Configuring Web Profiles
This section provides an overview of web profiles and discusses how to configure web profiles.
A web profile is a specific configuration of portal-related properties that control or affect the functionality of your PeopleTools portal. These predefined web profiles provide several configurations for use with your PeopleTools portal:
DEV
This web profile provides basic portal functionality for development, including trace and debug settings that are appropriate for development.
Important! Never run your production system with the DEV web profile. This profile is for development environments and is not tuned for performance.
KIOSK
This web profile uses the same settings as the PROD web profile, except that public user access is enabled for the Guest user, and all options for storing caching or persistent cookies on the browser are disabled.
PROD
This web profile uses the settings that are most commonly needed in a production environment that authenticates users.
TEST
This web profile uses the same settings as the DEV web profile, except that fewer trace and debug properties are enabled.
Additional web profiles might be included as part of PeopleSoft Interaction Hub or an application portal pack.
You can modify the property settings of any web profile via the Web Profile Configuration component, which includes pages for these types of properties:
General
Portal security
Virtual addressing
Cookie rules
Caching
Trace and debug options
Appearance and character
Custom properties.
Specifying an Initial Web Profile
As you perform the PeopleSoft Pure Internet Architecture setup procedure for your system, you're prompted to specify which web profile to apply to your portal. You're also prompted for an existing user ID and password. This information is saved in encrypted form which the portal servlet can use to gain secure access to the web profile.
The default web profile is PROD. The default web profile user ID is PTWEBSERVER; the password is set during product installation.
The PTWEBSERVER account provides the portal servlet with minimal security access, sufficient only to launch the portal environment, but without access to any pages or other PeopleSoft Pure Internet Architecture objects. This account uses the PTPT1500 permission list, which is set to never time out, and provides necessary access 24 hours a day, seven days a week.
Note: Your PeopleSoft application might be delivered with the account that you specify here locked. You must unlock it before you can access and configure the web profile, or you will receive an error message about incorrect site configuration on the sign-in page.
You can unlock the web profile account by deselecting the Account Locked Out check box on the User Profile - General page. You can alternatively issue the following SQL command against your database (this example uses the PTWEBSERVER account):
update PSOPRDEFN set ACCTLOCK=0
where OPRID='PTWEBSERVER'
See Setting General User Profile Attributes.
You can specify any of the delivered profiles, or you can enter a different profile name. In that case, the portal is set up to use a profile by that name. If a profile by the name that you specify doesn't exist in the database, internal default settings are used until you sign in to the portal and create a profile with that name. The portal then automatically configures itself according to those settings.
As long as no profile exists by the name that you specified during the PeopleSoft Pure Internet Architecture setup, the internal default settings remain in effect, which is indicated on the site sign-in page. When the site is in this mode, every browser request triggers an attempt to load the named profile. Therefore, you shouldn't use the site for extended periods like this.
Once you complete the PeopleSoft Pure Internet Architecture setup, you can then use the Web Profile Configuration component to modify the properties to reflect your settings.
Note: The default internal settings are not the same as the DEV profile. Don't modify any of the delivered profiles so that you always have access to unmodified reference versions. You can make a copy of any profile and modify it, or you can define a new profile instead.
Copying and Deleting Web Profiles
To copy a web profile:
Select
Enter or select a web profile name.
On the Web Profile Save As page, enter a new name for the web profile in the To edit box.
To delete a web profile:
Select
Enter or select a web profile name.
On the Delete Web Profile page, click Delete Web Profile.
Changing the Web Profile After the PeopleSoft Pure Internet Architecture Setup
After the PeopleSoft Pure Internet Architecture setup, to select a different web profile, you must edit the text file that stores this information, called configuration.properties. Each PeopleSoft portal that you set up has its own copy of configuration.properties, located in this directory:
PS_CFG_HOME\webserv\web_server\applications\peoplesoft\PORTAL\WEB-INF\psftdocs\sitename
The configuration.properties file includes these properties:
WebProfile
Change the value of this property to the name of the web profile that you want to apply to the portal, for example, WebProfile=MYPROFILE.
WebUserId and WebPassword
Change these values to specify a different user ID and password for the portal servlet to use to access the web profile. You must encrypt the password by using PSCipher.
To encrypt the user ID or password:
Run the PSCipher.bat file:
See Using the PSCipher Utility.
Note: On a UNIX machine, change the PSCipher.sh script file permissions so that you can run the program.
Copy the encrypted string and paste it into the configuration.properties file replacing the existing value, for example:
WebPassword=encrypted_password
Important! Make sure that the entire encrypted string, (including all symbol characters), is copied.
After you save the configuration.properties file, restart your web server and the new profile takes effect.
Alternatively, you can use psadmin to specify the web profile that is used. You must restart your web server for the new profile to take effect. For more information about using psadmin, see Administering a PIA Site
Access the Web Profile Configuration page. (Select ).
Image: Web Profile Configuration - General page
This example illustrates the fields and controls on the Web Profile Configuration - General page. You can find definitions for the fields and controls later on this page.
|
Field or Control |
Definition |
|---|---|
| Save As |
Click to save a copy of the current web profile under a new name. On the Save Web Profile As page, enter a new profile name and click OK. Use this button to modify one of the profiles that is delivered with your PeopleSoft application. |
| View History |
Click to access the Web Profile History search page in a new browser window. |
| Authentication Domain |
Enter the name of the extended authentication domain in which the portal is running, starting with a leading period. This value overrides, but must be compatible with, the base-level authentication domain. For example, if you entered .example.com during the PeopleSoft Pure Internet Architecture setup, only values such as .us.example.com and .fr.example.com are valid. An authentication domain is required for a variety of portal functions. For example, if a cookie is shared on web servers srv1.example.com and srv2.example.com, you must specify an authentication domain of .example.com. This field requires a value if you specified a default addressing server name on the Web Profile Configuration - Virtual Addressing page. You must qualify that server name with this domain name. The default value of the authentication domain is the one that you specified during the PeopleSoft Pure Internet Architecture setup. That value is stored as the web server session cookie domain and kept in an internal web server file. For Oracle WebLogic, that file is weblogic.xml. The preferred method for changing that value is to rerun the website setup. Note: The value that you enter in this field is automatically converted to lowercase. Note: You must enter your authentication domain to enable all functionality associated with PeopleSoft Related Content Framework. |
| Help URL |
Specify the URL that points to an installation of PeopleSoft online help. When users click the Help link, the appropriate context-sensitive PeopleSoft documentation is displayed. To remove the Help link from all application pages, omit this value. You can point to either an installation on Oracle’s hosted documentation website or to a local installation of PeopleSoft online help:
Note: This setting applies only to the Help link displayed on PeopleSoft pages accessed through a browser. Use the PeopleTools Options page to configure F1 help for Application Designer and other Windows client applications. See PeopleTools Options for more information. |
| Compress Responses |
Select to enable compression in the communication between the web server and the browser. Gzip and Compress protocols are supported. This check box is selected by default. |
| Compress Response References |
Select to enable compression of cache files that are delivered from the web server to the user's browser. Only cache files with the Multipurpose Internet Mail Extensions (MIME) types that are specified in the Compress MIME Types text box are compressed. Gzip and compress protocols are supported. This check box is deselected by default. |
| Compress MIME Types |
Specify the MIME types of the cache files to be compressed as a comma-separated string. This field is available only if you selected the Compress Response References check box. The default value is application/x-javascript,text/javascript,text/css,text/html. |
| Compress Query |
This property applies to browser requests in which the content type section of the URL is /q/, indicating a query. Select to enable compression of query responses to the browser. This check box is selected by default. |
| Save Confirmation Display Time |
Specify in milliseconds how long the save confirmation image should appear for the user if the save confirm personalization option is enabled. The default value is 3000 milliseconds (3 seconds). |
| Enable Processing Message |
Select to enable processing notification while the system processes a request. This check box is selected by default. |
| Enable New Window |
Enables or disables the New Window link in the pagebar site wide:
This check box is selected by default. |
| Enable Print |
Enables or disables the Print link in the pagebar site wide:
This check box is deselected by default. |
| Enable PPM Agent (enable PeopleSoft Performance Monitor agent) |
Select to activate the PeopleSoft Performance Monitor agent for this portal. The performance monitoring system has agents and monitors. An agent captures units of data (PMUs), and a monitor views and analyzes agent flows. This check box controls whether the agent is active on sites that use this profile. This check box is selected by default. |
| PPM Monitor Buffer Size (PeopleSoft Performance Monitor buffer size) |
Specify the maximum size, in kilobytes (KB), of the Monitor Server buffer. Data is discarded once this limit is reached. This field is available only when Enable PPM Agent is selected. The default value is 51200 KB (50 megabytes). |
| Single Thread Netscape |
Select to indicate that requests from a Netscape browser should be single-threaded to prevent crashes. Older versions of Netscape browsers had problems with multithreading responses and would crash. Select this check box if your users are using older versions of Netscape browsers and are experiencing browser crashes. This check box is deselected by default. When selected, the Single Thread Delay option appears. |
| Single Thread Delay |
Specify a delay, in milliseconds, for single-threaded Netscape requests. This field is available only when Single Thread Netscape is selected. The default value is 1000 milliseconds (one second). |
| Non-standard Base Path |
In the rare circumstance that you receive an error message that the base physical path has not been set, you must enter the location of the directory that contains the signon.html file for your application. This field is blank by default. |
See Viewing Web Profile History, Understanding the Authentication Domain, Configuring Caching, Configuring Virtual Addressing, and Working with Performance Monitor Web Profile Properties, Setting Internet Properties, and Using the Pagebar.
See PeopleSoft 9.2 Application Installation for your database platform.
Reports
|
Field or Control |
Definition |
|---|---|
| Enable Report Repository |
Select to enable users to view the report repository. When this check box is deselected, no report files can be viewed by users. This check box is selected by default. |
| Report Repository Path |
(Optional) Specify a drive and directory path to indicate where the site that is served by this web profile should look for generated reports. This value overrides the location that is specified during the PeopleSoft Pure Internet Architecture setup; you can leave this field blank to use the original value. Note: Changing the report repository path prevents you from viewing existing reports unless the old subdirectory structure is moved to the new location. Be careful when editing this field. Note: (For Microsoft Windows only) If the report repository resides on a different machine from the web server, specify the report repository path in UNC format instead of mapped drive format. For example, if the report repository is on MachineX in folderY, the Report Repository Path should be specified as: //MachineX/folderY/psreports or \\\\MachineX\\folderY\\psreports If MachineX/folderY is mapped to the Y: drive, do not specify the Report Repository Path as Y:\psreports. |
| Compress Report Output |
Specify how reports should be compressed: All Browsers: Reports are always compressed. This is the default value. Exclude Netscape: Reports are compressed, except for users who are using Netscape Navigator. Do Not Compress: Reports are never compressed. |
Access the Web Profile Configuration page. (Select Select the Security tab.)
Image: Web Profile Configuration - Security page
This example illustrates the fields and controls on the Web Profile Configuration - Security page. You can find definitions for the fields and controls later on this page.
|
Field or Control |
Definition |
|---|---|
| Days to Autofill User ID |
If this field is populated, the system caches the user ID and automatically inserts it on the sign-in page. This a convenience for users. This feature is implemented through the use of a stored cookie on the browser. The default value is 7 days. Specify a value of 0 to disable this feature. Use 0 in a public area or kiosk situation, or if your security policy doesn't allow cookies stored on the browser. |
| View File Time to Live |
Specify, in seconds, how long the portal should wait after sending a file attachment to a user's browser before removing that file from the web server storage. If this value is 0, then the amount of time that the file remains on the web server is always greater than or equal to one minute. The specific amount of time beyond one minute depends on the size of the file. If the value is greater than 0, then the amount of time that the file remains on the web server depends, approximately, only on the value of that property in seconds. The default value is 0. |
| PIA use HTTP Same Server (PeopleSoft Pure Internet Architecture use HTTP same server) |
Select to specify that the portal should use the HTTP protocol instead of HTTPS for requests that are issued by the portal for content that is hosted on the same server as the portal servlet. Setting this property is necessary when the portal web server is behind an SSL accelerator or when SSL is terminated on a device in front of the portal web server, such as a reverse proxy server, or between different sites that are on the same web server. You can also use this property to improve the performance of homepage pagelets that are provided by the PeopleSoft Pure Internet Architecture servlet that run on the same web server as the portal, and from which the web server receives SSL requests. That is, SSL has not been terminated by a device in front of the web server. You must also specify the default addressing protocol and port on the Web Profile Configuration - Virtual Addressing page. |
| Allow Unregistered Content |
Select to instruct the portal to serve both registered and unregistered content. The portal generally allows any external content links to be wrapped with the portal header and navigation frames. Deselecting this option prevents content references from being displayed in the portal unless they are explicitly registered. This check box is not selected by default. Note: If Allow Unregistered Content is not selected, the portal won't wrap a content link if it is not registered in the portal registry or if it isn't coming from a registered node. The portal checks whether the content link is from a registered node by checking whether the content link starts with the URI specified in the Content URI Text or the Portal URI Text in the Node Definition page, on the Portal tab. For security purposes, the portal checks only against the Content URI Text and Portal URI Text if it contains text that is longer than 12 characters. |
SSL (Secure Sockets Layer)
|
Field or Control |
Definition |
|---|---|
| Secured Access Only |
Select to enforce SSL if the entire website requires the SSL protocol. This prevents users from using non-SSL protocols to access any link within this website or application. If only some pages require SSL access, deselect this check box (the default setting). |
| Secure Cookie with SSL |
Select to prevent the single sign on token from traveling over an insecure network. If you select this check box and the scheme of the current request is HTTPS (an SSL server), the system sets the secure attribute of the single sign on cookie (PS_TOKEN) to True. PeopleSoft single sign on functionality also applies at the web server level. For example, suppose that you have two web servers: server X and server Y. Web server X is an SSL site, and web server Y is not. In these situations, many sites want server Y to trust the authentication token, PS_TOKEN, issued by server X. This requires that you set the PS_TOKEN to be secure. If the PS_TOKEN is not secure, when a user signs in through server Y, the browser sends PS_TOKEN to server Y over the unencrypted, non-SSL link. This is typical behavior for browsers when dealing with cookies that aren't secure. Potentially, in this situation, a hacker could obtain this token from the clear network and use it to sign in to the SSL-secure server X. Another important use of this property relates specifically to the PeopleSoft portal. When the portal uses a proxy server to relay content with an HTML template, it should forward only PS_TOKEN cookies that are marked secure over SSL connections. Note: By selecting this check box, you effectively disable single sign on functionality with any non-SSL servers. If, at your site, you want users to sign in to an HTTPS server, and then want to use single signon functionality with HTTP servers, deselect this check box to enable single signon functionality between HTTPS and HTTP servers. Note: Before you deselect this check box, make sure that you are aware of all the security implications, such as the security of the HTTPS server being compromised. This check box is selected by default. |
Authenticated Users
When single signon has been set up, the portal web server and any content provider web servers should have the same values for the following fields:
Inactivity Warning
Inactivity Logout
HTTP Session Inactivity
|
Field or Control |
Definition |
|---|---|
| Inactivity Warning |
Specify the number of seconds that the portal should wait before warning users that the browser session will expire. Users can continue with the current session by clicking the OK button in the warning message, which resets the inactivity timer. If a user doesn't respond within the inactivity logout interval, the session ends and the expired connection page appears. The default value is 1080 seconds (18 minutes). |
| HTTP Session Inactivity |
Specify the number of seconds of inactivity after which the HTTP session times out for authenticated users. When the interval passes with no user activity, the web server discards all session information, including cached page states. The next time the user submits a request, the web server creates a new HTTP session. From the user experience, the user may be put in a search page or home page because the previous session state is lost at this point. This property is unaffected by any permission list setting. When this property isn't specified, the HTTP session time-out interval is the same value as the authenticated user inactivity logout property that is specified on this page. This property is similar to the public users HTTP Session Inactivity property that is specified on this page. Use this property with caution. Don't use this property if you don't understand its usage. |
| Inactivity Logout |
Specify the value in seconds of the inactivity time-out interval that applies to PeopleSoft applications to which a user is signed in. When the interval passes with no user activity, the user's browser displays the page that is specified by the Expire Page - Page field on the Web Profile Configuration - Look and Feel page. The web server applies this value in JavaScript. Note: The inactivity logout can be overridden by a permission list inactivity time-out setting. The default value is 1200 seconds. Note: Depending on the application implementation, authenticated users might also experience an HTTP session inactivity time-out, which by default is the same as the inactivity logout value that you specify here. However, you can override this behavior by using the HTTP Session Inactivity property on this page. This property independently controls the HTTP session inactivity time-out. The HTTP Session Inactivity property is unaffected by any permission list setting. |
| Timeout Warning Script |
Displays the name of the time-out warning script that is currently in effect. The default value is WEBLIB_TIMEOUT.PT_TIMEOUTWARNING.FieldFormula.IScript_TIMEOUTWARNING. |
| Override |
Click to change the time-out warning script. The Override Timeout Warning Script page appears, with these fields:
The values of these fields are concatenated to produce the value in the Timeout Warning Script field. |
Public Users
Public users are PeopleSoft application users who are not required to go through a PeopleSoft sign in page. As a result, public users are neither identified nor authenticated by their own user ID and password. Public users also are not forwarded to the sign in page after any period of inactivity.
Because they access sites without credentials, public users should be limited to informational websites where sensitive data is not accessible.
You should enable public user access under these conditions:
When you provide users with direct links to pages that are not secured.
Note: If a user clicks a direct link that accesses a page for which the public user ID is not authorized, the system displays the sign-in page prompting the user to supply her PeopleSoft credentials.
When you use an external authentication method.
Important! If you are using an external authentication method in conjunction with the PeopleCode SwitchUser function, then the Inactivity Warning and Inactivity Logout values specified for authenticated users are restored.
See SwitchUser.
When you want crawlers to search your PeopleSoft site and need to provide access to the portal.
|
Field or Control |
Definition |
|---|---|
| Allow Public Access |
Select so that the system bypasses the user sign-in page when users click a direct link to a page. The system uses the values that you specify in the User ID and Password fields for authentication. This check box is deselected by default. When you select this check box, the system enables the User ID, Password, and HTTP Session Inactivity fields. |
| User ID |
Enter the account that the system uses to authenticate public users. This field is enabled when you select the Allow Public Access check box. Note: This is not the same as the WebUserId property in the configuration.properties file, which you specify during the PeopleSoft Pure Internet Architecture installation for accessing the web profile. |
| Password |
Enter the password for the account that you entered in the User ID field. This field is enabled when you select the Allow Public Access check box Note: This is not the same as the WebPassword property in the configuration.properties file, which you specified during the PeopleSoft Pure Internet Architecture installation for accessing the web profile. |
| HTTP Session Inactivity |
Specify the value in seconds of the inactivity period that applies to public users. When the period passes with no user activity, the web server discards all session information, including cached page states. The next time the user submits a request, the web server creates a new HTTP session. This field is enabled when you select the Allow Public Access check box. Note: If you are using an external authentication method in conjunction with the SetAuthenticationResult function in Signon PeopleCode or the SwitchUser() function in Non-Signon PeopleCode, you are logged out if you are inactive. The default value is 1200 seconds. See SwitchUser. |
Web Server Jolt Settings
|
Field or Control |
Definition |
|---|---|
| Disconnect Timeout |
Specify the amount of time to wait while disconnecting the Oracle Jolt connection. A value of 0 means no limit. The default value is 0 seconds. |
| Send Timeout |
Specify the maximum number of seconds that the servlet allows for a request to be sent to the application server. This setting does not indicate a maximum amount of time for the service to finish; it indicates only the maximum amount of time to send the request to the application server. The default value is 50 seconds. |
| Receive Timeout |
Specify the maximum number of seconds that the servlet should wait for a response from the application server. Make sure that the value of this field is greater than your application server service time-outs, such as the Service Timeout setting for PSAPPSRV that appears in the psappsrv.cfg configuration file on the application server. The default value is 600 seconds. |
XML Link
|
Field or Control |
Definition |
|---|---|
| User ID |
Enter the user account that the system uses to authenticate users for XML Link technology. |
| Password |
Enter the password for the account name that you entered in the User ID field. |
| XML Link Use HTTP Same Server |
Select to indicate that the portal should use the HTTP protocol instead of HTTPS for requests that are issued by the xmllink servlet for content that is hosted on the same server as the xmllink servlet. This check box is selected by default. |
Access the Web Profile Configuration page. (Select Select the Virtual Addressing tab.)
Image: Web Profile Configuration - Virtual Addressing page
This example illustrates the fields and controls on the Web Profile Configuration - Virtual Addressing page. You can find definitions for the fields and controls later on this page.
|
Field or Control |
Definition |
|---|---|
| Generate Relative URLs |
Select to generate relative URLs. This setting is for use with proxy server implementations. This check box is selected by default. |
Default Addressing
|
Field or Control |
Definition |
|---|---|
| Protocol |
Specify the default protocol—HTTP or HTTPS—to override the protocol that is used by the PeopleSoft Pure Internet Architecture and the portal to construct URL references. When this property is omitted, the protocol of the incoming request to the PeopleSoft Pure Internet Architecture servlet is used. You must set this property when the browser makes an SSL connection and SSL is terminated before the PeopleSoft Pure Internet Architecture servlet, using a device such as an SSL accelerator or a reverse proxy server, or when you select the PIA use HTTP Same Server property on the Web Profile Configuration - Security page. In this situation, the protocol of the request to the PeopleSoft Pure Internet Architecture servlet is HTTP, but the PeopleSoft Pure Internet Architecture must generate URL references with an HTTPS protocol. |
| Name |
Enter a default server name to override the server name that is used by the PeopleSoft Pure Internet Architecture and the portal to construct URL references. When this property is omitted, the server name of the incoming request to the PeopleSoft Pure Internet Architecture servlet is used to construct URL references. You must set this property when the server on which the PeopleSoft Pure Internet Architecture servlet resides is different from the server to which the browser is connected. This can occur when a reverse proxy server or load balancer is configured in front of the web server. In these situations, the PeopleSoft Pure Internet Architecture must generate URL references with the server that is used by the browser for its initial connection. Note: If you specified an authentication domain on the Web Profile Configuration - General page, it must be part of the server name that you specify here. The value that you enter in this field is automatically converted to lowercase. |
| Port |
Enter a default port to override the port that is used by the PeopleSoft Pure Internet Architecture and the portal to construct URL references. When this property is omitted, the port of the incoming request to the PeopleSoft Pure Internet Architecture servlet is used to construct links on a PeopleSoft Pure Internet Architecture or portal page. You must set this property when the port through which the PeopleSoft Pure Internet Architecture servlet is accessed is different from the port to which the browser is connected. This can occur when an SSL accelerator is used or when a reverse proxy server is configured in front of the web server, and the reverse proxy server or load balancer listens on a different port from the web server, or when you select the PeopleSoft Pure Internet Architecture use HTTP Same Server property on the Web Profile Configuration - Security page. In these situations, the PeopleSoft Pure Internet Architecture must generate URL references with the port that is used by the browser for its initial connection. |
Reverse Proxy Server List
Use this grid to specify the reverse proxy servers through which the portal can expect to retrieve content. External content that is retrieved from these sources and contains relative references is rewritten by the portal to contain relative references instead of absolute references to preserve reverse proxy server requirements.
For each reverse proxy server on the list, you specify:
The protocol to use.
The server's host or machine name.
The server's HTTP port number.
The server's HTTPS port number.
Access the Web Profile Configuration page. (Select Select the Cookie Rules tab.)
Image: Web Profile Configuration - Cookie Rules page
This example illustrates the fields and controls on the Web Profile Configuration - Cookie Rules page. You can find definitions for the fields and controls later on this page.
Important! Use the Custom Properties page to set the SameSite attribute for PeopleSoft cookies. By default, the SameSite attribute for all PeopleSoft cookies is set to Strict. See “SameSite Cookie Attributes” in Configuring Custom Properties for more information.
This page defines rules that determine how the portal passes cookies to servers in the same domain as well as whether a cookie is defined for the browser as HTTP only. Unless an exception rule is defined in the Browser Cookie Rules grid, PeopleSoft cookies are delivered as HTTP only by default.
Oracle WebLogic web servers use browser cookies (containing the server path and domain) to establish session identity. These cookies have a default name that's used to retrieve the cookie on each request to the web server. In an environment in which multiple web servers are in use with the portal, you need to define unique session cookie names between web servers to prevent one cookie from overwriting another cookie of the same name set by a different web server. The path or domain of the cookie must be different to prevent overwriting.
Server Cookie Rules
Note: Use the first three fields to specify patterns to match, where the asterisk ( * ) is treated as a wildcard, matching zero or more characters.
The portal knows its own domain (from the authentication domain), and the first default rule instructs it to pass portal servlet cookies to any server in the same domain, over both secure and insecure connections. All other cookies can continue to be passed to any server on any domain.
|
Field or Control |
Definition |
|---|---|
| Cookie Pattern |
Specify the name pattern for cookies to which this rule applies. For example, to specify all cookies whose names start with HR_, enter the value HR_*. |
| Cookies Passed to Server |
Specify the name pattern for the servers to which the specified cookies should be passed. For example, to specify all servers in the domain .hr.example.com, enter the value *.hr.example.com. You can use a substitution parameter %AuthTokenDomain to represent the authentication domain currently in effect. |
| Cookies Not Passed to Server |
Specify the name pattern for the servers to which the specified cookies should not be passed. You can use a substitution parameter %AuthTokenDomain to represent the authentication domain currently in effect. Note: This field takes precedence over the Cookies Passed to Server field. |
| Delete Cookie on Logout |
Select to indicate that the cookie should be deleted when the user signs out of the portal. Note: This check box is deselected for the first default rule (matching all cookies), but any cookies that are generated by PeopleSoft with, for example, the PSJSESSIONID prefix, are deleted when the user signs out. If you're running multiple PeopleSoft portals and want cookies to be maintained after the user signs out, update this page to specify which cookies to preserve or delete. Warning! Oracle recommends that you use extreme caution when setting all cookies to be deleted on sign-out. Cookie pattern "*" means all cookies. Some cookies must be kept. For example, the Arrow Point cookie (ARPT) is used by some load balancers to ensure sticky http(s) sessions. |
| Disable Secure |
Cookies are sent secure by default over secure (HTTPS) connections. Select this setting to disable the secure attribute for this cookie, which allows it to be sent in requests over insecure (HTTP) connections. This setting applies only when HTTPS is being used. |
Browser Cookie Rules
Unless an exception rule is defined in this Browser Cookie Rules grid, PeopleSoft cookies are delivered as HTTP only by default. For browsers that support this option, this prevents client side scripts such as JavaScript from accessing a PeopleSoft cookie.
Also, unless an exception rule is defined in this Browser Cookie Rules grid, PeopleSoft cookies are delivered as Secure by default in HTTPS mode This setting applies only when HTTPS is being used. The secure attribute is always disabled for all cookies when HTTP is being used.
|
Field or Control |
Definition |
|---|---|
| Cookie Pattern |
Specify the name pattern for cookies to which this rule applies. For example, to specify all cookies whose names start with HR_, enter the value HR_*. |
| HttpOnly Disabled |
Select to indicate that the cookie can be accessed by JavaScript from the browser side. Note: The following cookies cannot be controlled using the web profile configuration: PS_TOKENEXPIRE, PS_DEVICEFEATURES, PS_LOGINLIST, http*refresh, IOS_FULLSCREEN, ps_theme, and psback. |
| Disable Secure |
Cookies are sent secure by default over secure (HTTPS) connections. Select this setting to disable the secure attribute for this cookie, which allows it to be sent in requests over insecure (HTTP) connections. This setting applies only when HTTPS is being used. Note: The following cookies cannot be controlled using the web profile configuration: PS_TOKENEXPIRE, PS_DEVICEFEATURES, PS_LOGINLIST, http*refresh, IOS_FULLSCREEN, ps_theme, and psback. |
Access the Authorized Site page. (Select Select the Authorized Site page tab.)
Image: Web Profile Configuration - Authorized Site page
This example illustrates the fields and controls on the Web Profile Configuration - Authorized Site page. You can find definitions for the fields and controls later on this page.
Use the Authorized Site page to maintain sites that are authorized to request resources from this web server for three mutually independent purposes:
Allowing other sites to make requests to this site using the Cross-Origin Resource Sharing (CORS) standard.
Allowing other sites to embed content from this site—that is, allow sites to request “framable” content.
Allowing other sites to participate in a single signon configuration with this site (using a check token ID).
The Authorized Sites grid serves as an “allowlist” identifying only those hosts, domains, or subdomains that are allowed to request resources from this web server for only the specific purpose or purposes specified. To facilitate configuration of these features within your own intranet, you can use the Allow Domain Compare check box on a feature-by-feature basis:
|
Field or Control |
Definition |
|---|---|
| Allow Domain Compare |
Select this check box to authorize all other hosts within the same authentication token domain as this web server. Note: When this check box is deselected, you must create individual host, domain, or subdomain entries to authorize other hosts within the same authentication token domain. |
Authorized Sites Grid
Note: A site or domain can be added to the grid one or more times.
|
Field or Control |
Definition |
|---|---|
| Protocol |
Select a protocol (http or https) to restrict requests from this host to that specific protocol. |
| Host |
Enter a fully qualified host name (for example, host.example.com), a domain name (for example, .example.com), or a subdomain name (for example, .us.example.com). Note: Domain and subdomain names begin with a . (a period); host names do not. |
| Port Number |
Specify a port number to restrict requests from this host to that specific port number. |
| CORS |
Select this check box to add this entry to the allowlist for CORS processing. |
| Framable |
Select this check box to add this entry to the allowlist to allow the site to embed content from this web server. |
| CheckToken |
Select this check box to add this entry to the allowlist for participating in single signon. |
Cross-Origin Resource Sharing (CORS)
You can maintain which sites are authorized to request resources from this web server using the CORS standard. For example, one resource (a web page or a script, for example) makes a cross-origin HTTP request when it requests a resource (an image, a CSS style sheet, a script, and so on) from a different domain than the one which served itself. For security reasons, browsers restrict cross-origin HTTP requests initiated from within scripts. The CORS standard gives web servers cross-domain access controls, which enable secure cross-domain data transfers.
To be allowed to make requests to this site using the CORS standard, another site must either be explicitly identified on this page, have its domain or subdomain explicitly listed on this page, or be implicitly included because it is a member of the same domain as this web server when Allow Domain Compare is selected.
For more information on CORS, see HTTP access control (CORS).
Note: If CORS is not involved in the request—that is, a simple request that does not include an Origin request header, then the request is processed as a non-CORS request and the settings on this page are ignored.
Framable
Whether this web server will allow its content to be framed by the requesting site depends on the combination of check boxes selected.
|
Field or Control |
Definition |
|---|---|
| Enable Frame Control |
Select this check box to turn on control of which sites can embed content from this web server. Important! When this option is deselected, frame control is disabled entirely, which means that any site can embed content from this web server. Any other check boxes related to framing are ignored, even if they are already selected. |
| Allow Domain Compare |
Select this check box to authorize all hosts within the same authentication token domain as this web server. |
| Allow Authorized Sites |
Select this check box to authorize any hosts in the Authorized Sites Grid with the Framable check box also selected to embed content from this web server. |
For more information on X-Frame-Options, see HTTP Header Field X-Frame-Options.
Embedding PeopleSoft Content
Note the following limitations on embedding and accessing PeopleSoft content on a non-PeopleSoft system:
The PeopleSoft web server and the non-PeopleSoft web server must reside within the same subdomain.
The user accessing the PeopleSoft content must already be signed into the PeopleSoft system in the same browser session.
PeopleSoft content is limited what is available via the psc servlet with these additional restrictions:
Only classic components are supported. No fluid components or features are supported.
The features on classic pages that are supported include standard component search, autocomplete, file attachments, and modal windows.
The features on classic pages that are not supported include items in the portal header and the page bar (notifications, global search, breadcrumbs, new window, and so on).
In addition, classic homepages, interwindow communication, dashboards, WorkCenters, and activity guides are not supported.
Use the following procedure to embed PeopleSoft content on a non-PeopleSoft system:
On the PeopleSoft web profile configuration, on the Virtual Addressing page, deselect the Generate Relative URLs check box.
On the Authorized Site page, authorize the non-PeopleSoft system to embed content from this site.
Then stop and restart the PeopleSoft web server.
On the non-PeopleSoft system, modify the HTML for a page that embeds PeopleSoft content to add a reference to a required iScript in the <head> element:
<head> <script type="text/JavaScript" src="http://ps_webserver.example.com:8080/psc/SITE/PORTAL/NODE/s/WEBLIB_PTHDR.ISCRIPT1.FieldFormula.IScript_GET_PORTAL_JS"></script> </head>Add a frame that embeds the PeopleSoft classic component using the following HTML attributes:
Attribute
Value
id
'ptifrmtgtframe'name
'TargetContent'src
The full URL to the target component.
For example:
<iframe id="ptifrmtgtframe" name="TargetContent" title="Main Content" frameborder="2" scrolling="auto" src="http://ps_webserver.example.com:8080/psc/SITE/PORTAL/NODE/c/MENU_NAME.COMPONENT_NAME.GBL?PAGE=PAGE_NAME" width="100%" height="100%" style="border-color:red;" ></iframe>
CheckToken
Each PeopleSoft database participating in single signon must define a check token ID on the default local node definition on the local database, as well as on the remote node definitions for each participating default local node on all participating systems. When a request is sent from a site where PS_TOKEN originated to another site where it is consumed, an additional validation request is sent by that consumer to verify that the token is still valid at the originator site using this check token ID.
To participate in a single signon configuration, another site must either be explicitly identified on this page, have its domain or subdomain explicitly listed on this page, or be implicitly included because it is a member of the same domain as this web server when Allow Domain Compare is selected.
For more information, see Understanding PeopleSoft-Only Single Signon and Defining Nodes for PeopleSoft-Only Single Signon
Access the Remote Client page. (Select Select the Remote Client page tab.)
Image: Web Profile Configuration - Remote Client page
This example illustrates the fields and controls on the Web Profile Configuration - Remote Client page. You can find definitions for the fields and controls later on this page.
Use the Remote Client page to define directives used by the PeopleSoft system to identify and log remote client addresses.
When a remote client makes a request to a PeopleSoft system, it is rare that the remote client connects directly to the PeopleSoft system. Instead, multiple intermediate machines such as firewalls, proxy servers, load balancers, routers, and so on handle the request on behalf of the actual remote client. Any of these machines may forward the request after putting their own address in place of the actual remote client’s address. When this address substitution takes places, then that network machine must put the actual remote client address elsewhere in the packet usually in an HTTP request header. If it does not do this, then the actual remote client address is lost to downstream hosts. When this occurs, the address recorded by the PeopleSoft system is the HTTP request’s last hop, which is frequently a load balancer, reverse proxy server, or other box within your intranet.
The Remote Client page allows you to configure your PeopleSoft web server with directives that will allow it to more accurately identify and log the actual remote client address from the requests that it receives. These directives include:
RemoteIPHeader – Identifies which HTTP request header is used by the systems in your internal networks.
RemoteIPSeparator – Identifies the character used to separate addresses appended to the HTTP request header.
TrustedProxies – Identifies the list of machines on your internal, controlled networks through which inbound requests can pass.
RemoteClientFormat – Identifies the format (IP address or DNS name) to be recorded and reported by the PeopleSoft system.
Each of these directives is discussed in more detail in the following sections.
While these directives can help the PeopleSoft system more accurately identify and consistently report remote client access, much depends on the network outside of the PeopleSoft system. For example, consistency in the configuration of your internal network and how each machine forwards remote client information is key. But other aspects are out of your control. For example, if the actual remote client is on its own intranet that has a firewall or gateway server that connects to the internet, then the address of the remote gateway is effectively the remote client address. Addresses and forwarding headers included by other upstream systems outside of your control are deemed untrusted by the PeopleSoft system, even if those addresses and headers are forwarded by your network intact.
The following example illustrates how the effective remote client address of the remote gateway is recorded by the PeopleSoft system rather than the actual remote client address. Each system that forwards a request appends the address of the machine that contacted it to the HTTP request header—in this example, the X-Forwarded-For header.
Image: Example flow from remote client to the PeopleSoft system
The following example illustrates how the effective remote client address of the remote gateway is recorded by the PeopleSoft system rather than the actual remote client address. Each system that forwards a request appends the address of the machine that contacted it to the HTTP request header—in this example, the X-Forwarded-For header.
For the purposes of this example, the remote client directives have been configured as follows:
# An example of remote client directives
RemoteIPHeader = X-Forwarded-For
RemoteIPSeparator = ,
TrustedProxies = 10.10.0.0 10.10.1.0
RemoteClientFormat = c-ipAfter the PeopleSoft web server appends the remote address of the previous hop, the HTTP request header that the PeopleSoft system processes includes:
X-Forwarded-For: 10.1.2.3, 192.0.2.0, 10.10.0.0, 10.10.1.0When the PeopleSoft web server processes this request header, it reads it from right to left stripping off known trusted hosts. In this case, 10.10.1.0 and 10.10.0.0 are the addresses of trusted hosts, so they are stripped off. The next address, 192.0.2.0 is unknown to the PeopleSoft web server because it is not listed as a trusted host. Processing of the request header stops, and this is the remote client address that is logged and reported by the PeopleSoft system. In reality, it is not the actual remote client address (10.1.2.3), but the effective remote client address for the remote gateway instead. Because the c-ip directive is in effect, the address is reported and logged as an IP address, and no reverse DNS lookup is attempted.
General Considerations
Note the following considerations when specifying directives:
All directives are optional.
Directive names are not case sensitive.
Each directive fits on one line.
Except for the TrustedProxies directive, only one value for a directive is allowed. If a directive is specified more than once, the last value specified is in effect.
The general format is Directive Name = value, in which = is used to separate the directive's name and its value.
A # marks the beginning of a comment. All text from the # through the end of line is ignored.
RemoteIPHeader
This directive specifies the HTTP request header to be used by your controlled corporate network. If this directive is omitted, then evaluation of the remote client as described in this section is disabled.
For example:
RemoteIPHeader = X-Forwarded-ForDefault value: none
RemoteIPSeparator
This directive specifies the single character that separates the IP addresses in the HTTP request header that are appended by the trusted hosts in your controlled corporate network.
For example:
RemoteIPSeparator = ;Default value: space character
TrustedProxies
Each address in this list identifies a trusted host in your controlled corporate network through which inbound HTTP requests may have passed. Each address in the list is an IPv4 or IPv6 formatted address or a host name that can be resolved to an IP address (or addresses). Internally, PeopleSoft resolves all these addresses into a single list of IP addresses. Multiple directives with this name are allowed. Therefore, subsequent TrustedProxies directives append additional values to those from prior directives.
When using this directive, separate trusted hosts with a space. For example:
TrustedProxies = 10.1.1.1 10.2.1.1 proxy1.example.com 192.168.1.1Default value: none
RemoteClientFormat
This directive specifies whether the PeopleSoft system logs and reports the remote client using its IP address or its host name. Legal values are c-ip or c-dns and are case insensitive. All other values cause the directive to be ignored. This directive, or its default value when omitted, is enabled regardless of the presence or absence of the RemoteIPHeader directive.
Note: If the DNS resolver contacted by the PeopleSoft system cannot resolve the DNS name of the remote client, then even when this directive is set to c-dns, the address logged and reported by the PeopleSoft system will be an IP address.
For example:
RemoteClientFormat = c-dnsDefault value: c-ip
Access the Caching page. (Select Select the Caching page tab.)
Image: Web Profile Configuration - Caching page
This example illustrates the fields and controls on the Web Profile Configuration - Caching page. You can find definitions for the fields and controls later on this page.
On the Browser
|
Field or Control |
Definition |
|---|---|
| Cache Generated HTML |
Select to indicate that PeopleSoft application pages should be cached by the user's browser. For security reasons, deselect this check box in kiosk environments. Note: This setting does not affect caching of classic homepages and pagelets, which is determined by the Cache Homepage field. This check box is selected by default. Note: When you use menu navigation, the back button works even if this option is deselected because menu navigation does not generate the No-Cache directive. |
| Number of States Supported |
Specify how many browser states the portal should support when the user accesses PeopleSoft application pages. Note: If you have applications that make numerous server requests, you may want to increase this value. This increases the virtual machine's memory requirements, so be prepared to allocate more memory accordingly. The default value is 5 states. |
| State Discard Interval |
When a user signs out (either explicitly or because of a session timeout), the system normally clears all application states for the user's session. This property enables clearing of application states for individual windows instead. If your users have a long session time-out and many browser windows open, use this property to force the portal web server to release cached states for windows that a user has closed. Every time a user clicks the New Window link on a portal page, or when transfer PeopleCode opens a new window, the portal web server creates and maintains a state cache for that new browser window. Even if the user closes the window, the web server continues to maintain the cache during the interval that is specified by the Inactivity Logout field on the Web Profile Configuration - Security page. If users open many application browser windows simultaneously and then close most of them while still continuing to work actively in one or two remaining windows, you may be using more web server memory than is required and unnecessarily degrading its performance. You can improve performance by using this property to specify an independent time-out interval that applies to individual browser windows, which forces the portal web server to release cached states for windows that users have closed. When a user clicks the New Window link, and each time user activity in a window produces a request for data from the web server, the portal applies a current timestamp to its corresponding state cache. The next time the user clicks the New Window link, the portal examines the timestamp for each state cache. For any timestamp that's older than the status block time-out, the portal web server discards the associated window state cache on the assumption that the window must have been closed. Note: The portal performs this comparison only when the user clicks the New Window link. Enter a value that represents the number of seconds for the inactivity time-out per window. This time-out should be as short as possible, but still long enough to avoid discarding the state cache of any window that's still in use. A good starting value is the same value as the inactivity logout. If you don't specify this property, or if you enter 0,status blocks are tracked per session—all status blocks are deleted when the user signs out or when the inactivity logout interval expires. Note: A potential inconvenience with this property is that users might be inactive in a window without closing it, then return to it after the interval that you specify here has expired. In that case, they're presented with the application's search page. |
| Cache Homepage |
Important! This setting applies to classic homepages and pagelets only, and not to fluid homepages. Select to apply homepage caching on the browser. When this check box is selected, the Homepage Stale Interval field and the Browsers grid become available. This check box is selected by default. When the Cache Homepage check box is selected, the following occurs:
When this check box is deselected, any PORTAL_NOBROWSERCACHE content reference attributes are ignored. |
| Homepage Stale Interval |
Important! This setting applies to classic homepages only, and not to fluid homepages. Enter the number of seconds that the browser should wait before requesting an updated homepage from the portal server. The default value is 1200 seconds (20 minutes). |
See Implementing Homepage Caching, Implementing PeopleSoft Page Caching.
Browsers
Use this grid to identify the browsers that you don't want to cache the homepage. For each browser make, model, and version, supply the identifying user agent ID and deselect the Cache Home Page check box. To re-enable caching for a listed browser, select the browser's Cache Home Page check box.
Any browser that is not listed caches the homepage if the global Cache Homepage check box is selected.
Note: If the global Cache Homepage check box is deselected, you can't enable homepage caching for individual browsers.
On the Web Server
|
Field or Control |
Definition |
|---|---|
| Cache Proxied JavaScripts |
Select to enable caching of proxied JavaScript objects on the portal server. This check box is selected by default. |
| Cache Portal Objects |
Select to enable metadata caching. This check box is selected by default. |
| Cache Stale Interval |
Enter the number of seconds that should pass before the portal refreshes the metadata cache. The default value of this property is 86400 seconds (24 hours). Note: This property competes for effect with Cache Purge All Hit Count. |
| Cache Target Content |
Select to cache all target content HTML that has an appropriately defined Cache element. This check box is selected by default. |
| Cache Menu |
Important! This setting applies to the classic drop-down menu, and not to the Navigator menu in the NavBar. Select to enable web server-based navigation caching. For all profiles, including those that are newly created, the default value is False. |
| Cache Purge All Hit Count |
Specify the maximum total number of HTTP requests that the web server should receive for metadata objects before it purges the metadata cache, forcing the portal to refresh the cache. The default value is 1000 requests. Set this property to 0 to disable the feature. Note: This property competes for effect with the cache stale interval. |
See Implementing Target Content Caching, Implementing Metadata Caching, Implementing Proxied JavaScript Caching, Administering Web Server-Based Navigation Caching.
Directories
|
Field or Control |
Definition |
|---|---|
| Image Directory |
Enter the image file cache directory. The default value is /cache. |
| Image Web Directory |
Enter the image file web cache directory. The default value is /cache. |
| CSS Directory (cascading style sheet directory) |
Enter the cascading style sheet (CSS) cache directory. The default value is /cache. |
| CSS Web Directory |
Enter the CSS web cache directory. The default value of this field is /cache. |
| Copy Image/CSS (No Versioning) |
Select to have the system write a copy of the image and CSS cache with no version number. This check box is provided in case an external reference to the PeopleSoft stylesheet is needed. Warning! Enable this setting with care. In a production environment, it can double the number of files that are stored in the site's cache directory. Unless a clear need exists to use a custom solution to access style sheets and the like, this check box should be disabled. This check box is deselected by default. |
| Chart Directory |
Enter the directory of the cache for the chart image file. The default value is /cache/chart. |
| Chart Web Directory |
Enter the directory of the web cache for the chart image file. The default value is /cache/chart. |
| JavaScript Directory |
Enter the Java Script cache directory. The default value is /cache. |
| JavaScript Web Directory |
Enter the JavaScript web cache directory. The default value is /cache. |
Recent Search Results
Important! Persistent search, the drop-down menu, and other forms of classic navigation are no longer supported. The default navigational interface for PeopleSoft applications in the current release is based on the fluid banner, which can be used for both classic and fluid applications.
|
Field or Control |
Definition |
|---|---|
| Enable Caching |
Select to temporarily store recent (persistent) search results on the browser and web server. Deselecting this setting suppresses all search persistence property settings that you configure in Application Designer definitions. The default value is unchecked. |
| Enable Caching on Web Server |
Select to temporarily store recent (persistent) search results on the web server. Deselecting this setting suppresses all search persistence property settings that you configure in Application Designer definitions. This option applies only when you use either Internet Explorer 7 or Safari 3 as your browser. The default value is unchecked. |
Access the Web Profile Configuration page. (Select Select the Debugging tab.)
Image: Web Profile Configuration - Debugging page
This example illustrates the fields and controls on the Web Profile Configuration - Debugging page. You can find definitions for the fields and controls later on this page.
|
Field or Control |
Definition |
|---|---|
| Trace Monitoring Server |
Select to have the PeopleSoft Performance Monitor and PPMI servlets write debug information to the web server log. This check box is deselected by default. Note: This feature is not an agent trace. For an agent trace, use Trace PPM Agent. |
| Trace PPM Agent |
Select to enable PeopleSoft Performance Monitor tracing on performance agents. This check box is deselected by default. |
| Show Connection Information |
Select to have the application generate a system information page, which includes the browser, OS, PeopleTools release, application release, service pack, page definition name, component definition name, menu definition name, user ID, database name, database type, and application server address when you press Ctrl+J. The default is deselected. Note: This information is useful for orientation and troubleshooting purposes, but might not be suitable for end users. |
| Show Trace Link at Signon |
Select to display a URL link at sign-in. The link opens a page for setting trace parameters. |
| Show Layout |
Select to apply border and color attributes in a table layout for pages. This enables developers to see the position of PeopleSoft Application Designer objects in HTML. |
| Show Overlapping Fields |
Select to include comments in generated HTML pages that may help in diagnosing page layout problems, such as fields overlapping other fields. |
| Show StyleSheet Inline HTML |
Select to insert the page's style sheet into its generated HTML. Note: Only classic style sheets are generated inline; fluid style sheets are not generated inline. |
| Show JavaScript Inline HTML |
Select to display all the JavaScript functions that are used for processing in the generated HTML page. |
| Generate HTML for Testing |
Select to alter the generated HTML to assist with testing and troubleshooting. For example, this option provides additional white space and comments on the page to aid readability. Also, it includes additional name attributes for reference from SQA robot scripts. Note: Selecting this option may cause some pages or pagelets not to appear correctly. You can also set this in the application server configuration file with the TracePIA option. To ensure that all pages appear correctly, verify that TracePIA isn't enabled in the configuration file. |
| Write Dump File |
Select to have the system write a log file to the web server if an Oracle Jolt exception error occurs. |
| Create File from PIA HTML Page (create file from PeopleSoft Pure Internet Architecture HTML page) |
Select to view and debug the source HTML that the application server generates. The system saves each generated page as PS_CFG_HOME\appserv\domain\LOGS\client\element\N.html. The variables in the name are:
Warning! Use this tracing feature only for troubleshooting and testing. Enabling this feature generates numerous directories and files on the application server, which significantly affects performance. Use it for short periods, preferably only for a single-user test scenario. Never enable it on a production website. |
| Use Unminified JavaScript |
Select to disable the execution of minified JavaScript for the PeopleSoft Pure Internet Architecture domain. During runtime, the PeopleSoft system compresses, or minifies, all JavaScript stored in HTML definitions created in Application Designer. This is the default behavior. JavaScript that has been minified has been stripped down to only the essential strings required for runtime execution to save bandwidth. For more information on minified JavaScript in HTML definitions, see Working with JavaScript in HTML Definitions. |
See Configuring Custom Properties and Working with Performance Monitor Web Profile Properties.
Access the Web Profile Configuration page. (Select Select the Look and Feel tab.)
Image: Web Profile Configuration - Look and Feel page (part 1)
This example illustrates the fields and controls on the Web Profile Configuration - Look and Feel page. You can find definitions for the fields and controls later on this page.
Image: Web Profile Configuration - Look and Feel page (part 2)
This example illustrates the fields and controls on the Web Profile Configuration - Look and Feel page. You can find definitions for the fields and controls later on this page.
Start Page
|
Field or Control |
Definition |
|---|---|
| Page |
Displays the script to which the system redirects users after a successful sign-in. This value references the iScripts that build the PeopleSoft navigation. The default value is WEBLIB_PTBR.ISCRIPT1.FieldFormula.IScript_StartPage. |
| Override |
Click to change the start page script. The Override Start Page Script page is displayed with these fields:
The values of these four fields are concatenated to produce the value of the Page field on the Look and Feel page. |
| Fluid Homepage |
Displays the name of the component used to render fluid homepage tabs. The default value is NUI_FRAMEWORK.PT_LANDINGPAGE.GBL. See Web Profile Configuration - General Page for more information. |
Expire Page
|
Field or Control |
Definition |
|---|---|
| Page |
Displays the HTML page containing text variables that are defined in text.properties. This page appears when user inactivity exceeds the limit that is specified by the Inactivity Logout field in the Authenticated Users region of the Web Profile Configuration - Security page. Do not change this setting. The default value is expire.html,expire.wml. |
| Content Name |
Enter the content name that is stored in the HTML catalog. It appears when a page has expired due to reaching the limit that is specified by the Number of States Supported field in the On the Browser region of the Web Profile Configuration - Caching page. Change this value with caution. The default value is PT_EXPIRE,PT_EXPIRE_WML. |
Error Pages
|
Field or Control |
Definition |
|---|---|
| Exception Page |
Enter the name of the page that is used in Java to handle exceptions. Change this value with caution. The default value is exception.html,exception.wml. |
| MCF Auth Failure Page (multichannel framework authorization failure page) |
Enter the name of the multichannel framework authorization failure page. The default value is mcferror.html. |
| Pagelet Error Page |
Enter the name of an initial error message page to be displayed in the user's browser when a portal pagelet is unavailable. The default value is portalerrorpagelet.html. |
| Portal Target Error Page |
Enter the name of an initial error message page to be displayed in the user's browser when target content is unavailable. The default value is portalerrortarget.html. |
| Portal Detail Error Page |
Enter the name of an error message page that can be displayed in the user's browser to provide more detail about an error when retrieving portal content. The default value is portalerrordetail.html. |
Because your PeopleSoft portal can aggregate its content from many different sources, errors can occur for a variety of reasons. An error may occur if:
A content server is down.
An invalid URL is specified.
A portal node from which content is being requested is inactive.
A portal node fails to deliver requested content within the time-out interval that you specify by using the PSTIMEOUT content reference attribute.
See Configuring Pagelet Time-out Settings.
For practical purposes, all of these reasons result in the requested content being unavailable.
The values that you specify for the pagelet error page, portal target error page, and portal detail error page are the names of HTML pages that present customizable, translatable error messages. The default pages are delivered with the PeopleSoft system and provide useful error messages without any modification.
You can use the delivered error pages, modify them, or create your own. You can choose additional error message information to be displayed by using bind-type variables of two types in your error pages:
Numeric message variables
These map to strings that are predefined in the following file:
PS_CFG_HOME\webserv\peoplesoft\applications\peoplesoft\PORTAL\WEB-INF\psftdocs\sitename\text.properties
For example, the numeric variable 5006 maps to the phrase “The portal was unable to retrieve the page you are looking for.”
Session variables
These map to system information that depends on the current page and activity.
Session variables have values that are dynamically resolved by the portal engine at runtime. Available session variables include:
ErrorTitle
ErrorDescription
ErrorURL
AccessedURL
OriginalURL
TargetPage
StackTrace
DetailError
DetailError is the name of the page that is specified by the Portal Detail Error Page field. This can be used to specify a link target.
To invoke a numeric
or session variable, you insert it between the strings <%= and %> in your HTML.
For example: <%=5009%> or <%=ErrorDescription%>. Examine the delivered error pages for examples of how to use the
numeric and session variables within your HTML.
Other Pages
|
Field or Control |
Definition |
|---|---|
| Auth Token Enable Page (authorization token enable page) |
Enter the name of the page to be displayed when the site being accessed is configured with an authentication domain (or web server session cookie domain), and the URL from the browser doesn't include the domain. This page contains a link to a sign-in page that produces the correct URL for the site. You can modify the content interface and design, but do not change the internal meta-tags that generate the correct URL. The default value is authtokenenabled.html. |
| Enable Trace Page |
Enter the name of the page to be used to set trace parameters. If you enable tracing, this page appears before the sign-in page so that you can set the trace parameters and then sign in to the system. The default value is signintrace.html. |
| Cookies Required Page |
Enter the name of a page to be displayed when the browser does not accept cookies. You should configure browsers to accept cookies. The default value is cookiesrequired.html. |
| SSL Required Page |
Displays the name of the page that should appear if the Secured Access Only check box is selected in the SSL region of the Web Profile Configuration - Security page, and the user is unable to proceed without SSL. Do not change this setting. The default value is sslrequired.html. |
| User Profile Page |
Displays the name of the page that appears when the user clicks the link from a password-expired page. Do not change this setting. The default value is userprofile.html. |
Signon/Logout Pages
|
Field or Control |
Definition |
|---|---|
| Signon Page |
Displays the name of the page that redirects to the servlet for the sign-in process. Do not change this setting. The default value is signon.html,signon.wml. |
| Signon Result Doc Page (signon result document page) |
If your portal site is configured with sign-in PeopleCode to additionally validate the user, that code can call a result document if the user authentication failed. You can present the result document to the user in several ways by specifying one of these HTML documents in this field: signonresultdoctext.html: The result text is wrapped in a standard portal error page. This is the default value. signonresultdocpage.html: The result text itself is formatted as the error page. signonresultdocredirect.html: This page redirects the user to your own result document, using the <%=resultDoc%> session variable element. |
| Signon Error Page |
Enter the name of the page that should appear when the user makes an error signing in. To customize your sign-in page, clone signin.html as a starting point. Change this value with caution. The default value is signin.html,signin.wml. |
| Logout Page |
Enter the name of the page that should appear when the user signs out. You may define a custom logout page. Change this value with caution. The default value is signin.html,signin.wml. |
Password
|
Field or Control |
Definition |
|---|---|
| Password Expired Page |
Displays the name of the page that should appear when the user password is expired. Do not change this setting. The default value is passwordexpired.html. |
| Password Warning Page |
Displays the name of the page that should appear when the user's password is about to expire in the number of days specified in PeopleSoft security. Do not change this setting. The default value is passwordwarning.html. |
| Change Password on Expire |
Displays the Change Password page content ID. The system uses the value in passwordexpired.html to take the user to the Change Password page when a password is expired. The default value is MAINTAIN_SECURITY.EXPIRE_CHANGE_PSWD.GBL. |
| Override |
Click to override the expired password change page. The Override Change Password on Expire Page page appears.
|
| Change Password On Warning |
Displays the content ID for the Change Password page. The system uses the value that you enter in passwordwarning.html to take the user to the Change Password page when a password warning is required. The default value is MAINTAIN_SECURITY.CHANGE_PASSWORD.GBL. |
| Override |
Click to override the Password Change Warning page. The Override Change Password on Warning Page page appears.
|
(Optional) Language Support
Specify additional mappings from International Organization for Standardization (ISO) locale codes to PeopleSoft language codes, using one line per entry.
The PeopleSoft system uses proprietary codes to represent user languages, and the PeopleSoft Pure Internet Architecture sign-in page appears in the PeopleSoft language corresponding to the user's browser language setting (an ISO locale code). This field enables you to provide mappings from additional ISO locale codes to PeopleSoft language codes to support a wider range of browser-specific language settings.
For example, the entry zh_HK=ZHT maps the ISO locale code zh_HK (Hong Kong Chinese) to the PeopleSoft language code ZHT (traditional Chinese) so that traditional Chinese is the default sign-in language for browsers with the preferred language set to Hong Kong Chinese.
Your PeopleSoft application is delivered with default mappings, shown on the Manage Installed Languages page. The default mappings don't require entries in this field.
Access the Web Profile Configuration page. (Select Select the Custom Properties tab.)
Image: Web Profile Configuration - Custom Properties page
This example illustrates the fields and controls on the Web Profile Configuration - Custom Properties page. You can find definitions for the fields and controls later on this page.
This page enables the use of web profile properties that have been added since the current release of PeopleTools was shipped, or that are needed only for backward compatibility. For each property, you enter the property name, select its validation type, and provide the appropriate property value. The validation type ensures that the property value that you enter is the correct format. The currently available custom properties are:
|
Field or Control |
Definition |
|---|---|
| AJAXConsole |
This property, although not displayed, enables you to launch an interface for viewing diagnostic information related to AJAX parameters that are required by PeopleSoft support personnel, who will provide you with the correct values when necessary. |
| attachmentExtraWindow |
This property enables you to prevent the appearance of a message window when Internet Explorer is used to view certain types of attachments (such as *.doc files) that are not directly displayed by the browser but are instead displayed by the application associated with files of that type. This message window requires explicit user action to dismiss it. However, when Internet Explorer’s “Automatic prompting for file downloads” property is set to Disable for the Internet Explorer security zone being used, this message window provides the user with an opportunity (via Internet Explorer’s Information Bar) to permit the download of such an attachment to complete rather than having that download silently blocked. The property takes a value of 2 to prevent the appearance of the window. All other values used for this property will allow the appearance of this window. Note: Therefore, if you set the property value to 2 and use the default Internet Explorer settings, some file attachments won’t work. |
| auditPWD |
This property enables certain debug and control settings that are required by PeopleSoft support personnel, who will provide you with the correct values when necessary. Never set this property in a production environment unless directed to do so. |
| checkForDuplicateCookies |
Duplicate cookies occur when all of the following are true:
When these conditions are met, the browser presents multiple cookies to each application, which produces unpredictable browser behavior, such as displaying the sign-in page or a page expiration message. For this property, specify a validation type of Boolean and enter one of these property values: True: The portal checks for sets of duplicate cookies. When a duplicate is found, the user is taken back to the sign-in page with this message: “Your browser sent multiple sets of cookies.” You can change the text of this message by editing number 107 in the errors.properties file of the portal site. False: The portal doesn't check for sets of duplicate cookies. This is the default setting, which applies when this property isn't specified. To avoid this issue altogether with applications that don't use single signon functionality, make sure that you specify authentication domains that aren't subsets of each other, such as .user.example.com and .corp.example.com. |
| EnableAutocomplete |
This property, although not displayed, enables AJAX features associated with auto-complete. For this property, specify a validation type of Boolean and enter false as the property value to disable auto-complete at the system level. Note: If this property is not set to false, you can control autocomplete through personalizations. |
| EnablePCModal |
Warning! The Oracle-delivered setting is true. Do not change this setting. |
| EnablePNSubscriptions |
As of PeopleTools 8.58, you do not need to explicitly configure the web server for push notifications. The EnablePNSubscriptions custom web profile property is no longer used, and is ignored regardless of its setting. |
| FocusOnList |
Use the FocusOnList property to change the behavior of the cursor after retrieving search results on classic component search pages only. The default behavior is to set the cursor focus on the first search criteria field after search results are returned (the equivalent of setting this property to false). Add this property and set it to true to set the cursor focus on the first search result within the list of results returned. |
| IDDA |
Use the IDDA property to enable the Instrumented Development Diagnostic Aid (IDDA) logger and specify the what is logged as an integer value. See Enabling IDDA Logging for more information. |
| InPortalContext |
Use the InPortalContext property to determine whether to maintain the context of the portal system when navigating to remote content provider system links provided under PeopleSoft Interaction Hub’s PeopleSoft menu (that is, links such as Financials Supply Chain PT8.4x, Human Resources PT8.4x, and so on). “Maintaining the portal context” means that the menu of the portal system is displayed when navigating to these links rather than the menu of the content provider system. Specify one of these values:
|
| mutualAuth |
This property, although not displayed, controls whether your environment is set up for mutual authentication. The default value is True. Note: If you are using Lightweight Directory Access Protocol (LDAP) authentication, you must use the default setting. If you are not using LDAP authentication, a Java exception error caused by a failure to retrieve a certificate property may appear in your webserver log. If this occurs, you must change this value to False to disable the authentication from trying to retrieve the certificate property. |
| noDefaultSignonForWorkflow |
Use the noDefaultSignonForWorkflow property to control whether a user sees the default signon page after clicking a workflow link. When noDefaultSignonForWorkflow is set to true, the system disables Public Access for workflow notification URLs. By default, noDefaultSignonForWorkflow is set to False. See the following table for information related to the behavior of this setting. Note: This property applies to worklist URLs, not all workflow URLs. Only the URLs that contain a /w/ use this property. |
| parallelLoading |
The parallelLoading property enables parallel pagelet loading on classic homepages, dashboards, and WorkCenters, which improves the performance of these pages. Note: Beginning with PeopleSoft 9.2 applications, this property is set to true in the configuration.properties file. However, pagelets with global variables should not be loaded in parallel; such pagelets must be loaded sequentially. When the parallelLoading property is set to true, you must also add the BGLOBALVALUES content reference attribute to the content reference definition for each pagelet that includes global variables; set the BGLOBALVALUES attribute to true. Then, these pagelets will be loaded sequentially while all other pagelets will be loaded in parallel. |
| PPMConsole |
This property, although not displayed, enables you to launch an interface for viewing diagnostic information related to agents and PPMI clients. The default value is False. |
| psback_unencoded_d |
By default, the psback cookie has encoded delimiters; this is the web server default when psback_unencoded_d is undefined. However, in a clustered environment that includes mixed PeopleTools versions, you may need to allow unencoded delimiters in the psback cookie. If your mixed clustered environment includes any PeopleTools 8.53 or earlier releases, PeopleTools 8.54.20 or earlier, or PeopleTools 8.55.02 or earlier, you will need to allow unencoded delimiters by adding the psback_unencoded_d custom property to the active web profile on each system in the clustered environment:
|
| ps_theme |
Add the ps_theme custom property (type = String) to identify the default local node for the designated portal (or hub) system in a clustered environment. The ps_theme property is defined on content provider systems only for routing push notifications in a clustered environment or to enforce branding assignments configured on the PeopleSoft Interaction Hub gateway system. Use the following format to set the value of this cookie: For example: Important! The ps_theme property is generated automatically when Automated Configuration Management (ACM) is used to configure a clustered environment. In addition, the property can be manually configured in the Configure Unified Navigation Center on the designated portal system. |
| Repost |
Use the Repost custom property to identify a specific “punchback” (or callback) URL that a third-party site can use to bypass SameSite requirements for passing cookies. You can define up to 11 repost URLs: Repost, Repost1, Repost2, ... Repost10. Specify the punchback URL as a string value in the following format: For example, a full PeopleSoft URL includes the site, portal, and node names as follows: The value of this property would be set as follows: See the following section, “Repost URLs for SameSite Exceptions,” for more information on implementing a repost URL. |
| ShowFormFactor |
Use the ShowFormFactor property to enable the Form Factor drop-down list to be displayed on the sign-in page. The default value is false. |
| ss_ |
Use the ss_ prefix to define the SameSite behavior for PeopleSoft cookies. Set the SameSite attribute as one of the following string values:
See the following section, “SameSite Cookie Attributes,” for more information. |
| unauthSessionInterval |
Use the unauthSessionInterval property to set session time-out (in seconds) during the authentication process. The default value is 120 seconds. The purpose is to limit the effectiveness of denial-of-service attacks on failed authentications. To determine the proper time for this property, check the time in seconds that it takes to send an HTTP(S) request from the browser to the web server and multiply the result by 2. |
SameSite Cookie Attributes
Use the ss_ prefix to define the SameSite behavior for PeopleSoft cookies as a custom web profile property. Browsers have implemented the SameSite attribute to help prevent cross-site request forgery (CSRF) attacks. Add the ss_ prefix to the exact cookie name or use * as a wildcard to match one or more cookies. For example:
ss_PS_TOKEN would set the SameSite attribute for the PS_TOKEN cookie.
ss_PS_LOGIN* would set the SameSite attribute for all cookies beginning with PS_LOGIN, which would include the PS_LOGINLIST cookie.
Set the SameSite attribute as one of the following string values:
|
Field or Control |
Definition |
|---|---|
| Strict |
Send the cookie in first-party contexts only; the cookie is not sent in requests initiated by third-party websites. Note: Strict is the default for all PeopleSoft cookies. |
| Lax |
Do not send the cookie on normal cross-site sub-requests (for example to load images or frames into a third party site); however, do send the cookie when a user is navigating to the originating third-party site (for example, when following a link). |
| None |
Send the cookie in all contexts: in response to both first-party and third-party requests. The Secure attribute must also be set when the SameSite attribute is set to None; otherwise, the browser will reject the cookie. See Configuring Cookie Rules for more information. |
You cannot change the SameSite attribute for PeopleSoft cookies created and maintained in JavaScript, which includes IOSFULLSCREEN, psback, PS_DEVICEFEATURES, ps_theme, and PS_TOKENEXPIRE. The SameSite attribute for these cookies is set to Strict. In addition, the session cookie is maintained by WebLogic and its SameSite attribute cannot be set as a custom web profile property.
Repost URLs for SameSite Exceptions
Use the Repost custom property to identify a specific “punchback” (or callback) URL that a third-party site can use to bypass SameSite requirements for passing cookies. You can define up to 11 repost URLs: Repost, Repost1, Repost2, ... Repost10. See the preceding discussion on how to set the string value of the Repost custom property. Typically, punchout/punchback integration is implemented for B2B e-commerce scenarios, such as procurement from a third-party website and so on.
In addition to defining
the Repost custom property, you must also update the PeopleCode that
generates the punchback URL by appending ?&cmd=Repost. For example:
&rec.PB_URL.Value = GenerateScriptContentURL(%Portal, %Node, Record.WEBLIB_PB_DC, Field.PB_ISCRIPT_LIB, "FieldFormula", "IScript_DCCatcher") | "?&cmd=Repost";Finally, you must decode the input parameters received in the punchback operation. For example:
Declare Function URL_Decode PeopleCode FUNCLIB_PORTAL.PORTAL_GEN_FUNC FieldFormula;
&CXML_URLENCODED = %Request.GetParameter("cxml-urlencoded");
&CXML_URLENCODED = URL_Decode(&CXML_URLENCODED);
&CXML_BASE64 = %Request.GetParameter("cxml-base64");
&CXML_BASE64 = URL_Decode(&CXML_BASE64);
noDefaultSignonForWorkflow Property
This table describes the behavior of the system based on the noDefaultSignonForWorkflow setting.
|
Configuration |
User Session |
User Action |
System Behavior |
|---|---|---|---|
|
Public user access (default signon) is enabled and the custom web property “noDefaultSignonForWorkflow” is set to true. |
The user has no session with the system. |
The user clicks a workflow notification URL in the email. |
The system displays the sign-in page to the user. Once the user signs in to the system with a valid user ID and password, the system takes the user to the workflow notification based on the user profile privileges. |
|
Public user access (default signon) is enabled and the custom web property “noDefaultSignonForWorkflow” is set to true. |
The user already holds a valid session with the system through the public access. |
The user clicks a workflow notification URL in the email. |
Because the user already has a valid session, the system takes the user to the workflow notification. If the public access user profile does not have workflow privileges, the system displays an authorization failure page to the user. |
|
Public user access (default signon) is enabled and the custom web property “noDefaultSignonForWorkflow” is set to true. |
The user is already signed in to the system with a valid user ID and password (other than default sign-in) |
The user clicks a workflow notification URL in the email. |
The system takes the user to the workflow notification based on the user profile privileges. |
|
When the public user access (default signon) is enabled and the custom web property “noDefaultSignonForWorkflow” is set to false. |
Any |
Any |
The system behaves as configured. |
|
When the public user access (default signon) is disabled and the custom web property “noDefaultSignonForWorkflow” is set to false/true. |
Any |
Any |
The system behaves as configured. |
Note: If the public user does not have workflow privileges, then close the existing public user session (browser) before clicking the workflow link.
See PeopleSoft Sign In and Viewing Monitor Servlet Diagnostics.
Access the Web Profile History page. (Select .)
Image: Web Profile History page
This example illustrates the fields and controls on the Web Profile History page.
Use this page to review the current portal attributes of a web server, website, and web profile, including the web server's HTTP and HTTPS listen ports, the web profile that was last loaded, and the current HTTP session's cookie name and authentication domain.
In addition, the Properties field displays the relevant settings of the web server instance at the time it was loaded by the portal.