthenticated user will be able to access search results that are above the Guest user security level.
Authenticated Mode
In authenticated mode, the user is authenticated using PS_TOKEN and the returned search results are based on the security permissions available to the user.
To search in authenticated mode, a user must have a user ID and that has been assigned permissions to view content on the portal. When a validated user performs a search in authenticated mode the user receives search results based on the security permissions for that user ID.
In authenticated mode a SwitchUser call is executed with the PS_TOKEN passed as a cookie. Once a switch user is performed search is executed on the context of the switched user.
Note. It is the From node and not the To node that provides the context for the search.
The following elements must be in place to perform a search in authenticated mode:
The Oracle SES instance and the PeopleSoft web server must be configured with the same network domain and reside in that same network domain.
Oracle Internet Directory (OID) server must be installed and the OID plug-in must be configured for Oracle SES.
Consult your OID documentation for details.
When OID is configured correctly, a PeopleSoft login link displays on the Oracle SES search page.
The PeopleSoft authentication domain must be set.
This can be done while configuring the web server or using the Web Profile Configuration page.
To set the authentication domain, access the Web Profile Configuration page (PeopleTools, Web Profile Configuration).
Service operation security must be set for the service operation. At least one permission list belonging to the default user ID of the From or the ANONYMOUS node must be assigned to the service operation.
Access the Web Services page to add the EPPSR_SES_SRCH service to a permission list (PeopleTools, Security, Permissions & Roles, Permission Lists, Web Services).
By default, the ANONYMOUS node will have PS_ADMIN as its user ID. This must be changed to a user ID upon whose context searches will be conducted.
Note. Oracle does not deliver a permission list that includes the EPPSR_SES_SRCH service.
To perform a search from Oracle SES, a user must first login to an Oracle SES instance. Then, the first time a users performs a search of the PeopleSoft Applications Portal system from Oracle SES, the PeopleSoft login link is presented. When the user logs in with a valid PeopleSoft user ID and password, a PS_TOKEN cookie is generated and a session is established with the PeopleSoft system. The cookie remains available for the duration of the session.
The PS_TOKEN cookie is passed over to the PeopleSoft system through the HTTP request each time a search is performed.
The application class request handler retrieves the PS_TOKEN cookie from the HTTP request and uses the SwitchUser function it to change the user ID of the current user logged onto the PeopleSoft system.
The user ID under which search is performed and the user ID configured in the From (or ANONYMOUS) node must be different. For example, suppose the user ID of the From node is PAPP_EMPLOYEE. A user performing an authenticated search from the Oracle SES search page must signon to the PeopleSoft system using the PeopleSoft signon. If the user signs on as PAPP_EMPLOYEE, the SwitchUser function executes in the PAPP_EMPLOYEE user context. SwitchUser fails because it cannot switch to the user ID from which it is called.
Note. Oracle recommends that you assign a user ID with the minimum needed privileges to the From or ANONYMOUS node.
You do not need to modify Integration Broker unless your customize your application. To support Oracle SES, these Integration Broker objects are delivered with PeopleSoft Applications Portal:
Object |
Description |
Navigation |
EPPSR_SES_REQ |
Request Message |
PeopleTools, Integration Broker, Integration Setup, Messages |
EPPSR_SES_RES |
Response Message |
PeopleTools, Integration Broker, Integration Setup, Messages |
EPPSR_SES |
Service |
PeopleTools, Integration Broker, Integration Setup, Services |
EPPSR_SES_SRCH |
Service Operation |
Service Operations group box |
EPPSR_SES:SES_SRCH |
Request handler |
Access the Handlers tab |
In addition, verify that the following are in place:
Use PSADMIN to verify that the application server has Pub/Sub activated.
Verify that the application server domain status is active (PeopleTools, Integration Broker, Integration Network, Configuration Status).
If you intend to use an exclusive From node, you need a create a new node. If a From node is not specified then the default ANONYMOUS node is used.
Access the Nodes page and create a new node named SES (PeopleTools, Integration Broker, Integration Setup, Nodes).
Access the Node Definitions page and specify the following values:
Node type —External
Active node — Selected
Default User ID — Select the user ID on whose context handler is run when run in an unauthenticated mode.
The search URL takes the search index group that will be used for the search as a parameter.
The PAPP_PORTAL_SEARCH index group by default includes the portal registry index (EMPLOYEE) and a few, selected content indexes (EPPCM_DOC, EPPCM_URL, and EPPCM_HTML). If you pass this index group name as the value for IndexGroup parameter, then the Oracle SES search will be limited to the portal registry and this selected content. If you want to search into other portal search scopes, such as discussion forums, action items, and so on, you can either add the corresponding indexes to this index group, or create a new index group and add all the needed indexes to it.
When your search index group is defined, build the index and execute a search to test it. You will use the results of this search to verify your Oracle SES search configuration.
See Also
For unauthenticated mode, use a URL similar to the following:
http://machine_name:port/PSIGW/HttpListeningConnector?authenticate=N&To=⇒ PSFT_PA&Portal=EMPLOYEE&Node=EMPL&Operation=EPPSR_SES_SRCH.v1&indexgroup=⇒ PAPP_PORTAL_SEARCH&SearchText=dictionary
For authenticated mode, use a URL similar to the following:
http://machine_name:port/PSIGW/HttpListeningConnector?authenticate=Y&From=SES&To=⇒ PSFT_PA&Portal=EMPLOYEE&Node=EMPL&Operation=EPPSR_SES_SRCH.v1&indexgroup=⇒ PAPP_PORTAL_SEARCH&debug=y&SearchText=dictionary
To initiate a search, Oracle SES sends a URL query string to the PeopleSoft Applications Portal system in the following format:
http://machine_name:port/PSIGW/HttpListeningConnector/?authenticate={Y|N}&To=PSFT_⇒ PA&Portal=portal_name[From=FROMportal_name]&Node=node_name>&Operation=EPPSR_SES_⇒ SRCH.v1&indexgroup=INDEX_GROUP_NAME[&debug={Y|N}]&SearchText=search_text
URL Query String Parameters
The following parameters are passed through the URL query string as part of the HTTP request. All parameter values are case insensitive. The order of the parameters does not matter.
Authenticate |
If Authenticate is set to Y then PS_TOKEN is validated and used to switch user. If set to any value other than Y the search is performed using the default user ID associated with the default local node. See Authenticated Mode. |
From |
This parameter sets the From node in Integration Broker. The Integration Broker handler is run in the userid context of the From node’s default user ID. For example, if the default user ID of the From node is set to GUEST then any search performed will return results corresponding to GUEST. If this parameter is not included in the HTTP Request then Anonymous node becomes the default From node and search is performed using the user ID context of the default Anonymous node. See Authenticated Mode. This parameter is optional. If it is not included then ANONYMOUS node is taken as the From node. |
To |
Specify the name of the node that will receive the message. This parameter must be set to the default local node, which is PSFT_PA for PeopleSoft Applications Portal. The default user ID of this node does not influence the search results. This parameter is optional if you specified a default target node using the default application server Jolt connect string properties in the integrationGateway.properties file. |
Portal |
Specify the portal name into which the search is to be performed. If this parameter is empty or invalid an error message is returned. |
Node |
Specify the node that hosts the content. If this parameter is empty or invalid an error message is returned. |
Operation |
Specify the Integration Broker service operation name, which for Oracle SES search is set to EPPSR_SES_SRCH. If this parameter is empty an Integration Broker gateway error is thrown. |
IndexGroup |
Specify the search index group. If this parameter is empty or invalid, an error message is returned. Oracle SES search is enabled for the following delivered search index groups. One of these Index group names must be passed as a value for the IndexGroup parameter:
|
Debug |
Set Debug to Y to obtain detailed error information. This parameter is optional. By default detailed error information is disabled. |
SearchText |
The search string is case insensitive. While searching, this is converted into uppercase. If this parameter is empty, then the search is not performed. |
URL Query String Examples
URL examples with a From node and the debug flag:
http://PTDMO-099.us.oracle.com:8980/PSIGW/HttpListeningConnector/?authenticate=⇒ n&From=SES&To=PSFT_PA&Portal=EMPLOYEE&Node=EMPL&Operation=⇒ EPPSR_SES_SRCH.v1&indexgroup=PAPP_PORTAL_SEARCH&debug=y&SearchText=dictionary
URL example with a From node and the Debug flag
http://PTDMO-099.us.oracle.com:8980/PSIGW/HttpListeningConnector/?authenticate=⇒ n&To=PSFT_PA&Portal=EMPLOYEE&Node=EMPL&Operation=EPPSR_SES_SRCH.v1&indexgroup=⇒ PAPP_PORTAL_SEARCH&SearchText=dictionary