PTIBUPGRADE.dms – huh?

When doing the upgrade the upgrade template has you modify the  PTIBUPGRADE.DMS script and you are to set it according to your environment but if you are like most people you won’t have a clue what to set in the script. This script I believe occurs if you are upgrade from anything before 8.49, but that is somewhat unclear from what I have read.  I know I have been encountering this dms for years now and everytime I just shake my head.

Here is what it says: “Edit PS_HOME\SCRIPTS\PTIBUPGRADE.DMS and make the necessary modifications as documented in the script. User level node security and transactional security have been added as of PeopleTools 8.48. Service namespace information, a low-level user on the node, and a low-level permission list for service operations, need to be specified. Consult with your Integration Broker specialist for assistance.”

Most likely you are considered the IB specialist so that is why you are now reading this post.


Firstly, the script is a tools base script so you will want to look for it in your PS_HOME\scripts directory.


Default Namespace – This is based on the XML standard “XML namespaces provide a simple method for qualifying element and attribute names used in Extensible Markup Language documents by associating them with namespaces identified by URI references” see http://www.w3.org/TR/1999/REC-xml-names-19990114/. When IB generates WSDL, SOAP messages we refer to the namespace provided in the service , during the upgrade all the service’s that are created are assigned to this namespace.  Interestingly there is no validation done against this namespace value, and it does not even have to be an HTTP URL,  however, it is a best practice to name one.

Finance: http://xmlns.oracle.com/Enterprise/ERP/services

HRMS: http://xmlns.<yourcomanyname>.com/Enterprise/HCM/services

 


Default UserID – Starting with 8.48 PeopleTools an inbound service operation can be invoked as a particular user , previously it was the user assigned in integrationGateway.properties.

The user assigned should have permissions to all messages and CI’s.

Finance: VP1  (or a customized user id that has similar permissions)

HRMS: PS (or a customized user id that has similar permissions)

 

 


Permission list – IB has now introduced user based security to follow the Peoplesoft security model, by assigning services to permission lists, assigning permissions to roles, and assigning roles to users who in turn invoke the service. All services created during the PeopleTools upgrade will be assigned this permission list:

Finance: PTPT1000

HRMS: HCPPALL

 

IB – Loading Gateway using SSL link fails

When configuring your PeopleSoft environment to use Integration Broker using a secure gateway, sometimes you will get a messaging telling you that the gateway connectors cannot be loaded.  If you use the http:// address it will work but as soon as you use the https:// link it fails to load.

If you check the application server logs, you will most likely find a message:

PSJNI: Java exception thrown: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Untrusted Server Certificate Chain

This is assuming that you have the SSL certificate installed in the keystore correctly and you are able to get to the PIA site using the https address without issue.  The root certificate associated with your SSL certificate is not in the certificates stored within PeopleSoft.  If you navigate to:  PeopleTools > Security > Security Objects > Digital Certificates, you can click on a + link and select a root ca, and then give it a description, refresh the page and then click on the import link, next you need to insert your certificate data for each root certificate.  There are several ways to get the root ca certificate, just note that you may need to insert the intermediate certificates as well.