FSCM External Punchout – Extremely slow

Smart Panda - Oracle DevelopmentIn one of my clients Oracle Managed Cloud Services environments which is extremely locked down, they were experiencing terrible performance issues trying to go to WB Mason’s external punchout site.  It was taking upwards of 5 minutes to return the catalog pages.

Something was CLEARLY wrong. In this case it was DTD – and what is DTD?  Well, document type definition of course – which is a set of markup declarations that define a document type for an SGML-family markup language (SGML, XML, HTML). A Document Type Definition (DTD) defines the legal building blocks of an XML document. It defines the document structure with a list of legal elements and attributes. A DTD can be declared inline inside an XML document, or as an external reference. XML uses a subset of SGML DTD. As of 2009, newer XML namespace-aware schema languages (such as W3C XML Schema and ISO RELAX NG) have largely superseded DTDs. A namespace-aware version of DTDs is being developed as Part 9 of ISO DSDL.[2] DTDs persist in applications that need special publishing characters, such as the XML and HTML Character Entity References, which derive from larger sets defined as part of the ISO SGML standard effort. (Yes, I cut and pasted that from wikipedia DTD page )

So basically the cXML of the external punchout is trying to validate against an external reference which the application server is not allowed to go to because of firewall restrictions. In this case because the only items we had validating were these valid external punchout sites, it seemed logical to turn off DTD validation! Which you can do since 8.49 PeopleTools. The version my client is on is 8.54, so it turns out that it is really easy in 8.54 to turn off DTD validation.

In the Web Integration Broker Gateway configuration (integrationgateway.properties) file, there is a setting for DTD Validation, simply change this to “false” from “true” and reboot the web server and what was once extremely slow is now returning in fractions of a second.

There are other ways to work around this issue, but this is a relatively quick item you can test to validate if DTD is causing your performance issues.

PTIBUPGRADE.dms – huh?

When doing the upgrade the upgrade template has you modify the  PTIBUPGRADE.DMS script and you are to set it according to your environment but if you are like most people you won’t have a clue what to set in the script. This script I believe occurs if you are upgrade from anything before 8.49, but that is somewhat unclear from what I have read.  I know I have been encountering this dms for years now and everytime I just shake my head.

Here is what it says: “Edit PS_HOME\SCRIPTS\PTIBUPGRADE.DMS and make the necessary modifications as documented in the script. User level node security and transactional security have been added as of PeopleTools 8.48. Service namespace information, a low-level user on the node, and a low-level permission list for service operations, need to be specified. Consult with your Integration Broker specialist for assistance.”

Most likely you are considered the IB specialist so that is why you are now reading this post.

Firstly, the script is a tools base script so you will want to look for it in your PS_HOME\scripts directory.

Default Namespace – This is based on the XML standard “XML namespaces provide a simple method for qualifying element and attribute names used in Extensible Markup Language documents by associating them with namespaces identified by URI references” see http://www.w3.org/TR/1999/REC-xml-names-19990114/. When IB generates WSDL, SOAP messages we refer to the namespace provided in the service , during the upgrade all the service’s that are created are assigned to this namespace.  Interestingly there is no validation done against this namespace value, and it does not even have to be an HTTP URL,  however, it is a best practice to name one.

Finance: http://xmlns.oracle.com/Enterprise/ERP/services

HRMS: http://xmlns.<yourcomanyname>.com/Enterprise/HCM/services


Default UserID – Starting with 8.48 PeopleTools an inbound service operation can be invoked as a particular user , previously it was the user assigned in integrationGateway.properties.

The user assigned should have permissions to all messages and CI’s.

Finance: VP1  (or a customized user id that has similar permissions)

HRMS: PS (or a customized user id that has similar permissions)



Permission list – IB has now introduced user based security to follow the Peoplesoft security model, by assigning services to permission lists, assigning permissions to roles, and assigning roles to users who in turn invoke the service. All services created during the PeopleTools upgrade will be assigned this permission list:

Finance: PTPT1000