Moving to

I have moved all my PeopleSoft blogging efforts over to . Together with Dan Iverson, we will be posting on the PeopleSoft Administrator topic. We are also creating a podcast, which we are really excited about. I will be leaving this blog up as long as there is still traffic coming here, but I won't be adding any new content. Thanks for reading!

PeopleTools 8.55 PeopleBooks Posted?

Tonight I have been doing some research on Query Access Service. This is the cool new tool that gives us access to Query through REST. Like most of you who have played with it, the first thing I wanted to do is see how I could return the results in JSON. In my initial search of a few blogs posts( thanks as always, Jim! ), I quickly discovered this is not possible in 8.54. However, I did a little more searching and found some references to an option to add json_response to the end of your Query, returning JSON! I quickly realized I was looking the new 8.55 PeopleBooks. I haven't seen any mention of this released yet. Should I be looking at this? 8.55 PeopleBooks QAS and JSON QAS_EXECUTEQRY_REST_GET json_response Enter  true  for JSON response type; enter  false  for standard XML response. If no v

Reconnect 2015

You know it is the heart of summer when Reconnect comes around! I'm looking forward to some good sessions in Chicago, but this year I'll also be presenting. I will once again be talking virtual cards at session "Implementing a Virtual Card Payment Method" - Thursday, 8 am at Paris. Then Thursday 10:30 am at DaVinci I will be presenting "Simplify Security Requests with Forms and Approval Builder". I hope to see you there!

Disabling PS_TOKEN with PSEatCookies Filter

As many of you have probably heard, there has been much discussion over the past few weeks regarding vulnerabilities in PeopleSoft's PS_TOKEN. The talk all started after a presentation from ERPScan , which basically said that a PeopleSoft node's password can be gained by brute force against a PS_TOKEN. This would allow someone to generate their own PS_TOKEN for any userid. Now, word is the Oracle plans to bump up it's SHA-1 salted encryption with PeopleTools 8.55. However, it is probably a long ways out before most of us get to 8.55. And when we do get there, who's to say how long this new encryption will be considered secure?  One option is to simply disable the PS_TOKEN, and therefore prevent this vulnerability altogether! The problem is, PeopleSoft does not give us the option to disable it. I decided to come up with a proof of concept for a custom solution to this issue. I wrote a Java servlet filter, called PSEatCookies, that will prevent a PS_TOKEN, or any othe

Alliance 2015

It is hard to believe that Alliance 2015 is only a few weeks away. I'm very excited for the opportunity to be in Nashville and see some great sessions! I'm also excited to be presenting a mini session this year. If you are interested in the Procure-to-Pay track and have the time in your schedule, please check out my session on Monday, March 16th at 4:30pm in Ryman Studio PQR. My session is titled Implementing a Virtual Card Payment Method , and I'll be discussing Hennepin County's recent implementation of a virtual card program utilizing Financial Gateway. It will be a mix of functional and technical topics, so I hope to see you then!

Online Journal Edit and Budget Checking in 9.2

If you are upgrading to 9.2 you should be aware of a change to how Journal Edit and Budget Checking is run when kicked off online. Previously when you brought up a Journal online and initiated a Journal Edit, an App Engine would be kicked off on the Process Scheduler. Starting in 9.2, this Application Engine is now running on the App Server. With this approach there is the potential for the AE to timeout depending on your app server settings - often this is set to 5 minutes. If this timeout occurs, then you will be logged out of your session and the Journal will be left stuck somewhere in the middle of the process. At that point you would need to come up with some SQL to reset flags and other data in order to process again. In general, this process should finish rather quickly so you shouldn't have to worry. But there are two scenarios in which you may find yourself butting up against the timeout limit: Processing a Journal with a vary large number of lines, especially lines

Testing the PeopleSoft File Attachment Framework

I am in the progress of setting up PeopleSoft File Attachments using an HTTP Repository.  I wanted to do some testing of this new configuration, and I found that there is a delivered testing utility. It is nothing special, but it does the job of quickly validating that things are working.  Note: If you are using a URL Id, make sure you add the "URL." prefix. It won't work if you leave this off.