Security Options
Use the Security section to set an additional layer to the sign-in process.
Use this option to set an additional level of authorization-checking to be performed at the database level. Enter 1 to enable this option, and enter 0 to disable it.
With this option disabled, if a PeopleSoft user attempts to connect to an application server, the application server ensures that the user's PeopleSoft user ID and password exist on PSOPRDEFN. If it does not exist, the request to connect fails. This is PeopleTools-level authentication.
With this option enabled, the application server first attempts to connect to the database by using the user ID and password as part of the database connection string. If the authorization is successful, it disconnects, and then the normal PeopleSoft sign-in procedure occurs.
With this option enabled, to connect successfully to the database, the user must be defined on either the operating system or the database and within PeopleSoft.
Note: For Db2 for z/OS, the user ID and password must be defined as z/OS user logon IDs.
The domain connection password adds an extra layer of security between the application server domain and any connections made to it. This password enables you to further prevent unauthorized clients from establishing connections to an application server domain. It is recommended to use PSADMIN to update this value. The value can be up to 30 characters.
All domains, PeopleSoft Pure Internet Architecture, and three-tier workstations used for a particular database, must use the same domain connection password.
Note: It is not required to add a domain connection password. It is an additional security layer for use if desired. If you add or change this value in the domain configuration, you must also update any PeopleSoft Internet Architecture sites and three-tier Windows workstations to reflect the new password expected by the application server domain.
For the PeopleSoft Internet Architecture configuration, you enter the password in the configuration.properties file using the same setting, DomainConnectionPwd.
For a three-tier Windows workstation connection, you enter the password in the Configuration Manager profile using the Domain Connection Password field on the Database/Application Server tab of the Edit Profile dialog box.
See Tracking User Sign-In Attempts for description of this parameter.
Users can use the Actions menu on any fluid page to add an ad hoc tile to a selected fluid homepage, the NavBar, or the My Favorites section of the NavBar. When users select one of the “Add to” (or pin) actions, the request is accompanied by a default security check to prevent an unauthorized user from pinning or adding a page or web site to a homepage, NavBar, favorites or dashboard.
You can disable this security check by adding the AddTo SID setting to the psappsrv.cfg file. If you do not add the setting to psappsrv.cfg, the default security check will remain in effect.
To disable the security check:
Open the psappsrv.cfg file for editing and locate the Security section.
Add this line to the end of the section:
AddTo SID Test=NNote: You must enter the text exactly as shown. The only allowable parameters are “N” and “n”. For example, entries such as
AddTo SID Test=orAddTo SID Test=Falseare invalid and will not disable the security check.This example shows the Security section after editing:
[Security] ;========================================================================= ; Security settings ;========================================================================= Validate Signon with Database=0 DomainConnectionPwd=xxxxxxxxxxxxxx ; Enable/Disable Login Audit ; Y - Enable Login Audit (Default) ; N - Disable Login Audit Enable Login Audit=Y AddTo SID Test=NRestart the application server.
Note: This is not a dynamic flag. You must restart the application server for a new setting to take effect.