Skip to Main Content
Return to Navigation

Configuring Web Profiles

This section provides an overview of web profiles and discusses how to:

Important! The PeopleSoft portal configuration environment has moved to a PeopleSoft Pure Internet Architecture interface, the web profile. Web profiles are discussed in this topic. A complete listing that maps PeopleTools release 8.43 and earlier portal settings to current web profile settings is documented in an appendix.

Understanding Web Profiles

A web profile is a specific configuration of portal-related properties that control or affect the functionality of your PeopleTools portal. These predefined web profiles provide several configurations for use with your PeopleTools portal:

  • DEV

    This web profile provides basic portal functionality for development, including trace and debug settings that are appropriate for development.

    Important! Never run your production system with the DEV web profile. This profile is for development environments and is not tuned for performance.

  • KIOSK

    This web profile uses the same settings as the PROD web profile, except that public user access is enabled for the Guest user, and all options for storing caching or persistent cookies on the browser are disabled.

  • PROD

    This web profile uses the settings that are most commonly needed in a production environment that authenticates users.

  • TEST

    This web profile uses the same settings as the DEV web profile, except that fewer trace and debug properties are enabled.

Additional web profiles might be included as part of PeopleSoft Interaction Hub or an application portal pack.

You can modify the property settings of any web profile via the Web Profile Configuration component, which includes pages for these types of properties:

  • General

  • Portal security

  • Virtual addressing

  • Cookie rules

  • Caching

  • Trace and debug options

  • Appearance and character

  • Custom properties.

Specifying an Initial Web Profile

As you perform the PeopleSoft Pure Internet Architecture setup procedure for your system, you're prompted to specify which web profile to apply to your portal. You're also prompted for an existing user ID and password. This information is saved in encrypted form which the portal servlet can use to gain secure access to the web profile.

The default web profile is PROD.

The default web profile user ID and password are both PTWEBSERVER.

The PTWEBSERVER account provides the portal servlet with minimal security access, sufficient only to launch the portal environment, but without access to any pages or other PeopleSoft Pure Internet Architecture objects. This account uses the PTPT1500 permission list, which is set to never time out, and provides necessary access 24 hours a day, seven days a week.

Note: Your PeopleSoft application might be delivered with the account that you specify here locked. You must unlock it before you can access and configure the web profile, or you will receive an error message about incorrect site configuration on the sign-in page.

You can unlock the web profile account by deselecting the Account Locked Out check box on the User Profile - General page. You can alternatively issue the following SQL command against your database (this example uses the PTWEBSERVER account):

update PSOPRDEFN set ACCTLOCK=0 where OPRID='PTWEBSERVER'

See Setting General User Profile Attributes.

You can specify any of the delivered profiles, or you can enter a different profile name. In that case, the portal is set up to use a profile by that name. If a profile by the name that you specify doesn't exist in the database, internal default settings are used until you sign in to the portal and create a profile with that name. The portal then automatically configures itself according to those settings.

As long as no profile exists by the name that you specified during the PeopleSoft Pure Internet Architecture setup, the internal default settings remain in effect, which is indicated on the site sign-in page. When the site is in this mode, every browser request triggers an attempt to load the named profile. Therefore, you shouldn't use the site for extended periods like this.

Once you complete the PeopleSoft Pure Internet Architecture setup, you can then use the Web Profile Configuration component to modify the properties to reflect your settings.

Note: The default internal settings are not the same as the DEV profile. Don't modify any of the delivered profiles so that you always have access to unmodified reference versions. You can make a copy of any profile and modify it, or you can define a new profile instead.

Copying and Deleting Web Profiles

To copy a web profile:

  1. Selectselect PeopleTools, then select Web Profile, then select Copy Web Profile.

  2. Enter or select a web profile name.

  3. On the Web Profile Save As page, enter a new name for the web profile in the To edit box.

To delete a web profile:

  1. Select select PeopleTools, then select Web Profile, then select Delete Web Profile.

  2. Enter or select a web profile name.

  3. On the Delete Web Profile page, click Delete Web Profile.

Changing the Web Profile After the PeopleSoft Pure Internet Architecture Setup

After the PeopleSoft Pure Internet Architecture setup, to select a different web profile, you must edit the text file that stores this information, called configuration.properties. Each PeopleSoft portal that you set up has its own copy of configuration.properties, located in this directory:

PIA_HOME\webserv\web_server\applications\peoplesoft\PORTAL\WEB-INF\psftdocs\sitename

The configuration.properties file includes these properties:

  • WebProfile

    Change the value of this property to the name of the web profile that you want to apply to the portal, for example, WebProfile=MYPROFILE.

  • WebUserId and WebPassword

    Change these values to specify a different user ID and password for the portal servlet to use to access the web profile. You must encrypt the password by using PSCipher.

    To encrypt the user ID or password:

    1. Run the PSCipher.bat file:

      See Using PSCipher to Encrypt Text,PeopleTools 8.53: Security Administration

      Note: On a UNIX machine, change the PSCipher.sh script file permissions so that you can run the program.

    2. Copy the encrypted string and paste it into the configuration.properties file replacing the existing value, for example:

      WebPassword=VOBN5KcQZMg=

      Important! Make sure that the entire encrypted string, (including all symbol characters), is copied.

After you save the configuration.properties file, restart your web server and the new profile takes effect.

Configuring General Portal Properties

Access the Web Profile Configuration page. (Select select PeopleTools, then select Web Profile, then select Web Profile Configuration).

Image: Web Profile Configuration - General page

This example illustrates the fields and controls on the Web Profile Configuration - General page. You can find definitions for the fields and controls later on this page.

Web Profile Configuration - General page

See Viewing Web Profile History, Understanding the Authentication Domain, Configuring Caching, Configuring Virtual Addressing, and Working with Performance Monitor Web Profile Properties, Setting Internet Properties, and Using the Pagebar.

See the PeopleTools 8.53 installation guide for your database platform.

Reports

Configuring Portal Security

Access the Web Profile Configuration page. (Select select PeopleTools, then select Web Profile, then select Web Profile Configuration. Select the Security tab.)

Image: Web Profile Configuration - Security page

This example illustrates the fields and controls on the Web Profile Configuration - Security page. You can find definitions for the fields and controls later on this page.

sm_WebProfileConfigurationSecurityPage7e9f_tprt4d87

SSL (Secure Sockets Layer)

Authenticated Users

When single signon has been set up, the portal web server and any content provider web servers should have the same values for the following fields:

  • Inactivity Warning

  • Inactivity Logout

  • HTTP Session Inactivity

See Setting General Permissions.

Public Users

Public users are PeopleSoft application users who are not required to go through a PeopleSoft sign in page. As a result, public users are neither identified nor authenticated by their own user ID and password. Public users also are not forwarded to the sign in page after any period of inactivity.

Because they access sites without credentials, public users should be limited to informational websites where sensitive data is not accessible.

You should enable public user access under these conditions:

  • When you provide users with direct links to nonsecure pages.

    Note: If a user clicks a direct link that accesses a page for which the public user ID is not authorized, the system displays the sign-in page prompting the user to supply her PeopleSoft credentials.

  • When you use an external authentication method.

    Important! If you are using an external authentication method in conjunction with the PeopleCode SwitchUser function, then the Inactivity Warning and Inactivity Logout values specified for authenticated users are restored.

    See SwitchUser.

  • When you want crawlers to search your PeopleSoft site and need to provide access to the portal.

Web Server Jolt Settings

XML Link

Configuring Virtual Addressing

Access the Web Profile Configuration page. (Select select PeopleTools, then select Web Profile, then select Web Profile Configuration. Select the Virtual Addressing tab.)

Image: Web Profile Configuration - Virtual Addressing page

This example illustrates the fields and controls on the Web Profile Configuration - Virtual Addressing page. You can find definitions for the fields and controls later on this page.

sm_WebProfileConfigurationVirtualAddressingPage7e9e_tprt4f5d

Default Addressing

Reverse Proxy Server List

Use this grid to specify the reverse proxy servers through which the portal can expect to retrieve content. External content that is retrieved from these sources and contains relative references is rewritten by the portal to contain relative references instead of absolute references to preserve reverse proxy server requirements.

For each reverse proxy server on the list, you specify:

  • The protocol to use.

  • The server's host or machine name.

  • The server's HTTP port number.

  • The server's HTTPS port number.

Configuring Cookie Rules

Access the Web Profile Configuration page. (Select select PeopleTools, then select Web Profile, then select Web Profile Configuration. Select the Cookie Rules tab.)

Image: Web Profile Configuration - Cookie Rules page

This example illustrates the fields and controls on the Web Profile Configuration - Cookie Rules page. You can find definitions for the fields and controls later on this page.

sm_WebProfileConfigurationCookieRulesPage7e9d_tprt4ff6

This page defines rules that determine how the portal passes cookies to servers in the same domain.

Oracle WebLogic and IBM WebSphere web servers use browser cookies (containing the server path and domain) to establish session identity. These cookies have a default name that's used to retrieve the cookie on each request to the web server. In an environment in which multiple web servers are in use with the portal, you need to define unique session cookie names between web servers to prevent one cookie from overwriting another cookie of the same name set by a different web server. The path or domain of the cookie must be different to prevent overwriting.

Note: Use the first three fields to specify patterns to match, where the asterisk ( * ) is treated as a wildcard, matching zero or more characters.

The portal knows its own domain (from the authentication domain), and the first default rule instructs it to pass portal servlet cookies to any server in the same domain, over both secure and insecure connections. All other cookies can continue to be passed to any server on any domain.

This table shows how cookie names are set in WebSphere for the Portal and pspc (PeopleSoft Portlet Container) web modules:

WAR Name

WebSphere Session Cookie Name

Portal

%MACHINE_NAME%-%WEB_SERVER_HTTP_PORT%-PORTAL-WASPSJSESSIONID

pspc

%MACHINE_NAME%-%WEB_SERVER_HTTP_PORT%-PORTLET-WASPSJSESSIONID

Configuring Caching

Access the Web Profile Configuration page. (Select select PeopleTools, then select Web Profile, then select Web Profile Configuration. Select the Caching tab.)

Image: Web Profile Configuration - Caching page

This example illustrates the fields and controls on the Web Profile Configuration - Caching page. You can find definitions for the fields and controls later on this page.

sm_WebProfileConfigurationCachingPage7e9c_tprt509e

On the Browser

See Implementing Homepage Caching, Implementing PeopleSoft Page Caching.

Browsers

Use this grid to identify the browsers that you don't want to cache the homepage. For each browser make, model, and version, supply the identifying user agent ID and deselect the Cache Home Page check box. To re-enable caching for a listed browser, select the browser's Cache Home Page check box.

Any browser that is not listed caches the homepage if the global Cache Homepage check box is selected.

Note: If the global Cache Homepage check box is deselected, you can't enable homepage caching for individual browsers.

See Implementing Homepage Caching.

On the Web Server

See Implementing Target Content Caching, Implementing Metadata Caching, Implementing Proxied JavaScript Caching, Administering Web Server-Based Navigation Caching.

Directories

Recent Search Results

See Setting Record Field Use Properties.

Configuring Trace and Debug Options

Access the Web Profile Configuration page. (Select select PeopleTools, then select Web Profile, then select Web Profile Configuration. Select the Debugging tab.)

Image: Web Profile Configuration - Debugging page

This example illustrates the fields and controls on the Web Profile Configuration - Debugging page. You can find definitions for the fields and controls later on this page.

Web Profile - Debugging page

See Configuring Custom Properties and Working with Performance Monitor Web Profile Properties.

Configuring Appearance and Character

Access the Web Profile Configuration page. (Select select PeopleTools, then select Web Profile, then select Web Profile Configuration. Select the Look and Feel tab.)

Image: Web Profile Configuration - Look and Feel page

This example illustrates the fields and controls on the Web Profile Configuration - Look and Feel page. You can find definitions for the fields and controls later on this page.

sm_WebProfileConfigurationLookAndFeelPage7e9a_tprt532e

Start Page

Expire Page

See Configuring Portal Security, Configuring Caching.

Error Pages

Because your PeopleSoft portal can aggregate its content from many different sources, errors can occur for a variety of reasons. An error may occur if:

  • A content server is down.

  • An invalid URL is specified.

  • A portal node from which content is being requested is inactive.

  • A portal node fails to deliver requested content within the time-out interval that you specify by using the PSTIMEOUT content reference attribute.

See Configuring Pagelet Time-out Settings.

For practical purposes, all of these reasons result in the requested content being unavailable.

The values that you specify for the pagelet error page, portal target error page, and portal detail error page are the names of HTML pages that present customizable, translatable error messages. The default pages are delivered with the PeopleSoft system and provide useful error messages without any modification.

You can use the delivered error pages, modify them, or create your own. You can choose additional error message information to be displayed by using bind-type variables of two types in your error pages:

  • Numeric message variables

    These map to strings that are predefined in the following file:

    PIA_HOME\webserv\peoplesoft\applications\peoplesoft\PORTAL\WEB-INF\psftdocs\sitename\text.properties

    For example, the numeric variable 5006 maps to the phrase “The portal was unable to retrieve the page you are looking for.”

  • Session variables

    These map to system information that depends on the current page and activity.

    Session variables have values that are dynamically resolved by the portal engine at runtime. Available session variables include:

    • ErrorTitle

    • ErrorDescription

    • ErrorURL

    • AccessedURL

    • OriginalURL

    • TargetPage

    • StackTrace

    • DetailError

      DetailError is the name of the page that is specified by the Portal Detail Error Page field. This can be used to specify a link target.

To invoke a numeric or session variable, you insert it between the strings <%= and %> in your HTML. For example: <%=5009%> or <%=ErrorDescription%>. Examine the delivered error pages for examples of how to use the numeric and session variables within your HTML.

Other Pages

See Configuring General Portal Properties.

Signon/Logout Pages

Password

(Optional) Language Support

Specify additional mappings from International Organization for Standardization (ISO) locale codes to PeopleSoft language codes, using one line per entry.

The PeopleSoft system uses proprietary codes to represent user languages, and the PeopleSoft Pure Internet Architecture sign-in page appears in the PeopleSoft language corresponding to the user's browser language setting (an ISO locale code). This field enables you to provide mappings from additional ISO locale codes to PeopleSoft language codes to support a wider range of browser-specific language settings.

For example, the entry zh_HK=ZHT maps the ISO locale code zh_HK (Hong Kong Chinese) to the PeopleSoft language code ZHT (traditional Chinese) so that traditional Chinese is the default sign-in language for browsers with the preferred language set to Hong Kong Chinese.

Your PeopleSoft application is delivered with default mappings, shown on the Manage Installed Languages page. The default mappings don't require entries in this field.

Configuring Custom Properties

Access the Web Profile Configuration page. (Select select PeopleTools, then select Web Profile, then select Web Profile Configuration. Select the Custom Properties tab.)

Image: Web Profile Configuration - Custom Properties page

This example illustrates the fields and controls on the Web Profile Configuration - Custom Properties page. You can find definitions for the fields and controls later on this page.

sm_WebProfileConfigurationCustomPropertiesPage7e99_tprt552c

This page enables the use of web profile properties that have been added since the current release of PeopleTools was shipped, or that are needed only for backward compatibility. For each property, you enter the property name, select its validation type, and provide the appropriate property value. The validation type ensures that the property value that you enter is the correct format. The currently available custom properties are:

AJAXConsole

This property, although not displayed, enables you to launch an interface for viewing diagnostic information related to AJAX parameters that are required by PeopleSoft support personnel, who will provide you with the correct values when necessary.

attachmentExtraWindow

This property enables you to prevent the appearance of a message window when Internet Explorer is used to view certain types of attachments (such as *.doc files) that are not directly displayed by the browser but are instead displayed by the application associated with files of that type. This message window requires explicit user action to dismiss it. However, when Internet Explorer’s “Automatic prompting for file downloads” property is set to Disable for the Internet Explorer security zone being used, this message window provides the user with an opportunity (via Internet Explorer’s Information Bar) to permit the download of such an attachment to complete rather than having that download silently blocked. The property takes a value of 2 to prevent the appearance of the window. All other values used for this property will allow the appearance of this window.

Note: Therefore, if you set the property value to 2 and use the default Internet Explorer settings, some file attachments won’t work.

auditPWD

This property enables certain debug and control settings that are required by PeopleSoft support personnel, who will provide you with the correct values when necessary. Never set this property in a production environment unless directed to do so.

checkForDuplicateCookies

Duplicate cookies occur when all of the following are true:

  • You have two PeopleSoft applications installed for which you have not implemented single signon functionality.

  • The authentication domain that you specify for one application's web server is a subset of the authentication domain that you specify for the other, such as .mycompany.com and .user.mycompany.com.

  • A user attempts to sign in to both applications simultaneously from the same browser.

When these conditions are met, the browser presents multiple cookies to each application, which produces unpredictable browser behavior, such as displaying the sign-in page or a page expiration message.

For this property, specify a validation type of Boolean and enter one of these property values:

True: The portal checks for sets of duplicate cookies. When a duplicate is found, the user is taken back to the sign-in page with this message: “Your browser sent multiple sets of cookies.” You can change the text of this message by editing number 107 in the errors.properties file of the portal site.

False: The portal doesn't check for sets of duplicate cookies. This is the default setting, which applies when this property isn't specified.

To avoid this issue altogether with applications that don't use single signon functionality, make sure that you specify authentication domains that aren't subsets of each other, such as .user.mycompany.com and .corp.mycompany.com.

EnableAutocomplete

This property, although not displayed, enables AJAX features associated with autocomplete. For this property, specify a validation type of Boolean and enter False as the property value to disable autocomplete at the system level.

Note: If this property is not set to false, you can control autocomplete through personalizations.

mutualAuth

This property, although not displayed, controls whether your environment is set up for mutual authentication. The default value is True.

Note: If you are using Lightweight Directory Access Protocol (LDAP) authentication, you must use the default setting.

If you are not using LDAP authentication, a Java exception error caused by a failure to retrieve a certificate property may appear in your webserver log. If this occurs, you must change this value to False to disable the authentication from trying to retrieve the certificate property.

PPMConsole

This property, although not displayed, enables you to launch an interface for viewing diagnostic information related to agents and PPMI clients. The default value is False.

noDefaultSignon ForWorkflow

Use the Web Profile Custom Property, noDefaultSignonForWorkflow, to control whether a user sees the default signon page after clicking a workflow link. When noDefaultSignonForWorkflow is set to true, the system disables Public Access for workflow notification URLs. By default, noDefaultSignonForWorkflow is set to False. See the following table for information related to the behavior of this setting.

Note: This property applies to worklist URLs, not all workflow URLs. Only the URLs that contain a /w/ use this property.

unauthSessionInterval

Use the Web Profile Custom Property to set session time-out (in seconds) during the authentication process. The default value is 120 seconds.

The purpose is to limit the effectiveness of DOS attacks on failed authentications. To determine the proper time for this property, check the time in seconds that it takes to send an HTTP(S) request from the browser to the web server and multiply the result by 2.

This table describes the behavior of the system based on the noDefaultSignonForWorkflow setting.

Configuration

User Session

User Action

System Behavior

Public user access (default signon) is enabled and the custom web property “noDefaultSignonForWorkflow” is set to true.

The user has no session with the system.

The user clicks a workflow notification URL in the email.

The system displays the sign-in page to the user. Once the user signs in to the system with a valid user ID and password, the system takes the user to the workflow notification based on the user profile privileges.

Public user access (default signon) is enabled and the custom web property “noDefaultSignonForWorkflow” is set to true.

The user already holds a valid session with the system through the public access.

The user clicks a workflow notification URL in the email.

Because the user already has a valid session, the system takes the user to the workflow notification. If the public access user profile does not have workflow privileges, the system displays an authorization failure page to the user.

Public user access (default signon) is enabled and the custom web property “noDefaultSignonForWorkflow” is set to true.

The user is already signed in to the system with a valid user ID and password (other than default sign-in)

The user clicks a workflow notification URL in the email.

The system takes the user to the workflow notification based on the user profile privileges.

When the public user access (default signon) is enabled and the custom web property “noDefaultSignonForWorkflow” is set to false.

Any

Any

The system behaves as configured.

When the public user access (default signon) is disabled and the custom web property “noDefaultSignonForWorkflow” is set to false/true.

Any

Any

The system behaves as configured.

Note: If the public user does not have workflow privileges, then close the existing public user session (browser) before clicking the workflow link.

See PeopleSoft Sign In and Viewing Monitor Servlet Diagnostics.

Viewing Web Profile History

Access the Web Profile History page. (Select select PeopleTools, then select Web Profile, then select Web Profile History.)

Image: Web Profile History page

This example illustrates the fields and controls on the Web Profile History page.

sm_WebProfileHistoryPage7e98_tprt55e5

Use this page to review the current portal attributes of a web server, website, and web profile, including the web server's HTTP and HTTPS listen ports, the web profile that was last loaded, and the current HTTP session's cookie name and authentication domain.

In addition, the Properties field displays the relevant settings of the web server instance at the time it was loaded by the portal.