E-SEC: External SSO with SetAuthenticationResult Does Not Reset PS_TOKEN
Last updated on NOVEMBER 07, 2017
Applies to:PeopleSoft Enterprise PT PeopleTools - Version 8.1 and later
Information in this document applies to any platform.
Customer is in the process of implementing an external SSO solution for all web-based application (PeopleSoft and non-PeopleSoft). They have gotten it to work successfully using signon PeopleCode and the SetAuthenticationResult function. Their current configuration uses a "public" enterprise portal instance (using bypass signon) which has a custom external auth pagelet activated on the guest page (running under a "guest" account). When the user initiates an external authentication request, they are able to log that user into the application, but the browser's PS_TOKEN is not reset with the new userid which was supplied to the SetAuthenticationResult function. The PS_TOKEN value is still associated with the bypass signon account (guest). So when the user attempts to navigate to any trusted PS content within the secured enterprise portal, they are given an invalid ID/Password error message because the "guest" account does not exist in any of the content provider databases. They are also noticing that once the user is authenticated into the portal that the tuxedo client status screen within PSADMIN still shows the user as being logged into the application as the "guest" account, even though there has been an entry made in the PSACCESSLOG for the proper authenticated account, as well as an entry in the application server log showing the successful authentication of the user.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms