IB – SFTPTARGET Connector Not Invoking

Smart Panda - Integration GearIntegration Broker – SFTP Target Connector

By default PeopleSoft delivers a series of connectors in the Integration Gateway to handle files in various ways. One of which is Secure File Transfer Protocol (SFTP).  While working on a new environment I ran into a testing error where the Integration Broker went to an error status after trying to invoke an SFTP Target.

It turns out that there is a Service Operation called:  INVOKE_SFTP.  This service operation is called to handle requests through the SFTP Target.  The error I was receiving was related to the OnRequestHandler, and sure enough the handle on the INVOKE_SFTP Service Operation was inactive.  After changing that to Active everything started working perfectly. It should also be noted that there needs to valid active routing on the Service Operation in order for it to process correctly.

 

Oracle SES – Permissions & IB Setup

Well, I have just had my first full exposure to the glory they call Oracle Secure Enterprise Search!  All I can say is damn, that was NOT easy.

The documentation is pretty good that I found, and maybe it is easier on a fresh install but I was doing the setup on an existing environment that I had just upgraded.  The upgrade was for Finance from 8.9 to 9.2.  In the 9.2 application VERITY is no long supported, and the PeopleSoft Search Framework only supports Oracle Secure Enterprise Search (O-SES).  The first trick is to download it from edelivery and in my case I installed the software on my batch processing server.  This install will install a full Oracle database with a webservice that by default runs on port 7777.  There is a bunch of setup that needs to be done to get this working, but the documentation I had for the install was very good for this part.

Some of the next parts I thought were a little difficult to follow, and so the first item is, I used my system start user as my main user, and made sure it had the following roles:

Search Administrator, Search Developer, Search Query Administrator, Search Server

I also have a custom permission list that this user has access to and I made sure that the permission was assigned the search group: PTPORTALREGISTRY.  This appears to be a new security element in the permission lists.

The new Search Framework uses a ton of IB service operations to do all of its work, and one element you need to do is set the Portal Content & Portal URI text fields on the Node for all the local nodes, otherwise the search results will return incorrect content reference paths (extra:  don’t forget the “/” at the end of the URI).

Now, I also inactivated all my integration broker routings for the default local node after the upgrade so no IB would unnecessarily be taking place.  This might have been a bad idea, but old habits are hard to break.  Since O-SES uses the IB for its Search Framework, the following Service Operations need to be active with the routing turned on!

Service: PT_SES – Service Operation: PT_SES_CREF_GET, PT_SES_USERSEC_GET, PT_SES_INIT,

Service: PTSF_META_DATA: Service Operation: PTSF_GET_GROUP_CAT_LBLS, PTSF_GET_SRCH_CAT_DET, PSFT_GET_SRCH_GROUPS

Service: PTSF_SECURITY: Service Operation: PTSF_AUTHENTICATEUSER, PTSF_GETSECATTRVALUES, PTSF_GETUSERROLES, PTSF_POSTPROCESS_FILTER, PTSF_VALIDATESRCHUSER, PTSF_VALIDATEUSERROLE,

Service: PTSF_SES_FEED – Service Operation: PTSF_CRAWLER_CFG, PTSF_SES_CRAWLSTATUS, PTSF_SES_GET_CONTROL_FEED, PTSF_SES_PROCESS_ERRS, PTSF_SES_SCHEDULED_FEED

Service: ADMINSERVICE:  Service Operation: CREATE, CREATEALL, DELETE, DELETEALL, EXPORT, EXPORTALL, GETAPIVERSION, GETSTATE, START, UPDATE, UPDATEALL

Service: PTFP_FEED – Service Operation: PTFP_GETPREPUBFEED  (not 100% sure on this one, but I turned it on along the way).


Make sure you add the PTPORTALREGISTRY to the Home Page Context Type, I added mine and made it default.  I also found that I was getting no returns and then after a day of thinking about things I tried again and everything appeared to be working fine.  I believe that the system was bounced web and app during that time, so if all else fails that might work!


Good Luck!

PT_AMM_WF – Sending Notifications to Everybody

I got a note from a client the other day saying that they were randomly sending out a lot of messages when Integration Broker failed to send a message.

It turned out that they had the Error Notification Integration Broker process turned on, which notifies everybody with the role APP_MSG_ADMINSITRATOR that an error has occurred. However, since this is workflow based if you look at the role under the security area, there is a workflow tab, and by default this role uses a query based workflow routing.  The base routing is Query: _ROLE_APP_MSG_ADMINISTRATOR, and if you dig into this you will find that everybody that has access to a web services (entry on PSAUTHWS table) will get notified.

In order to route the messages strictly to the administrators assigned to the role APP_MSG_ADMINISTRATOR, turn off the use query to route workflow in the role configuration.  PeopleTools -> Security ->Permissions & Roles -> Roles – tab WORKFLOW.

 

IB – Loading Gateway using SSL link fails

When configuring your PeopleSoft environment to use Integration Broker using a secure gateway, sometimes you will get a messaging telling you that the gateway connectors cannot be loaded.  If you use the http:// address it will work but as soon as you use the https:// link it fails to load.

If you check the application server logs, you will most likely find a message:

PSJNI: Java exception thrown: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Untrusted Server Certificate Chain

This is assuming that you have the SSL certificate installed in the keystore correctly and you are able to get to the PIA site using the https address without issue.  The root certificate associated with your SSL certificate is not in the certificates stored within PeopleSoft.  If you navigate to:  PeopleTools > Security > Security Objects > Digital Certificates, you can click on a + link and select a root ca, and then give it a description, refresh the page and then click on the import link, next you need to insert your certificate data for each root certificate.  There are several ways to get the root ca certificate, just note that you may need to insert the intermediate certificates as well.