Professional Documents
Culture Documents
1
Safe Harbor Statement
• PS_TOKEN.
• Domain
• End of session
• Data Field (base
64 encoded
Token)
• Default Local
Node
• Password/Cert
• Node Type
• URIs
• Trusted Nodes
Remote Node
name
• Password
Sync
PSFT_CP PSFT_PA
Remote Node Remote Node
Password=CANODE Password=PANODE
URI=CP Database URI=PA Database
Trusted Node Trusted Node
Scenario 1
No Password defined for the Default Local Node of Portal in the
Portal database. (Authentication option set to None)
Result 1
Control will be redirected to the signon page and the error “Your
User ID and/or Password are invalid.” will be displayed
Resolution 1
Password needs to be set on Default Local Node and the
password needs to match the remote node in Content provider.
Scenario 2
Password defined for portal Remote Node in content provider does
not have a password, or the password does not match the one in
portal
Result 2
Control will be redirected to the signon page and the error “Your
User ID and/or Password are invalid.” will be displayed
Resolution 2
Password need to match exactly between the two environments,
Portal and content provider nodes
Scenario 3
Default Local Node of portal is not defined as a trusted node in the
content provider
Result 3
Control will be redirected to the signon page and the error “Your
User ID and/or Password are invalid.” will be displayed
Resolution 3
• Default Local Node of portal should be defined as a trusted node in
content provider
• Navigate to Peopletools > Security > Security Objects > Single
Signon to add a trusted node (8.4 and above)
• Navigate to Peopletools > Maintain Security > Setup > Single Signon
(8.1x)
Scenario 4
Userid exists in Portal but not in the content provider
Result 4
Control will be redirected to the signon page and the error “Your User ID
and/or Password are invalid.” will be displayed
Resolution 4
Userid need to match in both the environment for single signon to work
successfully.
Result 5
The following error would be displayed in pagelets or target pages.
“STR_PCMINVPORTAL: Invalid portal name EMPLOYEE in
request. Portal not defined. Unable to process request with an
invalid portal.”
Resolution 5
Make sure that the Hosted by node of portal is defined as a remote
node in the content provider with the URL pointing back to portal
Scenario 6
If both the portal and the content provider share the same
webserver or if the PIA sitename is mismatched (typo/case)
Result 6
The port would get flip flopped and would give error “cannot
open http://url….configuration.properties
java.lang.NullPointerException”
Resolution 6
1. Move one web server to a different machine.
2. Add a second DNS entry for the web server in the same domain.
3. Set the defaultPort and defaultScheme or In 8.44+, the Default
Addressing on the Virtual Addressing tab of the Web Profile on
both systems.
4. Fix the PIA sitename.
Scenario 7
Node name not properly used while creating the Content
Reference (CRef)
Result 7
“Authorization Error -- Contact your Security Administrator”
Resolution 7
Make sure to use the content provider node or a node with the
same URI value while creating a CRef. If any other local node is
used, it will result in the authorization error.
Scenario 8
Content provider node defined as a local node in portal instead
of Remote note
Result 8
“You are not authorized to access this component”
Since the node is local, the component is being looked up in
portal and it doesn’t exist there.
Resolution 8
Content Provider node should always be a remote node and not a
local node in portal.
Scenario 9
Node URI value is case sensitive
Result 9
“This is not a valid site. The site name is case sensitive.“ error message
is seen in PIA window.
Resolution 9
This error can be resolved by using the proper case for the PIA
SiteName in the URI value of your Node Definition.
For example, if a customer is using
http://server.company.com/psc/epprd/ in the URI value, but the
actual URL value when you navigate to the site is
http://server.company.com/psc/EPPRD/ it will cause this error.
• For 8.1x PeopleTools, it has been noted that there can only be a
7-character password on the nodes max (so corresponding
nodes must be the same as well).
• If the AuthTokenDomain wasn't setup when PIA was installed
(on either the content provider or the portal) then typically we see
expiration issues with the content provider. Thus you get the
signon screen. This is because customers add the
AuthTokenDomain to the webprofile, but fail to add the domain to
the webserver's configuration. When seeing single signon
related expiration issues, that you check the weblogic.xml for the
session cookie domain and if it's not there, re-run the PIA install.
Check this for the portal and all web server content providers.