Implementing Single Signon Functionality

This section provides an overview of single signon functionality and discusses how to sign in to a non-default portal.

PeopleSoft PeopleTools supports single signon functionality for use with the PeopleSoft Pure Internet Architecture. Within the context of your PeopleSoft system, single signon means that after a user has been authenticated by one PeopleSoft application server, that user can access additional PeopleSoft application servers without entering a user ID or password. Although the user is actually accessing a different application server and database, the user navigates seamlessly through the system.

The single signon authentication service is shared by all PeopleTools web services and involves these steps:

  1. The first application server (node) checks the HTTP request for a PeopleSoft authentication cookie.

  2. If an authentication cookie is not found, then the server returns a language-specific sign-in page.

  3. The user completes the sign-in page, entering a user ID and password.

  4. The server authenticates the user based on the user ID and password.

  5. A web browser cookie stores a unique access token for the user after the initial authentication.

  6. An httpSession object is created for the newly authenticated session.

  7. When the user connects to another PeopleSoft application server (node), the second application server uses the token in the browser cookie to reauthenticate the user without an additional sign-in process.

Because the portal integrates content from various data sources and application servers into a unified interface, you need to configure single signon functionality before deploying the portal. Users sign in once and then can navigate freely without encountering numerous sign-in pages.

However, when frame-based content is accessed across different machines, single signon functionality does not work when you access content on another web server. If the web servers are on the same internet domain, such as .corp.example.com, single signon functionality remains effective and a sign-in page does not appear.

To sign in to a portal other than the default, use a URL such as: http://portalserver/psp/ps/MY_PORTAL?cmd=login.

To create a sign-in page that signs in to a non-default portal, change signon.html like this:

<meta HTTP-EQUIV='Refresh' CONTENT='1; URL=../psp/ps/MY_PORTAL/?cmd=login'>

If you are a portal administrator and want to sign in to a database to work with PeopleTools-specific menus, replace the existing portal name with the site template name in the URL to make sure that you are administering your local PeopleTools menu and not inadvertently altering the database. Replace this:

http://../psp/ps/EMPLOYEE/

Instead, use this:

http://../psp/ps/PS_SITETEMPLATE