E-SEC: External SSO with SetAuthenticationResult Does Not Reset PS_TOKEN

(Doc ID 649234.1)

Last updated on NOVEMBER 07, 2017

Applies to:

PeopleSoft Enterprise PT PeopleTools - Version 8.1 and later
Information in this document applies to any platform.


Still have questions after reading this document? Please post a question to our community: PeopleTools Community

Customer is in the process of implementing an external SSO solution for all  web-based application (PeopleSoft and non-PeopleSoft).  They have gotten it to work successfully using signon PeopleCode and the SetAuthenticationResult function.  Their current configuration uses a "public" enterprise portal instance (using bypass signon) which has a custom external auth pagelet activated on the guest page (running under a "guest" account).  When the user initiates an external authentication request, they are able to log that user into the application, but the browser's PS_TOKEN is not reset with the new userid which was supplied to the SetAuthenticationResult function.  The PS_TOKEN value is still associated with the bypass signon account (guest).  So when the user attempts to navigate to any trusted PS content within the secured enterprise portal, they are given an invalid ID/Password error message because the "guest" account does not exist in any of the content provider databases.  They are also noticing that once the user is authenticated into the portal that the tuxedo client status screen within PSADMIN still shows the user as being logged into the application as the "guest" account, even though there has been an entry made in the PSACCESSLOG for the proper authenticated account, as well as an entry in the application server log showing the successful authentication of the user.  


Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms