0% found this document useful (0 votes)

3K views221 pages

Banner General Middle Tier Implementation Guide

Banner General Middle Tier Implementation Guide. Release 8.3 October 2010 (Revised)

Uploaded by

Patricio Gutierrez

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

3K views221 pages

Banner General Middle Tier Implementation Guide

Banner General Middle Tier Implementation Guide. Release 8.3 October 2010 (Revised)

Uploaded by

Patricio Gutierrez

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 221

Banner General

Middle Tier Implementation Guide

Release 8.3
October 2010 (Revised)

Trademark, Publishing Statement and Copyright Notice

SunGard or its subsidiaries in the U.S. and other countries is the owner of numerous marks, including SunGard, the SunGard logo,
Banner, PowerCAMPUS, Advance, Luminis, DegreeWorks, fsaATLAS, Course Signals, and Open Digital Campus. Other
names and marks used in this material are owned by third parties.
2005-2010 SunGard. All rights reserved.
Contains confidential and proprietary information of SunGard and its subsidiaries. Use of these materials is limited to SunGard Higher
Education licensees, and is subject to the terms and conditions of one or more written license agreements between SunGard Higher
Education and the licensee in question.
In preparing and providing this publication, SunGard Higher Education is not rendering legal, accounting, or other similar professional
services. SunGard Higher Education makes no claims that an institution's use of this publication or the software for which it is provided will
insure compliance with applicable federal or state laws, rules, or regulations. Each organization should seek legal, accounting and other
similar professional services from competent providers of the organizations own choosing.

Prepared by: SunGard Higher Education

4 Country View Road
Malvern, Pennsylvania 19355
United States of America

Customer Support Center Website

http://connect.sungardhe.com

Documentation Feedback
http://education.sungardhe.com/survey/documentation.html

Distribution Services E-mail Address

[email protected]

Revision History Log

Publication Date

Summary

December 2009

New version that supports Banner General 8.3 software

January 2010

Revised version that includes support for Banner Web Tailor 8.3.

January 2010

Revised version to correct defect 1-AIBJS7.

July 2010

Revised version to address multiple documentation defects.

October 2010

Revised version with Oracle Middleware 11g updates and T&E and ERLR updates.

Banner General 8.3

Middle Tier Implementation Guide

Contents

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Single Sign-On through Banner Enterprise Identity Services . . . . . . . . . . . . 9
Oracle Database 11g . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Chapter 1

Configuring Internet-Native Banner

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Configuration Steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Step 1 Change SEED Numbers and Regenerate Banner Forms. . . . . . . . . . 13
Step 2 Verify Oracle Environment for Forms Deployment . . . . . . . . . . . . . 14
Step 3 Transfer Jar Files to INB Server. . . . . . . . . . . . . . . . . . . . . . . 15
Step 4 Transfer bannerid.jar File to Reports Server . . . . . . . . . . . . . . . . 16
Step 5 Configure Default Settings for INB . . . . . . . . . . . . . . . . . . . . . 17
Step 6 Configure Oracle Environment for INB . . . . . . . . . . . . . . . . . . . 20
Step 7 Configure Banner Online Help . . . . . . . . . . . . . . . . . . . . . . . 21
Step 8 Modify INB Preferences for Online Help Files. . . . . . . . . . . . . . . . 24
Step 9 Modify Font for INB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Step 10 Set up Preferences for Banner ID Images . . . . . . . . . . . . . . . . . 25
Step 11 Verify Oracle Environment for Reports Deployment . . . . . . . . . . . . 27
Step 12 Set up Banner Data Extract . . . . . . . . . . . . . . . . . . . . . . . . 28
Step 13 Configure WebUtil for Saving Data Extract Output . . . . . . . . . . . . 30
Step 14 Configure Oracle Reports for INB . . . . . . . . . . . . . . . . . . . . . 31
Step 15 Modify INB Environment for Oracle Reports (UNIX Only) . . . . . . . . . 34
Step 16 Modify INB Preferences for Oracle Reports . . . . . . . . . . . . . . . . 34
Step 17 Modify the bannerid.jar File . . . . . . . . . . . . . . . . . . . . . . . . 38
Step 18 Modify the banorep.jar File (Optional) . . . . . . . . . . . . . . . . . . . 39
Step 19 Modify the bannerui.jar file (Optional) . . . . . . . . . . . . . . . . . . . 42
Step 20 Modify any signed jar file (Optional) . . . . . . . . . . . . . . . . . . . . 43
Step 21 Create a self signed certificate (Optional) . . . . . . . . . . . . . . . . . 43

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Contents

Step 22 Sign a modified .jar file using the self signed certification (Optional) . . . 44
Step 23 Secure the Reports Server. . . . . . . . . . . . . . . . . . . . . . . . . 45
Step 24 Modify INB Preferences for Job Submission Output . . . . . . . . . . . . 46
Step 25 Modify default.env . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Step 26 Set up for Case-Sensitive Passwords (Optional, 11g Database Only) . . 47
Step 27 Configure Multiple Environments (Optional) . . . . . . . . . . . . . . . . 48
Step 28 Configure Mac Environment (Optional) . . . . . . . . . . . . . . . . . . 49
Step 29 Customize the Color of Required Fields (Optional) . . . . . . . . . . . . 49
Step 30 Configure INB to Display Windows XP Themes (Optional) . . . . . . . . 50
Step 31 Customize Color Scheme for Disabled Text (Optional) . . . . . . . . . . 51
Step 32 Customize Color Scheme for Tabs (Optional) . . . . . . . . . . . . . . . 52

Chapter 2

Configuring Self-Service Banner

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
How to Create a DAD in OAS 10.1.2.x . . . . . . . . . . . . . . . . . . . . . . 57
Configuration Steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Step 1 Set up Your Web Server Files. . . . . . . . . . . . . . . . . . . . . . . . 60
Step 2 Customize Ear Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Step 3 Deploy EAR Files on Oracle Application Server . . . . . . . . . . . . . . 65
Step 4 Set Up Apache httpd.conf for Link Security (Optional) . . . . . . . . . . . 68
Step 5 Review and Customize Global Web Rules . . . . . . . . . . . . . . . . . 68
Step 6 Review and Customize Global User Interface Settings . . . . . . . . . . . 69
Step 7 Review and Customize Graphic Elements . . . . . . . . . . . . . . . . . 70
Step 8 Review and Customize Web Menus and Web Procedures . . . . . . . . . 70
Step 9 Review and Assign Web Roles to Web Menus and Procedures . . . . . . 72
Step 10 Review and Define Links on Menus . . . . . . . . . . . . . . . . . . . . 73
Step 11 Review and Customize Information Text (Info Text) . . . . . . . . . . . . 75
Step 12 Add Credit Card Processing (Optional) . . . . . . . . . . . . . . . . . . 76
Step 13 Customize the Home Page . . . . . . . . . . . . . . . . . . . . . . . . 76
Step 14 Configure the Home Page Menu Items (Optional) . . . . . . . . . . . . . 76
Step 15 Select a User Interface. . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Step 16 Luminis Integration (Optional) . . . . . . . . . . . . . . . . . . . . . . . 77
Step 17 Configure Web Tailor for LDAP Server (Optional) . . . . . . . . . . . . . 77
Step 18 Assign View and Update Privileges for Addresses . . . . . . . . . . . . 79
Step 19 Establish Web User Parameters and Third Party History Information . . . 80

Banner General 8.3

Middle Tier Implementation Guide
Contents

October 2010

Step 20 Set Up Campus Directory Processing . . . . . . . . . . . . . . . . . . . 87

Step 21 Set Up Web E-Mail Address Options . . . . . . . . . . . . . . . . . . . 90
Step 22 Set Up Web Surveys . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92

Chapter 3

Required Tasks for Single Sign-On (SSO) to INB, SSB, and/or Channels
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
About Single Sign-On . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
ID Mappings Between Systems. . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Single Sign-On between Luminis and Banner . . . . . . . . . . . . . . . . . . . 97
Single Sign-On between Luminis and Self-Service Banner. . . . . . . . . . . . . 97
Single Sign-On between Luminis/Channels and Banner . . . . . . . . . . . . . . 98
Single Sign-On and Value-Based Security . . . . . . . . . . . . . . . . . . . . . 99
Implementation Steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Step 1 Create an Encryption Key . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Step 2 Create Entries in LDAP to Store Configuration Values . . . . . . . . . . . 100
Step 3 Configure Parameters using GUAUPRF . . . . . . . . . . . . . . . . . . 102

Chapter 4

Implementing Single Sign-On for Internet-Native Banner

Step 1 Update New Entries in LDAP for INB . . . . . . . . . . . . . . . . . . . . 106
Step 2 Create DADs for Running SSO . . . . . . . . . . . . . . . . . . . . . . . 110
Step 3 Configure your INB Server . . . . . . . . . . . . . . . . . . . . . . . . . 110
Step 4 Verify Configuration Steps in Banner . . . . . . . . . . . . . . . . . . . . 111
Step 5 Configure your Luminis Server . . . . . . . . . . . . . . . . . . . . . . . 113
Step 6 Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
Step 7 (Optional) Set up SSO INB on Macintosh . . . . . . . . . . . . . . . . . . 114

Chapter 5

Implementing Single Sign-On for Self-Service Banner

Step 1 Create Entries in LDAP to Store Configuration Values . . . . . . . . . . . 117
Step 2 Update New Entries in LDAP for SSB. . . . . . . . . . . . . . . . . . . . 119
Step 3 Configure WebTailor for LDAP Server . . . . . . . . . . . . . . . . . . . 121
Step 4 Update WebTailor Parameters . . . . . . . . . . . . . . . . . . . . . . . 123
Step 5 Verify Configuration Steps in Self-Service . . . . . . . . . . . . . . . . . 123
Step 6 (Optional) Create DADs for Running SSO with VBS . . . . . . . . . . . . 125
Step 7 Configure your Luminis Server . . . . . . . . . . . . . . . . . . . . . . . 127
Step 8 Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Contents

Chapter 6

Implementing Luminis Channels for Banner

Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Apply Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Set up Security on GSASECR . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
Perform Required Steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Architectural Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Preparing to Install Luminis Channels for Banner . . . . . . . . . . . . . . . 133
Step 1 Create the Home Directory for Luminis Channels for Banner . . . . . . . . 134
Step 2 Edit the Configuration File . . . . . . . . . . . . . . . . . . . . . . . . . . 134
Step 3 Localize the Configuration File . . . . . . . . . . . . . . . . . . . . . . . 138
Step 4 Deploy the EAR File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
Installing a Luminis Channel for Banner. . . . . . . . . . . . . . . . . . . . . 141
Step 5 Install CAR Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
Step 6 Publish the Channel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
Step 7 Check Your Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
Locale-Specific URLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
Example INB Test for the My Banner Channel . . . . . . . . . . . . . . . . . . . 143
Example SSB Test for Personal Information Channel . . . . . . . . . . . . . . . 146

Chapter 7

Implementing Banner HR Effort Reporting and Labor Redistribution

Procedure to Deploy Effort Reporting and Labor Redistribution . . . . . . . 147
Deploy the ear File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
Modify the Server Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
Integrate Employee Self-Service with ERLR . . . . . . . . . . . . . . . . . . . . 153
Setup SSB Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
Integrate Banner Payroll with ERLR . . . . . . . . . . . . . . . . . . . . . . . . 154
Single Sign on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157

Chapter 8

Implementing Banner Finance Travel and Expense Management

Deploy the Travel and Expense ear file . . . . . . . . . . . . . . . . . . . . . 177

Banner General 8.3

Middle Tier Implementation Guide
Contents

October 2010

Modify the Server Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . 181

Tips and Additional Information . . . . . . . . . . . . . . . . . . . . . . . . . 182
Setup SSB Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182
Load balancer configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182
Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184

Appendix A Self-Service Technical Information

Third Party Access Form Table . . . . . . . . . . . . . . . . . . . . . . . . . . 191
GOBTPAC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
Third Party Access Audit Form Tables. . . . . . . . . . . . . . . . . . . . . . 192
GOBTPAC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
GORPAUD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
Campus Directory Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
GTVDIRO --- Directory Item Validation Table . . . . . . . . . . . . . . . . . . . . 193
GOBDIRO --- Directory Options Rule Table . . . . . . . . . . . . . . . . . . . . 193
GORDADD --- Directory Address Table. . . . . . . . . . . . . . . . . . . . . . . 195
GORDPRF -- Directory Profile Table . . . . . . . . . . . . . . . . . . . . . . . . 195
Web Server Directory Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
Migration of files from Upgrade to Web Server . . . . . . . . . . . . . . . . . 196

Appendix B Single Sign-On Connectivity Overview

Accessing Banner from Luminis . . . . . . . . . . . . . . . . . . . . . . . . . 197
Accessing Self-Service Banner from Luminis . . . . . . . . . . . . . . . . . . 199

Appendix C Oracle Version-Specific Information

Oracle Database 11g. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
Required Versions for Banner in Database 11g. . . . . . . . . . . . . . . . . . . 203
Case-Sensitive Passwords in 11g . . . . . . . . . . . . . . . . . . . . . . . . . 204
Issues with Database 11g. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Contents

Platform Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205

Change in Default Role Behavior . . . . . . . . . . . . . . . . . . . . . . . . . 205
Oracle Database 10g and Application Server 10g . . . . . . . . . . . . . . . . 205
10g Database. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
Example Init.ora For Oracle RDBMS 10.2.0 . . . . . . . . . . . . . . . . . . . . 206
Oracle 10.2 init.ora . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207

Troubleshooting
Single Sign-On for INB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
Single Sign-On for SSB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
Luminis Channels for Banner. . . . . . . . . . . . . . . . . . . . . . . . . . . 215

Index

Banner General 8.3

Middle Tier Implementation Guide
Contents

October 2010

Overview
This document describes the steps you need to follow for the primary configuration of
your Banner middle tier server. Depending on the products you have licensed, you may
need to skip some of the sections. You may also need to look for details in other
documents.
Warning
You should work your way through this document in order, except for the
sections you skip because you do not have a particular product. Do not

move randomly through the steps.

This document describes how to configure Internet-Native Banner (INB) with OAS10g,
Self-Service Banner (SSB), Single Sign-On (SSO) with Luminis, and Luminis Channels
with Banner. The configurations you need depend on the products that you have licensed.
You must still set up various preferences, etc., as described in the Banner product-specific
user guides (such as the Banner General User Guide, Banner Student User Guide, and
others).
Note
This book provides information for setting up Luminis Platform 4.x
systems to support single sign-on and Luminis Channels for Banner. If
you are using Luminis Platform 5.x, refer to the Luminis Platform Banner
Integration Setup Guide that is delivered with the Luminis Platform 5.x

documentation set.

Single Sign-On through Banner Enterprise Identity

Services
Banner Enterprise Identity Services offers a new approach to single sign-on (SSO) and
integration across a range of SunGard Higher Education products. This document does not
cover SSO setup through Banner Enterprise Identity Services. If you are using Banner
Enterprise Identity Services, please refer to the Banner Enterprise Identity Services
Handbook.

Oracle Database 11g

Beginning with Banner General 8.2, Banner offers support for Oracle Database 11g for
clients who wish to use it. Upgrading to Database 11g brings only a few changes to the
Banner middle tier setup, and those are noted in this document where they occur. For more
information on Database 11g issues and concerns, see Oracle Database 11g on page 203.

October 2010

Banner General 8.3

Middle Tier Implementation Guide

Banner General 8.3

Middle Tier Implementation Guide

October 2010

Configuring InternetNative Banner

Overview
This chapter describes how to configure Internet-Native Banner (INB) with Oracle
Application Server Release 2 (OAS10gR2) and Oracle Fusion Middleware 11g. You will
be guided through the following steps. As you work through these steps, we will note
those that are common to OAS 10gR2 and Oracle Fusionware 11g, as well as those where
differences will exist.
1. Change SEED Numbers and Regenerate Banner Forms on page 13
2. Verify Oracle Environment for Forms Deployment on page 14
3. Transfer Jar Files to INB Server on page 15
4. Transfer bannerid.jar File to Reports Server on page 16
5. Configure Default Settings for INB on page 17
6. Configure Oracle Environment for INB on page 20
7. Configure Banner Online Help on page 21
8. Modify INB Preferences for Online Help Files on page 24
9. Modify Font for INB on page 25
10. Set up Preferences for Banner ID Images on page 25
11. Verify Oracle Environment for Reports Deployment on page 27
12. Set up Banner Data Extract on page 28
13. Configure WebUtil for Saving Data Extract Output on page 30
14. Configure Oracle Reports for INB on page 31
15. Modify INB Environment for Oracle Reports (UNIX Only) on page 34

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Configuring Internet-Native Banner

16. Modify INB Preferences for Oracle Reports on page 34

17. Modify the bannerid.jar File on page 38
18. Modify the banorep.jar File (Optional) on page 39
19. Modify the bannerui.jar file (Optional) on page 42
20. Modify any signed jar file (Optional) on page 43
21. Create a self signed certificate (Optional) on page 43
22. Sign a modified .jar file using the self signed certification (Optional) on page 44
23. Secure the Reports Server on page 45
24. Modify INB Preferences for Job Submission Output on page 46
25. Modify default.env on page 47
26. Set up for Case-Sensitive Passwords (Optional, 11g Database Only) on page 47
27. Configure Multiple Environments (Optional) on page 48
28. Configure Mac Environment (Optional) on page 49
29. Customize the Color of Required Fields (Optional) on page 49
30. Configure INB to Display Windows XP Themes (Optional) on page 50
31. Customize Color Scheme for Disabled Text (Optional) on page 51
32. Customize Color Scheme for Tabs (Optional) on page 52

The Windows Server 2000/2003 platforms are supported for Internet-Native Banner
(INB), as well as the following Linux and UNIX platforms:
Sun Solaris 5.9
IBM Aix 5.1
HP-UX 11.11
HP/Compaq Tru64 5.1
Red Hat Linux Advanced Server
Note
The word UNIX in this chapter refers to all UNIX platforms. Any platform
specific instructions are noted.

Banner General 8.3

Middle Tier Implementation Guide
Configuring Internet-Native Banner

October 2010

Configuration Steps
Step 1

Change SEED Numbers and Regenerate Banner Forms

You must change SEED numbers and regenerate forms using your site-specific SEED
numbers.
1. Change your SEED numbers.

For more information, see SEED Numbers in the Banner Security Technical Reference
Manual.
2. Create a new directory on your forms server for the .fmb, .pll, and .mmb files.
3. Establish the appropriate security for this directory.
4. Use an FTP program in binary mode to copy all the .fmb, .pll, and .mmb files from

the database host to the new directory on your forms server.

Platform

Host location of .fmb and .pll files

UNIX/Linux

$BANNER_HOME/product/forms

Example:
$BANNER_HOME/general/forms

$banner_home\product\forms
Example:
$banner_home\general\forms

Warning
Make sure all source files are copied. Some FTP programs do not allow
large transfers and may drop some files. Use the binary mode to perform

FTP functions.
5. Modify the BANINST1 and BANSECR passwords in the following files. Use the

appropriate .bat or .shl file to generate the .plx, .mmx, and .fmx files.
For OAS10gR2:

October 2010

Accounts Receivable

tasform.bat
tasform.shl

Advancement

aluform.bat
aluform.shl

Common

comform.bat
comform.shl

Banner General 8.3

Middle Tier Implementation Guide
Configuring Internet-Native Banner

Finance

finform.bat
finform.shl

General

genform.bat
genform1.bat
genform.shl

Payroll

payform.bat
payform.shl

Position Control

posform.bat
posform.shl

Student

stuform.bat
stuform.shl

For Oracle Fusion Middleware 11g:

The scripts referenced in the OAS10gR2 section will still function for the OFM 11g with
the exception of an obsolete parameter that needs to be removed from the scripts. The strip
source=yes option is no longer and must be removed.
Before:
"pll") frmcmp_batch $source_bn $fgen_user/$fgen_pass
module_type=$mod_type batch=yes output_file=$target_fn strip_source=yes
compile_all=special;;

After:
"pll") frmcmp_batch $source_bn $fgen_user/$fgen_pass
module_type=$mod_type batch=yes output_file=$target_fn
compile_all=special;;

Step 2

Verify Oracle Environment for Forms Deployment

For OAS10gR2

After OAS10gR2 is installed, you must verify the forms installation.

1. Access the demonstrations on the OAS10gR2 homepage:
http://yourservername:port.

Port is the port number of your Oracle HTTP server, normally 7777 if this is your first
installation of Oracle on your INB server. To verify your port number, refer to the
portlist.ini file in the OAS10gR2 <ORACLE_HOME>/install directory.
2. Choose Business Intelligence and Forms.

Banner General 8.3

Middle Tier Implementation Guide
Configuring Internet-Native Banner

October 2010

3. Choose Forms Services. This link invokes the forms servlet, prompts you to install

the Jinitiator on the client, and displays a test form.

Note
If you do not see the test form (Welcome to Oracle Application Server
Forms Services Installed successfully!), check all log files for the
OAS10gR2 installation to resolve the problem.

For Oracle Fusion Middleware 11g

After OFM 11g is installed, you must verify that the various services are available.
1. Access the EM Agent test page and WebLogic Overview: http://

yourservername:5155/emd/main and http://yourservername:7777.

To verify your port numbers for your installation, refer to the portlist.ini file in the
Oracle Middleware <ORACLE_HOME>/install directory.
2. After accessing the http://yourservername:5155/emd/main you should get the

following message:
Congratulations, EMAgent is working!
Step 3

Transfer Jar Files to INB Server

For OAS10gR2

Use an FTP program in binary mode to copy the following JAR files from the database
host $BANNER_HOME/general/java directory to the <ORACLE_HOME>/forms/java
directory on your INB server:
banicons.jarContains GIF files used for Banner icons
bannerui.jarUsed to set the colors of screen elements such as tabs and disabled
text
banspecial.jarContains a custom version of an Oracle graphic used in Banner
banorep.jarUsed for client-side Oracle Reports/Forms security integration
For Oracle Fusion Middleware 11g

Use an FTP program in binary mode to copy the following JAR files from the database
host $BANNER_HOME/general/java directory to the Middleware <ORACLE_HOME>/forms/
java directory on your INB server:
banicons8.jar-Contains GIF files used for Banner icons
bannerui8.jar-Used to set the colors of screen elements such as tabs and disabled
text
banspecial8.jar-Contains a custom version of an Oracle graphic used in Banner

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Configuring Internet-Native Banner

banorep_10_1_2_3.jar-Used for client-side Oracle Reports/Forms security

integration
Internet Native Banner (INB) and JRE Java Plug-in (JPI)

As of the Java SE 6 Update 19 release, when a program contains both signed and unsigned
components, the system displays the following message:
Java has detected some application components that could indicate a security
concern. Block potentially unsafe components from being run?
This message appears because the code for the .jar files is not signed.
If you select No, INB executes normally.
If you select Yes, the Java Console displays the following message:
java.lang.SecurityException: trusted loader attempted to load sandboxed resource
from http....bannerui.jar
If you select Yes, the bannerui.jar file is not signed and therefore it causes images not to
display. Other files such as banner.gif, my_institution.gif, and check.gif also are
not displayed.
SunGard Higher Education has provided the following signed .jar files to resolve this
issue:
sbanicons.jarContains GIF files used for Banner icons and other miscellaneous
images
sbannersso.jarUsed for LDAP/SSO connections with Luminis and Banner
Channels
sbannerui.jarUsed to set the colors of screen elements such as tabs and disabled
text
sbanorep.jarUsed for client-side Oracle Reports/Forms security integration
sbanorep_10_1_2_3.jarUsed for client-side Oracle Reports/Forms security
integration
sbanspecial.jarContains a custom version of an Oracle graphic used in Banner
Step 4

Transfer bannerid.jar File to Reports Server

Note
This step is common for both OAS10gR2 and Oracle Fusion Middleware

11g.

Banner General 8.3

Middle Tier Implementation Guide
Configuring Internet-Native Banner

October 2010

Use an FTP program in binary mode to copy bannerid.jar from the database host
$BANNER_HOME/general/java directory to a secure directory on your Reports server
(C:\temp, for example).
This JAR file is used for Middle Tier Oracle Reports/Forms security integration. Refer to
Step 17, Modify the bannerid.jar file, for more information.
Step 5

Configure Default Settings for INB

SunGard Higher Education recommends that you use Oracle Enterprise Manager for all
configuration file changes. Use the sample formsweb.cfg file that is delivered with
Banner as a reference for customizing your INB environment.
For OAS10gR2
1. Access OEM on your INB server: http://yourservername:1810.
2. Choose Forms in the System Components section.
3. Choose Configuration.
4. Edit the following parameters in the default section.
Note
The default section applies to all environments that your INB server
serves.

October 2010

Parameter

Value

form

guainit.fmx

width

1040

height

738

separateFrame

true

lookAndFeel

Oracle

colorScheme

blaf

archive_jini

banspecial.jar,frmall_jinit.jar,banicons.jar,b
annerui.jar,banorep.jar

Banner General 8.3

Middle Tier Implementation Guide
Configuring Internet-Native Banner

5. Choose Apply to save your changes.

SunGard Higher Education testing has found that the signed .jar files are not ideally
compatible with the Java 1.4.2 Plug-in level. At runtime, the initial load of the .jar files
worked as expected. However, closing the browser and launching it again with the .jar
files already cached resulted in the applet hanging and not loading.
It is recommended that you adjust your configuration for using the signed .jar files by
locating your current working configuration and then clone and modify it. Change the
jpi_download_page, jpi_classid, jpi_codebase, and jpi_mimetype values as appropriate
for the version of Java you have installed. Also, adjust the archive= line so as to reflect the
names of your signed .jar files such as sbanicons.jar.
It has been found that changing the order of the jar files listed in the configuration
(formsweb.cfg) parameters for archive_jini and archive has fixed this issue. This
happened when .jar files were listed in an order similar to the one shown here:
banspecial.jar,frmall_jinit.jar,banicons.jar,bannerui.jar,banorep.jar

It is recommended that you change the order of the secured .jar file values:
From
archive_jini=sbanspecial.jar,frmall_jinit.jar,sbanicons.jar,sbannerui.
jar,sbanorep.jar
archive=sbanspecial.jar,frmall.jar,sbanicons.jar,sbannerui.jar,sbanore
p.jar

To
archive_jini=sbanicons.jar,sbannerui.jar,sbanspecial.jar,sbanorep.jar,
frmall_jinit.jar
archive=sbanicons.jar,sbannerui.jar,sbanspecial.jar,sbanorep.jar,frmal
l.jar

Note
The key is having the Banner files first and the Oracle file (frmall.jar or

frmall_jinit.jar) last.
For Oracle Fusion Middleware 11g
1. Access OEM on your INB server: http://yourservername:7001/em.
2. Expand the Forms folder and select Forms, from Form's drop-down list, choose Web

Configuration.
3. Select Create to create a new section to connect to the Banner database.

Section Name: dbServer_ban8

Banner General 8.3

Middle Tier Implementation Guide
Configuring Internet-Native Banner

October 2010

Comments: Banner 8 database

4. From the Show drop-down list, select All.
5. Edit the following parameters in the default section.

The other parameters that are not listed below can also be changed if the customers
want to customize them.
Note
The default section applies to all environments that your INB server
serves.

Parameter

Value

form

guainit.fmx

width

1040

height

738

separateFrame

true

lookAndFeel

Oracle

colorScheme

blaf

(remove the version in

order to allow different versions of JPI to connect).
application/x-java-applet

6. Choose Apply to save your changes.

7. Select Home > Environment Configurations > Duplicate File and enter the

following values:
Environment File: default.env
Name: dbServer_ban8.env
8. Set the following parameters:
FORMS_PATH= /u01/app/banapps/SEED/fmx
TWO_TASK= SEED

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Configuring Internet-Native Banner

NLS_LANG=AMERICAN_AMERICA.AL32UTF8

9. Choose Apply to save your changes.

Step 6

Configure Oracle Environment for INB

For OAS10gR2
1. Back up fmrpcweb.res, which is delivered in the $BANNER_HOME/install directory.

Oracle provides this file as a sample key mapping resource file for Web-enabled
forms. This file contains the key mappings that match the standard client/server
keystrokes of Banner. The file is ASCII text and can be edited with any editor.
2. Rename fmrpcweb.res to fmrweb_utf8.res.
3. Move fmrweb_utf8.res to the <ORACLE_HOME>/forms/admin/resource/US

directory on your OAS10g server.

For Oracle Fusion Middleware 11g
1. Back up fmrpcweb.res, which is delivered in the $BANNER_HOME/install directory.

Oracle provides this file as a sample key mapping resource file for Web-enabled
forms. This file contains the key mappings that match the standard client/server
keystrokes of Banner. The file is ASCII text and can be edited with any editor.
2. In the $MIDDLEWARE_HOME/asinst_1/config/FormsComponent/forms/admin/
resource/US, rename fmrpcweb.res to fmrpcweb_orig.res and fmrweb_utf8.res
to fmrweb_utf8_orig.res.

3. Copy the frmpcweb.res from your $BANNER_HOME/install directory to the

$MIDDLEWARE_HOME/asinst_1/config/FormsComponent/forms/admin/resource/
US.

4. Copy the fmrpcweb.res also to fmrpcweb_utf8.res.

Banner General 8.3

Middle Tier Implementation Guide
Configuring Internet-Native Banner

October 2010

Step 7

Configure Banner Online Help

For OAS10gR2

Help files are contained in the bannerOHxx.war file (bannerOH80.war, for example)
which is available on the Customer Support Center.
1. Download bannerOHxx.war from the software downloads section to a directory on

your desktop.
Note
The bannerOH.war file that is located in the $BANNER_HOME/general/
help directory is only a placeholder file. You must always download the

current version from the Customer Support Center.

2. Access OEM on your INB server. In most cases, OEM can be accessed using http:/
/yourservername:1810.

3. Click Home.
4. From System Components, select home instance and click Start to display the

default page.
5. Choose Applications.
6. Click Deploy WAR file if this is the first time you are deploying online help. If you

are replacing a previous version, undeploy the old version first.

7. Browse to the location of the bannerOHxx.war file on your INB server.
8. Enter bannerOH in the Application Name field.
9. Enter /bannerOH in the Map to URL field.
10. Choose Deploy to deploy the bannerOHxx.war file. The file is now listed under the

home deployed Applications.

For Oracle Fusion Middleware 11g

your desktop.
Note
The bannerOH.war file that is located in the $BANNER_HOME/general/
help directory is only a placeholder file. You must always download the

current version from the Customer Support Center.

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Configuring Internet-Native Banner

2. Access WebLogic Console on your INB server. In most cases, the console can be

accessed using http://yourservername:7001/console.

3. Follow the instructions given below and ensure that you have a Banner Application

Server and Cluster.

3.1.

In the left pane of the Administration Console under Domain Structure, select
Environment and then select Servers.
You should see an entry for Name=BannerApps and
Cluster=BannerAppsCluster.
If you do not see this, follow the instructions given below to create them.
3.1.1.

Select Lock & Edit from the Change Center of the Administration
Console (upper left corner).

3.1.2.

Select Environment from the Domain Structure pane.

3.1.3.

Select Servers from the central pane and then select New.
The Server Properties page is displayed.

3.1.4.

Enter BannerApps in the Server Name field.

3.1.5.

Enter yourservername.school.edu in the Server Listen Address field.

3.1.6.

Enter 9003 in the Server Listen Port field.

3.1.7.

Select the Yes, create new cluster for this server option.

3.1.8.

Select Next.
The Cluster Properties page is displayed.

3.1.9.

Enter BannerAppsCluster in the Name field.

3.1.10. Retain the other default values.

3.1.11. Click Finished.
3.1.12. Select the newly created BannerApps link from Server.
3.1.13. Enter yourservername.school.edu in the Change Machine field.
3.1.14. Click Save.
3.1.15. Select Activate Changes from the Change Center of the

Administration Console (upper left corner).

3.1.16. Select Environment from the Domain Structure pane.

Banner General 8.3

Middle Tier Implementation Guide
Configuring Internet-Native Banner

October 2010

3.1.17. Select Servers and then select the Control tab.

3.1.18. Check BannerApps.
3.1.19. Select Start.
3.1.20. Click Yes.

The status will be STARTING and then RUNNING after a few

minutes and then TASK COMPLETED.
4. Select Lock & Edit from Change Center of the Administration Console (upper left

corner).
5. Select Deployments from the Domain Structure pane.
6. Select Install from the right pane.

The Install Application Assistant wizard is displayed.

7. Select the link upload your file(s) and locate the war file.
7.1.

Enter C:\temp\bannerOH.war in the Deployment Archive field.

Note
If the file is called bannerOH2008april.war, rename it to bannerOH.war.

The Deployment Plan Archive field remains empty.

7.2.

Click Next and then Next again.

The Choose targeting style page is displayed.

7.3.

Select the default option Install this deployment as an application.

7.4.

Click Next.
The Select deployment targets page is displayed.

7.5.

Select the BannerAppsCluster check box.

7.6.

Click Next.

7.7.

Retain all the default values on the Optional Setting screen.

7.8.

Click Next.
The Review your choices and click Finish page is displayed.

7.9.

Select the option No, I will review the configuration later.

7.10. Click Finish.

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Configuring Internet-Native Banner

8. Select Activate Changes from Change Center of the Administration Console (upper

left corner).
9. Locate and select the bannerOH check box from Deployment.
10. Select Start - Servicing all requests.
11. Click Yes.
12. Test the bannerOH URL.
12.1. Select the bannerOH application link from Deployments.
12.2. Select the Testing tab.
12.3. Locate the Test Point URL and copy and paste that into another browser.
12.4. Add /bannerOH at the end of the URL.

For example, change http://yourservername.school.edu:9003/bannerOH to

http://yourservername.school.edu:9003/bannerOH/bannerOH.
The Banner Online Help displays the following message:
Help is not available.
Step 8

Modify INB Preferences for Online Help Files

Note
This step is common for both OAS10gR2 and Oracle Fusion Middleware

11g.

You must specify the directory location where online help files will be stored.
1. Logon to Banner as the BASELINE user.
2. Go to the General User Preferences Maintenance Form (GUAUPRF).
3. Select Directory Options.
4. Navigate to the record for the online help for Web access.
5. In the User Value field, change the URL to the server address and virtual path used

by your site.
Delivered value:
http://your.bannerOH.server/bannerOH/bannerOH

Example:
http://server45.sungardhe.com:7778/bannerOH/bannerOH

Banner General 8.3

Middle Tier Implementation Guide
Configuring Internet-Native Banner

October 2010

Step 9

Modify Font for INB

Note
This step is common for both OAS10gR2 and Oracle Fusion Middleware

11g.
1. Navigate to the <ORACLE_HOME>/forms/java/oracle/forms/registry directory.
2. Edit the Registry.dat file.
3. Comment out the following line:
default.fontMap.defaultFontname=Dialog

4. Add the following line:

default.fontMap.defaultFontname=Arial Unicode MS

For more information on UNICODE fonts, see

http://www.alanwood.net/unicode/fonts.html
5. Save the Registry.dat file.

Step 10

Set up Preferences for Banner ID Images

Note
This step is common for both OAS10gR2 and Oracle Fusion Middleware

11g.

The capability to display an image file (.bmp, .gif, .tif, or .jpg) associated with an ID is
available from the ID fields in Banner. In order to use this functionality, you must do the
following:
Set up a directory to store the images.
Change the Banner images record on GUAUPRF to point to the directory.
(Optional) Configure the BAN_GUAIMGE_ID_RANGE and BAN_GUAIMGE_EXTENSION
environment variables if you want to use a naming convention other than the DOS
8.3 standard with a file type of Windows Bitmap (.bmp).
The 1,9 and 3,7 Image Name Conventions

You can now choose to use the following convention for image names:
Nine characters of the ID, starting with position one. (for example, an ID of
A01394287 would become A01394287). This is referred to as the 1,9 convention.
A file extension of .gif, .jpg, .tif, or .bmp (for example, A01394287.gif).
Prior to the General 7.4 release, image files that were displayed on the Personal Image
Form (GUAIMGE) were limited to the following convention:

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Configuring Internet-Native Banner

Seven characters of the ID, starting with position three, and prefixed with the letter
I (for example, an ID of A01394287 would become I1394287). This is referred to
as the 3,7 convention, or the DOS 8.3 standard.
A file extension of .bmp (for example, I1394287.bmp).
Set up a Directory for Banner ID Images
1. Create a directory on the INB server or a network directory where you want to store

the images associated with Banner IDs.

2. Place the images in the directory, making sure that they are named correctly:

If you are using the 3,7 naming convention--Use seven characters of the ID,
starting with position three, and prefixed with the letter I. Use a file extension of
.bmp. For example, an ID of A01394287 would become I1394287.bmp.
If you want to use the 1,9 convention, or a different file extension--Use nine
characters of the ID, starting with position one. Use a file extension of .gif, .jpg, .tif,
or .bmp. For example, an ID of A01394287 would become A01394287.gif.
Note
If you want to use the 1,9 convention or a file extension other than .bmp,
you must also configure the BAN_GUAIMGE_ID_RANGE and
BAN_GUAIMGE_EXTENSION environment variables.

Specify Directory for Banner ID Images

The Banner ID Images record on the General User Preferences Maintenance Form
(GUAUPRF) must point to the images directory you created.
1. Log in to Banner as the BASELINE user and go to GUAUPRF.
2. Go to the Directory Options tab.
3. For the Enter the location of your Banner ID images record, enter the directory name

you created for your Banner images.

For Windows, you can use a network drive location, or a location local to the INB
server.
For Solaris, the directory name needs to be on the INB server.

Banner General 8.3

Middle Tier Implementation Guide
Configuring Internet-Native Banner

October 2010

Configure Environment Variables for Banner ID Images (Optional)

If you are using the 1,9 convention, or a file extension other than .bmp, you must specify
your preferences in the BAN_GUAIMGE_ID_RANGE and BAN_GUAIMGE_EXTENSION
environment variables.
Note
If the variables are not present or do not have values, then Banner will

use the 3,7 naming convention, with an extension of .bmp.

1. Edit the BAN_GUAIMGE_ID_RANGE variable. If you want to name all new files with the

1,9 format, but still use your existing 3,7 files, then specify 1,9 for this variable. Then,
if Banner cannot fine an image file named with the 1,9 convention, it will search for
one with the 3,7 format.
Example:
BAN_GUAIMGE_ID_RANGE=1,9

2. Edit the BAN_GUAIMGE_EXTENSION variable.You can specify a file extension of .gif,

.jpg, .tif, or .bmp. The default value is .bmp, if this variable is not present, or if it does
not have a value.
Example:
BAN_GUAIMGE_EXTENSION=TIF

Step 11

Verify Oracle Environment for Reports Deployment

For OAS10gR2

After OAS10gR2 is installed, you must verify the Reports installation.

1. Access the demonstrations on the OAS10gR2 homepage:
http://yourservername:port.
Port is the port number of your Oracle HTTP server, normally 7777 if this is your first
installation of Oracle on your INB server. To verify your port number, refer to the
portlist.ini file in the OAS10g <ORACLE_HOME>/install directory.

2. Choose Business Intelligence and Forms.

3. Choose Reports Services. This link invokes the reports servlet.
4. Choose Test a Paper Report on the Web. This link invokes the test report demo.
5. Enter your report server name and port number.

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Configuring Internet-Native Banner

6. Choose Run Report.

Note
If you do not see the report output (Reports Server Test Report, The
report ran successfully!), check all log files for the OAS10gR2 installation

to resolve the problem.

For Oracle Fusion Middleware 11g

After OFM 11g is installed, you must verify the Reports installation.
1. Access the help page for the Oracle Reports:
http://yourservername:port/reports/rwservlet

2. To verify your port numbers for installation, refer to the portlist.ini file in the
Oracle Middleware <ORACLE_HOME>/install

directory.

3. To view the environment settings for the web server, submit the showenv command to

the Reports Server:

http://yourservername:port/reports/rwservlet/
showenv?server=ReportsServer_yourservername_asinst_1

Step 12

Set up Banner Data Extract

Note
This step is common for both OAS10gR2 and Oracle Fusion Middleware

11g.

Use the following steps to set up Banner Data Extract functionality:

Enable Data Extract for forms
Choose default output format
Configure environment variable for Data Extract (optional)
Enable the Data Extract Feature for a Form
1. Access the Object Maintenance Form (GUAOBJS).
2. Query for the form(s) you want to enable.
Note
Not all baseline forms have been tested for Data Extract functionality. For
a list of tested forms, refer to chapter 3 of the Banner Getting Started

Guide.
Warning
If you want to use the Data Extract feature on your institutions local
forms, you must test it on them first.

Banner General 8.3

Middle Tier Implementation Guide
Configuring Internet-Native Banner

October 2010

3. Select a value from the pull-down list in the Data Extract Option field for each

form:
Key and Data BlockEnable the extract feature for both key and data blocks.
Data Block OnlyEnable the extract feature for data blocks only.
4. Save.
Choose the Default Output Format
1. Log on to Banner as the BASELINE user.
2. Access the General User Preferences Maintenance Form (GUAUPRF).
3. Go to the Directory Options window.
Note
For each record on this window except for Oracle Reports Root Subfolder,
you can choose whether changes to BASELINE values are used as the
default values for all current users by using the Propagate pull-down list:

Copy to All Users (default): The value you enter for the record will be copied
into all user's individual user preference rows in the GURUPRF table. Any
existing user value will be overwritten with this option.
Copy to No Users: The value you enter for the record will not be copied to
any users.
Copy to Users having same value as BASELINE value: The system will
compare the old BASELINE value with each user's individual row for this
preference. If the value on the BASELINE row matches the value on the
user's row, then the new BASELINE value will be copied into the user's row.
If the user's current value is different than the current BASELINE value
(prior to the change being made), then the user value will not be updated to
match the BASELINE row.
4. Go to the record for Data extract format: FILE (.csv), TEXT, or WEBUTIL.
5. Make an entry in the User Value field.

If you want extracted data to be placed into a file in comma separated value format
(with a .csv extension), enter FILE in the User Value field. When users extract
data, they will be prompted to save it to their local drive.
If you want extracted data to be displayed in a separate browser window, enter
TEXT. The information is display-only, but users can save it in a variety of formats.
If you want to use the WebUtil option, enter WEBUTIL to save the .csv file to
users local drives using the General WebUtil File Extract Form (GUQWUTL). If

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Configuring Internet-Native Banner

you choose this option, you must also follow the steps to Configure WebUtil for
Saving Data Extract Output on page 30.
Note
Even if you do not use WebUtil as the BASELINE option at your
institution, then be aware that individual users will still be able to select
WEBUTIL as their value for the User Value field, although they will
receive an error when they try to use the General WebUtil File Extract

Form (GUQWUTL) to save their file.

6. (Optional) If you are using the WebUtil option, you can specify a different default

directory to save users output in the record for Local directory for saving output. The
default delivered value is C:\temp.
7. Save.
Configure Environment Variable for Data Extract (Optional)

You can use the BAN_DATA_EXTRACT_PAD_COLUMNS environment variable to specify

whether you want the columns of extracted data to be padded with spaces.
If the variable is set to Y (Yes)--The Data Extract logic in the G$_WRITE_BLOCK will
pad the columns with spaces. This option was the default prior to General Release
7.4.
Example:
BAN_DATA_EXTRACT_PAD_COLUMNS=Y

If the variable is set to N (No)--The columns will not be padded with spaces. The
padding is not needed because the columns have a wrapper of double quotes
around them.
Example:
BAN_DATA_EXTRACT_PAD_COLUMNS=N

Note
If the variable does not exist, then Banner assumes a value of N.

Step 13

Configure WebUtil for Saving Data Extract Output

Note
This step is common for both OAS10gR2 and Oracle Fusion Middleware

11g.

WebUtil is an Oracle utility, portions of which SunGard Higher Education made available
beginning with the General 7.3 release to assist with data transfer and web output. If
configured, WebUtil provides a way to extract data from Banner to a users desktop, either
by using Banners Data Extract feature, the GASB Parameter Form (FGAGASB), or the
Saved Output Review Form (GJIREVO). Although it is primarily intended to provide a
Data Extract solution for institutions with a RAC (Real Application Clusters)

Banner General 8.3

Middle Tier Implementation Guide
Configuring Internet-Native Banner

October 2010

environment, SunGard Higher Education recommends that all institutions adopt this
solution.
To configure WebUtil at your institution, do the following:
Follow the instructions in the Oracle Forms Developer WebUtil Users Guide, with
the exception of the items listed below under the Exceptions to the Standard
WebUtil Configuration heading.
Choose WEBUTIL as the output format in the step to Choose the Default Output
Format on page 29.
For more information about WebUtil, refer to the following page of Oracles web site:
http://www.oracle.com/technology/products/forms/htdocs/webutil/readme.html
Exceptions to the Standard WebUtil Configuration

SunGard Higher Education recommends that you install the webutil_db package
in the baninst1 schema. In Banner General, the webutil_db package is delivered
split into gokwutl.sql (package specification) and gokwutl1.sql (package
body), in order to comply with Banner standards.
Note
It is no longer necessary to use the banwebutil.jar file in place of Oracles
native frmwebutil.jar. SunGard Higher Education now recommends that
you follow Oracles WebUtil configuration instructions and install the
appropriate version of Oracles frmwebutil.jar based on your version of
Oracle Application Server. In particular, if you are using Oracle
Application Server 10.1.2.3 or later; you may experience errors if using

banwebutil.jar, and you should use Oracles frmwebutil.jar instead.

Using WebUtil for Other Purposes

SunGard Higher Education made a single form "WebUtil enabled" in support of the Data
Extract features across Banner: the General WebUtil File Extract Form (GUQWUTL).
If you want to use other features of WebUtil at your institution, you must make each
relevant form WebUtil enabled; however, Oracle recommends that you only WebUtilenable forms which actually need the functionality. This is because each form that is
WebUtil enabled generates a certain amount of network traffic and memory usage simply
to instantiate the utility, regardless of whether any WebUtil functionality is used.
Step 14

Configure Oracle Reports for INB

Oracle Reports for Banner uses the RUN_REPORT_OBJECT Built-In function to run a report
from the form.
The Reports server may be customized by defining the defaultEnvId parameter in the
Reports server configuration file. This file allows for the definition of environment
variables specific to the Reports server engine.

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Configuring Internet-Native Banner

SunGard Higher Education recommends that you use OEM for all your configuration file
changes.
For OAS10gR2
1. Access OEM on your INB server: http://yourservername:1810.
2. Choose reportservername in the System Components section.
3. Choose Edit Configuration File in the Administration section.
4. Add the defaultEnvId parameter to the engine ID parameter. This parameter

connects the user to a specific database.

Example:
In this example, defaultEnvId="test" is added to the end of the engine ID
parameter:
<engine id="rwEng" class="oracle.reports.engine.EngineImpl"
initEngine="1" maxEngine="1" minEngine="0" engLife="50" maxIdle="30"
callbackTimeOut="60000" defaultEnvId="test">

5. Add the LOCAL and REPORTS_PATH parameters.

Example:
<environment id="test"/>
<envVariable name="LOCAL" value="test"/>
<envVariable name="REPORTS_PATH"
value="D:\links"/>
</environment>

Note
If you use Oracle SSO and Oracle Portal, skip step 6.

6. Remove the Oracle SSO and Oracle Portal tags by commenting them out using <!--

at the beginning and --> at the end of the security id and destination tags.
Example:

<!--destination destype="oraclePortal"
class="oracle.reports.server.DesOraclePortal">
<property name="portalUserid"
value="%PORTAL_DB_USERNAME%/%PORTAL_DB_PASSWORD%@%PORTAL_DB_TNSNAME%"
confidential="yes"

Banner General 8.3

Middle Tier Implementation Guide
Configuring Internet-Native Banner

October 2010

encrypted="no"/>
</destination> -->

7. Choose OK.
8. Choose Yes to restart the Reports server.
For Oracle Fusion Middleware 11g
1. Log in to OEM 11g server with Oracle.
2. Change directory to your Middleware Instance directory where the rwserver.conf is

located.
For example, /u01/app/oracle/middleware/asinst_1/config/
ReportsServerComponent/ReportsServer_YOURSERVER_asinst_1

3. Copy rwserver.conf to rwserver_orig.conf.

The following is a sample configuration that can replace the delivered

rwserver.conf. Changes that need to occur would be the classPath and the various
environment variables in the environment id section.
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<server xmlns="http://xmlns.oracle.com/reports/server"
version="11.1.1.2.0">
<cache class="oracle.reports.cache.RWCache">
<property value="50" name="cacheSize"/>
</cache>
<engine minEngine="1" maxIdle="30" maxEngine="1" id="rwEng"
engLife="50" class="oracle.reports.engine.EngineImpl" classPath="/u01/
app/sghe/banapps/s14s80/jars/bannerid.jar" />
<engine minEngine="0" maxEngine="1" id="rwURLEng" engLife="50"
class="oracle.reports.urlengine.URLEngineImpl"/>
<security id="rwJaznSec"
class="oracle.reports.server.RWJAZNSecurity"/>
<destination destype="ftp"
class="oracle.reports.plugin.destination.ftp.DesFTP"/>
<destination destype="WebDav"
class="oracle.reports.plugin.destination.webdav.DesWebDAV"/>
<job jobType="report" engineId="rwEng"/>
<job jobType="rwurl" engineId="rwURLEng"/>
<notification id="mailNotify"
class="oracle.reports.server.MailNotify">
<property value="succnote.txt" name="succnotefile"/>

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Configuring Internet-Native Banner

<property value="failnote.txt" name="failnotefile"/>

</notification>
<connection maxConnect="50" idleTimeOut="15"/>
<queue maxQueueSize="1000"/>
<environment id="s14s80">
<envVariable value="DD-MON-RRRR" name="NLS_DATE_FORMAT"/>
<envVariable value="/u01/app/sghe/banapps/s14s80/reports/rep"
name="REPORTS_PATH"/>
<envVariable value="s14s80" name="TWO_TASK"/>
<envVariable value="/u01/app/sghe/banapps/s14s80/conf"
name="TNS_ADMIN"/>
</environment>
<pluginParam name="mailServer" value="%MAILSERVER_NAME%"/>
</server>

4. Restart the Reports server from the WebLogic Enterprise console. Typically, http://
servername.institution.edu:7001/console.

Step 15

Modify INB Environment for Oracle Reports (UNIX Only)

Note
This step is common for both OAS10gR2 and Oracle Fusion Middleware

11g.

An enhancement was made to the Banner 7.1 release of Oracle Reports allowing the users
to run a report without specifying the database name when logging in to INB. If you are
running your Reports Server on UNIX, you must add the following to your .env file:
local=<your database tns connect string>
e.g local=test

Step 16

Modify INB Preferences for Oracle Reports

Note
This step is common for both OAS10gR2 and Oracle Fusion Middleware

11g.
1. Logon to Banner as the BASELINE user.
2. Access the General User Preferences Maintenance Form (GUAUPRF).
3. Go to the Directory Options window.

Banner General 8.3

Middle Tier Implementation Guide
Configuring Internet-Native Banner

October 2010

4. Go to the Enter the name of your Oracle Reports Server record. In the Default Value

field, change the URL to the report server used at your site.
Delivered value: http://yourservername:port/reports/rwservlet?
5. Go to the Enter the name of your Oracle Reports Service Name record. In the Default

Value field, change the reports server name to the name used at your site.
Delivered value: rep_yourservername
6. Go to the Enter name of your Oracle Reports Root Subfolder record, which allows

you to control the file name format and location of Oracle Reports output. With this
record, you can control where users send their report output when the report
Destination Type is set to File (DESTYPE=FILE).
If you change nothing on the BASELINE row (i.e., where GURUPRF_USER_ID is equal
to BASELINE), then the value DEFAULT_BEHAVIOR is used, and users send their
output to the drive/folder/subfolder specified in the Destination Name field or to the
default directory on the Reports server, if Destination Name is valued with only a file
name. This is the same way this feature worked in previous releases. However, you
have the option to enter the name of and Oracle Reports root-level folder/subfolder
value (including an ending slash).
To this root-level folder/subfolder value, you have the option to append:
An indication for including a timestamp in the report file name (date)
An indication for having the report file written to an oracle-usernamesubfolder (user)
Indications for both timestamp and username subfolder (user, date)
Note
If your institution chooses not to append the string date to the report file
name, then you must otherwise ensure that duplicate file names are not

overwritten.
Tip
If you use any of the new options, keep in mind that the methods you use
to periodically purge the output on your Reports server may need to be
adjusted. Also, when running the reports, users will enter just the file
name (and extension) in the Destination Name field. The configured
options will be dynamically constructed into this entered Destination

Name value.

The delivered value for BASELINE is DEFAULT_BEHAVIOR. You may change this
value to one of the following options:
A root-level folder
A root-level folder and the string user
A root-level folder and the string date

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Configuring Internet-Native Banner

A root-level folder and the string user, date

These options are detailed below.
A root-level folder

Enter a root-level folder (including an ending slash) to which all Oracle Reports output
with a Destination Type of File will be sent. This root-level folder must exist and be
writable by the Reports server.
Windows

Unix/Linux

Example of the
BASELINE row
configuration

f:\orep_root\

/u02/orep_root/

Example of what output

might look like with this
BASELINE row
configuration

f:\orep_root\
sample_report.pdf

/u02/orep_root/
sample_report.pdf

Note
If you choose this option, make sure that all Oracle Reports users are
configured to access files at this root location, and that the Windows
share (or Unix security) is configured accordingly. Users need read
access to this folder. Additionally, make sure that they do not send report

output with sensitive data to this folder.

Note
If a value exists in the User Value field for this corresponding type of
BASELINE row, it will be ignored.

A root-level folder and user

Enter a root-level folder and the string user. If desired, users may specify subfolders within
their username folder by entering the name of the subfolder in the corresponding User
Value field of GUAUPRF (including an ending slash). This specified subfolder must
exist.

Example of the
BASELINE row
configuration

Windows

Unix/Linux

f:\orep_root\user

/u02/orep_root/user

Banner General 8.3

Middle Tier Implementation Guide
Configuring Internet-Native Banner

October 2010

Windows

Unix/Linux

Example of what output

might look like with this
BASELINE row
configuration

f:\orep_root\jdoe\
sample_report.pdf

/u02/orep_root/
jdoesample_report.pdf

Example of what output

might look like if a User
Value subfolder of xyz\
(for Windows) or xyz/ (for
Unix) is specified on the
users GUAUPRF row

f:\orep_root\jdoe\xyz\
sample_report.pdf

/u02/orep_root/jdoe/xyz/
sample_report.pdf

Note
You must create user folders for Oracle user IDs, if you choose this
option. If you do not, the Reports server will not be able to write the file to
the specified location. It is recommended that you create Windows share

(or Unix security) on these user folders.

A root-level folder and date

Enter a root-level folder and the string date. If you choose this option, then a unique time
stamp will be appended to the end of the report name, so that files will not be overwritten.
Windows

Unix/Linux

Example of the
BASELINE row
configuration

f:\orep_root\date

/u02/orep_root/date

Example of what
output might look like
with this BASELINE
row configuration

f:\orep_root\
sample_report20061212081255
.pdf

/u02/orep_root/
sample_report20061212081255
.pdf

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Configuring Internet-Native Banner

A root-level folder and user,date

Enter a root-level folder and the string user,date.

Example of the
BASELINE row
configuration

Windows

Unix/Linux

f:\orep_root\user,date

/u02/orep_root/user,date

f:\orep_root\jdoe\
/u02/orep_root/jdoe/
Example of what
output might look like sample_report20061212081255 sample_report20061212081255
.pdf
with this BASELINE .pdf
row configuration

Note
You must create user folders for each Oracle user ID if you choose this
option. If you do not, the Reports server will not be able to write the file to
the specified location. It is recommended that you create Windows share

(or Unix security) on these user folders.

Step 17

Modify the bannerid.jar File

Note
This step is common for both OAS10gR2 and Oracle Fusion Middleware

11g.

The bannerid.jar file provides secured access for Oracle*Reports.

1. Create two temporary directories. (For example, C:\temp\jar\default and
C:\temp\jar\new).

2. Place bannerid.jar into the C:\temp\jar\default directory.

3. Open a command prompt session at the C:\temp\jar\new directory.
4. Unpack the bannerid.jar file into the C:\temp\jar\new directory:
jar -xvf c:\temp\jar\default\bannerid.jar

5. Navigate to the C:\temp\jar\new\com\sct\banner\reports directory.

6. Modify the SEED1 and SEED3 parameters in the bannerID.properties and
bannerID_en.properties

files.

Note
Information about changing SEED parameters is located in the Banner

Security Technical Reference Manual.

7. Save your changes.

Banner General 8.3

Middle Tier Implementation Guide
Configuring Internet-Native Banner

October 2010

8. Repackage the bannerid.jar file in the C:\temp\jar\new directory using the jar

command:
jar -Mcvf bannerid.jar *.*

9. Create a secure directory on the server and copy the bannerid.jar file to this

directory.
10. Modify the rep_<servername>.conf file in the following manner. SunGard Higher

Education recommends that you use Oracle Enterprise Manager (OEM) for all
configuration file changes.
10.1. Access OEM on your INB server: http://yourservername:1810.
10.2. Choose Reports Server Name in the System Components section.
10.3. Choose Edit Configuration File.
10.4. Add classPath="C:\temp\bannerid.jar" to the end of the engine id

parameter.
Note
<engine id="rwEng" class="oracle.reports.engine.EngineImpl"
initEngine="1" maxEngine="5" minEngine="0" engLife="50"
maxIdle="30" callbackTimeOut="60000"
defaultEnvId=test
classPath="C:\temp\bannerid.jar">

</engine>

Step 18

Modify the banorep.jar File (Optional)

Note
This step is common for both OAS10gR2 and Oracle Fusion Middleware

11g.

Banner is delivered with the banorep.jar file to control advanced Oracle Reports
Security.
To avoid exposing the userid parameter, the userid connect string can be encrypted and
stored in a temporary cookie on the client browser. This means the following for Reports
to run:
The userid parameter is left empty in the Reports HTML parameter form and does
not show in the requested URL.
The userid connect string is encrypted and stored as a temporary cookie. The
cookie is deleted immediately when closing the browser.
The cookie expires after 30 minutes even if the browser was not closed.

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Configuring Internet-Native Banner

The default cookie domain is derived from the host running Forms Services. This
secures the cookie from applications hosted by other servers accessing this
information.
The Reports userid cookie can be set from Forms using a Java Bean in Forms. The
banorep.jar file handles setting the userid parameter in a cookie.
maxAge This property allows to specify a time in minutes for which the Reports
userid cookie is valid. The cookie expiration is determined on the Reports Server.
The default value is 30 minutes.
cookieDomain This property defines the scope of servers, the location from which
hosted applications can access the cookie information. The minimum requirement
is a domain that has a least two '.' in it. The domain can be set to a complete server
name, therefore ensuring that only applications started on this server can access the
cookie.
Example:
cookieDomain=.yourserver.com is a valid domain, while
cookieDomain=yourserver.com is not a valid domain

cookiePath This property defines the virtual path that an application needs in
order to access the client side cookie. By default, the path is set to '/', which means
that applications downloaded from any virtual path in the cookie's domain can
access the cookie. To restrict access to only those applications downloaded from a
specific virtual path, like "reports," use the following settings '/reports/'.
1. Create two temporary directories. (For example, C:\temp\jar\default and
C:\temp\jar\new).

2. Place banorep.jar into the C:\temp\jar\default directory.

3. Open a command prompt session at the C:\temp\jar\new directory.
4. Unpack the banorep.jar file into the C:\temp\jar\new directory:
jar -xvf c:\temp\jar\default\banorep.jar

5. Navigate to the C:\temp\jar\new\oracle\reports\utility directory.

6. Access the conf.properties and conf_en.properties files.
7. Change the value for each property.
8. Save your changes.
9. Repackage the banorep.jar file in the C:\temp\jar\new directory using the jar

command:
jar -Mcvf banorep.jar *.*

Banner General 8.3

Middle Tier Implementation Guide
Configuring Internet-Native Banner

October 2010

Forms Services Configuration

10. Copy the new banorep.jar file to the <ORACLE_HOME>/forms/java directory.
formsweb.cfg File
11. Add the following line to the named configuration section for your application in the
formsweb.cfg

file:

Archive_jini= banspecial.jar,frmall_jinit.jar,banicons.jar,bannerui.jar,
banorep.jar
Archive= banspecial.jar,frmall.jar,banicons.jar,bannerui.jar,
banorep.jar

Basejini.htm File
12. In order for the Forms Applet to get permissions for setting the temporary

authentication cookie, the MAYSCRIPT parameter needs to be set in basejini.htm

template.
Internet Explorer section of basejini.htm:
<PARAM NAME="MAYSCRIPT" VALUE="true">
Netscape section of basejini.htm:
MAYSCRIPT=true

Warning
There is a known issue with the combination of Netscape 7.1, JInitiator
1.3.1.x, and the JSOBject class from Netscape. Forms that run in

Netscape 7.1 must use the certified version of the Java Plug-In 1.4.
Note
If you are using the Java Plug-In, you must change
baseHTMLJInitiator= and baseHTMLie= parameters to point to just
basejpi.htm. Add the banner jar files to the archive parameter.

Example:
# System parameter: base HTML file for use with JInitiator client
baseHTMLjinitiator=basejpi.htm
# System parameter: base HTML file for use with Microsoft Internet
Explorer
# (when using the native JVM)
baseHTMLie=basejpi.htm
# Forms applet archive setting for other clients (Sun Java Plugin,
Appletviewer, etc)
archive=banicons.jar,bannerui.jar,banspecial.jar,frmall.jar,
banorep.jar

13. Modify the REPORTS_ENCRYPTION_KEY:

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Configuring Internet-Native Banner

Key Environment variables and Servlet Parameters

The REPORTS_ENCRYPTION_KEY specifies the encryption key used to encrypt the user
name and password for the Authid & Userid Cookies. Because these cookies are sent
back to the user's browser, there is a need to encrypt these values. The encryption key
can be any character string. The default value is reports9.0. A change of the
encryption key would change the final encrypted values of these cookies.
In order to secure your Oracle Reports Server environment, it is recommended you
change the REPORTS_ENCRYPTION_KEY from the default value of "reports9.0" to some
custom value.
You can find more information about changing the key in the document Oracle Forms
Services - Secure Web.Show_Document() calls to Oracle Reports.
The SET_<nn>ENCRYPTION_KEY property allows the application developer to issue
another key for encrypting the Reports cookie other than the default. Before changing
the key in the cookie, make sure that the key is also changed in the Reports Server
rwservlet.properties file (Reports9i and Reports 10g).
Examples:
set_custom_property('control.userid_bean',1,'SET_9iENCRYPTION_KEY',
'myOwnKeyFor9i');
set_custom_property(control.userid_bean,1,SET_10gENCRYPTION_KEY,
myOwnKeyFor10g);"

For more information, refer to Oracle Metalink Note222332.1, A Detailed

Explanation of Oracle 9i Reports Security, and the whitepaper Oracle Forms Services
- Secure Web.Show_Document() calls to Oracle Reports.
Step 19

Modify the bannerui.jar file (Optional)

Note
This step is common for both OAS10gR2 and Oracle Fusion Middleware

11g.

If you are setting up an Arabic-language implementation of Banner, you must make two
changes to default settings stored in the bannerui.jar file.
The text alignment must be changed from LTR (left to right, the default value), to
RTL (right to left), so that certain Banner text items will be correctly aligned.
The default font must be changed from Verdana to a font that properly supports
Unicode characters for Arabic, such as MS Sans Serif.
To make these changes, perform the following steps:
1. Create a temporary directory, C:\temp\jar\ui.
2. Copy bannerui.jar into the C:\temp\jar\ui directory.

Banner General 8.3

Middle Tier Implementation Guide
Configuring Internet-Native Banner

October 2010

3. Open a command prompt session at the C:\temp\jar\ui directory.

4. Unpack the bannerui.jar file:
jar xf c:\temp\jar\ui\bannerui.jar

5. In the com/sct/banner/forms/ui directory, locate the fontName.properties file

and the banAlignment.properties file.

6. Edit fontName.properties.

Open fontName.properties in a text editor and change the default value Verdana to
MS Sans Serif. Save and close the file.
7. Edit banAlignment.properties.

Open banAlignment.properties in a text editor and change the default value LTR to
RTL. Save and close the file.
8. Repackage the bannerui.jar file in the C:\temp\jar\ui directory:
jar cf bannerui.jar com

9. Copy the edited bannerui.jar file to the <ORACLE_HOME>/forms/java directory.

Step 20

Modify any signed jar file (Optional)

Note
This step is common for both OAS10gR2 and Oracle Fusion Middleware

11g.

You can modify the signed .jar files delivered by SunGard Higher Education. However,
the signing by SunGard Higher Education becomes invalid when you modify a signed .jar
file.
If you want to create modified .jar files and continue without getting the warning about
mixing signed and unsigned components, you will be required to sign your modified .jar
files. You have the following two options specific to signing modified .jar files:
Purchase a Class 3 code signing certificate from a third party
VeriSign Inc. is one of several vendors in this space.
Create a self signing certificate using the JDK.
Step 21

Create a self signed certificate (Optional)

Note
This step is common for both OAS10gR2 and Oracle Fusion Middleware

11g.

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Configuring Internet-Native Banner

The following instructions describe how to create a self signed certificate:

1. Create a work folder on your local workstation C:\work_ss_cert.
2. Open DOS window and change directory C:\work_ss_cert.
3. Type the following at the command prompt:
keytool -genkey -validity 730 -alias fooName -keystore sgheUstore

4. Enter the necessary details such as keystore password, your first and last name, and

the name of your organizational unit when you are prompted for information.
The keytool command mentioned above creates the keystore sgheUstore in the
folder c:\work_ss_cert. The password you entered in Step 4 has been assigned to
this keystore. This keytool command also generates a public or private key pair for
the entity whose distinguished name is the first and last name and organizational unit
is the organizational unit you entered in Step 4.
This keytool command creates a self signed certificate which includes the public key
and the distinguished name information. The default validity period for a certificate is
90 days. You can also set the validity period by using the validity option in the
command prompt. The keytool command mentioned above creates a certificate with a
validity period of 730 days (approximately 2 years).
Step 22 Sign a modified .jar file using the self signed certification
(Optional)
Note
This step is common for both OAS10gR2 and Oracle Fusion Middleware

11g.

The following instructions describe how to sign a modified .jar file using the self signed
certification. (These instructions build off of the instructions from Step 21, Create a self
signed certificate (Optional) above):
1. Open DOS window and change directory C:\work_ss_cert.

This is the folder where the self signed certificate exists.

2. (Optional) Place the modified .jar file (mybanicons.jar is our example) into this

same folder C:\work_ss_cert.

3. Type the following at the command prompt:
jarsigner -keystore sgheUstore -signedjar zbanicons.jar mybanicons.jar
fooName

4. Enter the necessary details such as keystore passphrase and the key password.

Banner General 8.3

Middle Tier Implementation Guide
Configuring Internet-Native Banner

October 2010

The jarsigner command mentioned above creates a signed .jar file zbanicons.jar
in the folder c:\work_ss_cert. Your Oracle Forms configuration will be adjusted to
look like:
archive=sbanspecial.jar,zbanicons.jar,sbannerui.jar,sbanorep.jar,frmal
l.jar

Step 23

Secure the Reports Server

Note
This step is common for both OAS10gR2 and Oracle Fusion Middleware

11g.
1. Modify the ServerName directive in your Apache httpd.conf file to contain the full

domain name:
ServerName <yourservername>.<yourdomainname>

Note
Ensure that the server name is the full DNS name. Be cautious if you
accept the defaults during installation.

2. Any of the valid Reports Servlet commands listed on the Reports Servlet help page

can be restricted. The list of help commands can be viewed at http://

yourservername:port/reports/rwservlet/help.

To restrict Oracle Reports commands, add Location directives to your httpd.conf file
after the default Location directive for /server-status:
#
# Allow server status reports, with the URL of http://servername/server-status
# Change the ".your_domain.com" to match your domain to enable.
#
<Location /server-status>
SetHandler server-status
Order deny,allow
Deny from all
Allow from localhost yourservername
</Location>

The following example disables the showmap command from the users and allows the
call to rwservlet/showmap issued on the server yourserver.com for testing purposes:
<Location /reports/rwservlet/showmap*>
Order deny,allow
Deny from all
Allow from localhost yourserver.com
</Location>

The following example disables the upper, lower, or mixed case use of the showjobs
command from the users and allows the call to rwservlet/showjobs issued from a PC
with a certain IP address for testing purposes:

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Configuring Internet-Native Banner

<Location /reports/rwservlet/[Ss][Hh][Oo][Ww][Jj][Oo][Bb][Ss]*>
Order deny,allow
Deny from all
Allow from localhost 111.22.33.444
</Location>

The following example disables the upper, lower, or mixed case use of the showjobid
command from the users and allows the call to rwservelt/showjobid issued from the
localhost:
<Location /reports/rwservlet/[Ss][Hh][Oo][Ww][Jj][Oo][Bb][Ii][Dd]*>
Order deny,allow
Deny from all
Allow from localhost 111.22.33.444
</Location>

3. If you installed the OAS10g Infrastructure and Middle Tier software, the WebCache

software is automatically installed. The Web Cache software is a front end to the
Apache HTTP server. The client IP does not get passed through to the Apache HTTP
server. Therefore, Allow/Deny directives in httpd.conf will not work. You must add
the following line to your httpd.conf file:
Locate and uncomment to "UseWebCacheIp On" directive in the httpd.conf
file
Restart the Apache HTTP server

Note
If you installed the Oracle Forms and Reports StandAlone Services, then

you do not have WebCache installed and may skip this step.

Step 24

Modify INB Preferences for Job Submission Output

Note
This step is common for both OAS10gR2 and Oracle Fusion Middleware

11g.

Job Submission output can be viewed on the Web from the Saved Output Review Form
(GJIREVO). When you select Options--Show Document (Save and Print File), the Job
Submission output is displayed in a browser window. You can then save the output to a
local file or print it.
To view Job Submission or Data Extract output on the Web, a Database Descriptor (DAD)
must be added in OAS10g. Refer to chapter 2 for basic information about creating a DAD.
If you have separate INB and SSB web servers, you should configure a DAD on your INB
web server for Job Submission output.
1. Log on to Banner as the BASELINE user.
2. Access the General User Preferences Maintenance Form (GUAUPRF).
3. Go to the Directory Options tab.

Banner General 8.3

Middle Tier Implementation Guide
Configuring Internet-Native Banner

October 2010

4. Navigate to the record for the Web Output URL.

5. In the Default Value field, change the URL to the server address and virtual path

used by your site.

Example:
Delivered value: http://yourserver.com/directory/
New value: http://yourserver.com/<dad name>/
Note
OAS10g no longer requires that you include /pls/ in the URL, although
you can include it, if desired. Non-OAS10g users must include it, so your
value would be:

New value: http://yourserver.com/pls/<dad name>/

Step 25

Modify default.env

Note
This step is common for both OAS10gR2 and Oracle Fusion Middleware

11g.

In default.env, add this new environment variable:

NLS_LANG=AMERICAN_AMERICA.AL32UTF8

Step 26 Set up for Case-Sensitive Passwords (Optional, 11g Database

Only)
Case-sensitive passwords are an option available in Banner only for institutions using
Oracle Database 11g.
If you are using 11g, and you want to take advantage of case-sensitive passwords in
Banner, add this environment variable:
FORMS_USERNAME_CASESENSITIVE=1

Note
Environment variable FORMS_USERNAME_CASESENSITIVE is
available only when using Application Server version 10.1.2.2 or higher.

To enable case-sensitive passwords in Banner, you must also set the database initialization
parameter SEC_CASE_SENSITIVE_LOGIN to TRUE.
For more information specific to Database 11g, see Oracle Database 11g on page 203.

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Configuring Internet-Native Banner

Step 27

Configure Multiple Environments (Optional)

For OAS10gR2

Use these steps if you need to configure multiple environments. The steps will create new
sections in your formsweb.cfg file.
1. Copy default.env to test.env.
2. Access OEM on your INB server: http://yourservername:1810.
3. Choose Forms in the System Components section.
4. Choose the Configuration tab.
5. Select the default configuration and choose Duplicate.
6. Enter test and click OK.
7. Edit the new test section and change value from:
envFile = default.env

to:
envFile = test.env

8. Choose the Environment tab.

9. Edit the new test.env and change values as needed.

Example:
FORMS_PATH - to the path of FMX/PLX/MMXs
TWO_TASK(Unix) or LOCAL (Windows) - to the default database TNS_CONNECT_STRING

10. Append the new section name to the URL:

http://yourservername:port/forms/frmservlet?config=test

For Oracle Fusion Middleware 11g

1. Access OEM on your INB server: http://yourservername:7001/em
2. Choose Forms in the System Components section.
3. Select Duplicate File.

Environment file: default.env

Name: test.env
4. Choose the Configuration tab.
5. Select Create Like.

Banner General 8.3

Middle Tier Implementation Guide
Configuring Internet-Native Banner

October 2010

6. Select the section to duplicate along with the new section name and select Create.
7. Edit the new test section and change value from:
envFile = default.env

to:
envFile = test.env

8. Append the new section name to the URL:

http://yourservername:port/forms/frmservlet?config=test

Step 28

Configure Mac Environment (Optional)

Note
This step is common for both OAS10gR2 and Oracle Fusion Middleware

11g.

Use these steps if you need to configure a Mac environment.

1. Download MRJ from the Apple Web site. Jinitiator is a Windows-only plug in.
2. Add client DPI=95 to the base.htm located in the OAS10g <ORACLE_HOME>/forms/
server

directory.

Example:
<PARAM NAME="clientDPI" VALUE="95">

Step 29

Customize the Color of Required Fields (Optional)

Note
This step is common for both OAS10gR2 and Oracle Fusion Middleware

11g.

Follow these steps if you want to display required fields in a different color.
1. Navigate to the OAS10g <ORACLE_HOME>/forms/java/oracle/forms/ registry.
2. Edit the registry.dat file.
3. Change the following line from false to true:
app.ui.requiredFieldVA=true

4. Add a line such as the following, which turns required fields red:

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Configuring Internet-Native Banner

app.ui.requiredFieldVABGColor=255,0,0

Note
The value for green is:
app.ui.requiredFieldVABGColor=0,255,0

Note
The value for blue is:
app.ui.requiredFieldVABGColor=0,0,255

5. Save the registry.dat file.

6. Test:
6.1.

6.2.

Go to GTVEMAL. The Required Description field should be red.

Step 30

Configure INB to Display Windows XP Themes (Optional)

Note
This step is common for both OAS10gR2 and Oracle Fusion Middleware

11g.

Perform the following steps if your users prefer the XP theme display style. This change
prevents scroll bars from appearing on the INB forms.
1. Edit the ORACLE_HOME\forms\server\basejini.htm file:
1.1.

Find this line:

1.2.

Change it to:
<PARAM NAME="recordFileName" VALUE="%recordFileName%">
<PARAM NAME="clientDPI" VALUE="%clientDPI%">

1.3.

Find this line:

recordFileName="%recordFileName%"

1.4.

Change it to:
recordFileName="%recordFileName%"
clientDPI="%clientDPI%">

2. Access OEM on your INB server.

http://yourservername:1810

3. In the System Components section, choose Forms.

4. Choose Configuration.
5. Add the following parameter to the default section:

Banner General 8.3

Middle Tier Implementation Guide
Configuring Internet-Native Banner

October 2010

Parameter
ClientDPI

Value
95

6. Save your changes.

Step 31

Customize Color Scheme for Disabled Text (Optional)

Note
This step is common for both OAS10gR2 and Oracle Fusion Middleware

11g.

Banner is delivered with the following R, G, and B codes for disabled text:
R=0
G=0
B=0
If your site uses the OracleLookAndFeel parameter and colorScheme BLAF, disabled
text is the same color (black) as regular text. If you want disabled text to be a different
color, use the following steps to change the R, G, and B codes.
1. Create two temporary directories (for example, C:\temp\jar\default and
C:\temp\jar\new).

2. Place bannerui.jar into the C:\temp\jar\default directory.

3. Open a command prompt session at the C:\temp\jar\new directory.
4. Unpack the bannerui.jar file into the C:\temp\jar\new directory:
jar -xvf c:\temp\jar\default\bannerui.jar

5. Navigate to the C:\temp\jar\new\com\sct\banner\forms\ui directory.

6. Access the disabledTextColor.properties and
disabledTextColor_en.properties

files.

7. Search for the OracleLookAndFeel parameter in the following heading:

##################################################
#
# RGB settings to color Disabled Field Text (OracleLookAndFeel)
#
###################################################

The delivered values for R, G, and B are:

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Configuring Internet-Native Banner

R=0
G=0
B=0
8. Change the value for each code to produce the color you prefer.
9. Save your changes.
10. Repackage the bannerui.jar file in the C:\temp\jar\new directory using the jar

command:
jar -Mcvf bannerui.jar *.*

11. Copy the new .jar file to the <ORACLE_HOME>/forms/java directory on the OAS10g

server for deployment.

Step 32

Customize Color Scheme for Tabs (Optional)

Note
This step is common for both OAS10gR2 and Oracle Fusion Middleware

11g.

You can customize the color of the forms tabs, if you wish. The tab color is determined by
the tabPagesColor.properties and tabPagesColor_en.properties files, which are
contained in the bannerui.jar file.
Banner is delivered with the following settings for tabs:
For the active tab (only one tab can be active at one time):
RCurrentTab=0
GCurrentTab=51
BCurrentTab=102
For the other tabs that are available to the user but not currently in use:
REnabledTab=204
GEnabledTab=204
BEnabledTab=204
For the other tabs that are disabled and cannot be selected by the user:
RDisabledTab=204
GDisabledTab=204
BDisabledTab=204

Banner General 8.3

Middle Tier Implementation Guide
Configuring Internet-Native Banner

October 2010

To change the tab colors, perform the following steps:

1. Create two temporary directories (for example, C:\temp\jar\default and
C:\temp\jar\new).

2. Place bannerui.jar into the C:\temp\jar\default directory.

3. Open a command prompt session at the C:\temp\jar\new directory.
4. Unpack the bannerui.jar file into the C:\temp\jar\new directory:
jar -xvf c:\temp\jar\default\bannerui.jar

5. Navigate to the C:\temp\jar\new\com\sct\banner\forms\ui directory.

6. Access the tabPagesColor.properties and tabPagesColor_en.properties files.
7. Search for the OracleLookAndFeel parameter in the following heading:
#######################################################
#
# RGB settings to color Tab Pages (OracleLookAndFeel)
#
##########################################################

8. Change the value for each code to produce the color you prefer.
9. Save your changes.
10. Repackage the bannerui.jar file in the C:\temp\jar\new directory using the jar

command:
jar -Mcvf bannerui.jar *.*

11. Copy the new .jar file to the <ORACLE_HOME>/forms/java directory on the OAS10g

server for deployment.

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Configuring Internet-Native Banner

Banner General 8.3

Middle Tier Implementation Guide
Configuring Internet-Native Banner

October 2010

Configuring Self-Service
Banner

Overview
This chapter describes the steps to install Web Tailor and Web General and to configure
Self-Service Banner (SSB). You will be guided through the following steps:
1. Set up Your Web Server Files on page 60
2. Customize Ear Files on page 63
3. Deploy EAR Files on Oracle Application Server on page 65
4. Set Up Apache httpd.conf for Link Security (Optional) on page 68
5. Review and Customize Global Web Rules on page 68
6. Review and Customize Global User Interface Settings on page 69
7. Review and Customize Graphic Elements on page 70
8. Review and Customize Web Menus and Web Procedures on page 70
9. Review and Assign Web Roles to Web Menus and Procedures on page 72
10. Review and Define Links on Menus on page 73
11. Review and Customize Information Text (Info Text) on page 75
12. Add Credit Card Processing (Optional) on page 76
13. Customize the Home Page on page 76
14. Configure the Home Page Menu Items (Optional) on page 76
15. Select a User Interface on page 76
16. Luminis Integration (Optional) on page 77

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Configuring Self-Service Banner

17. Configure Web Tailor for LDAP Server (Optional) on page 77

18. Assign View and Update Privileges for Addresses on page 79
19. Establish Web User Parameters and Third Party History Information on page 80
20. Set Up Campus Directory Processing on page 87
21. Set Up Web E-Mail Address Options on page 90
22. Set Up Web Surveys on page 92
Tip
You cannot implement any of the other self-service applications until you

have implemented Web Tailor and Web General.

After you perform these steps, you must also set up various preferences, etc., as described
in the Banner product-specific user guides (e.g., General, Student, Advancement). In
addition, you need to set up the rest of your Self-Service Banner products using the
product-specific implementation guides.
Note
You do not need to perform the steps in this chapter if your institution has

not licensed Self-Service Banner.

Keep in mind that there are three levels of settings maintained in Web Tailor:
Global - applies to all the self-service products
Module - applies to a single module, e.g., Student Self-Service
Procedure - applies to a single procedure, e.g., bwgkomar.P_SelectMtypUpdate
(Update Marital Status)
For technical information, please refer to the Banner Web Tailor User Guide.

Prerequisites
You must already have implemented Banner General.
You must be a Web Tailor administrator in order to perform the steps in this
chapter.
Note
TWADMINU.SQL has been delivered with Web Tailor and migrated to the
production wtlweb/plus/ directory. This script can be used to assign
the WEBTAILOR ADMINISTRATOR role to an existing Banner ID using

SQL*Plus.

Banner General 8.3

Middle Tier Implementation Guide
Configuring Self-Service Banner

October 2010

Banner Web Tailor 8.3 requires three web applications that need to be deployed to
a J2EE container. For this, an instance of OAS 10.1.3.x is required.
Note
For those who want to keep Banner Self-Service and the Java EE
applications co-located, you can install both Banner Self Service and the
Java EE application on an Oracle 10.1.3.x application server instance.
You can also choose to keep Banner Self-Service on the same
application server as your Internet Native Banner application server, but
are required to have an Oracle Application Server 10.1.3.x available to
deploy the Java based applications that are part of Banner WebTailor

8.3.

How to Create a DAD in OAS 10.1.2.x

SunGard Higher Education recommends that you use Oracle Enterprise Manager
(OEM) for all configuration file changes.
Note
The Oracle Web Packages must be installed in the database prior to
following these steps. Installation of the Web Packages should have been

completed as part of your Banner installation or upgrade process.

For OAS10gR2
1. Access OEM on your SSB server: http://yourservername:1810.
2. Choose HTTP Server.
3. Choose Administration.
4. Choose PL/SQL Properties.
5. Choose DADs.
6. Choose Create.
7. Choose General. Choose Next.
8. Enter the DAD name in the DAD Name or Location field.
9. Enter the Banner OAS10g username in the Username field (e.g. OAS_PUBLIC).
10. Enter the password in the Password field.
11. Enter TNS connect string information in the Connect String Format field.

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Configuring Self-Service Banner

12. Enter the name of your default home page in the Default Page field (for example,
homepage.htm).

Choose Next.

13. Choose Next.

14. (Optional, if you plan to configure user-friendly error messages). In the CGI

Environment List section, enter REDIRECT_STATUS, REDIRECT_ERROR_NOTES. Select

Apache Style from the drop-down list for the Error Style check box.
15. Enter twbklist.p_main for the Before Procedure value. Choose OK.

After your DAD has been created, use the following step to improving the PL/SQL
performance in the Oracle HTTP Server.
16. Specify the following parameters, in order, in the dads.conf file.
PlsqlFetchBufferSize 256
PlsqlAlwaysDescribeProcedure off
PlsqlSessionStateManagement StatelessWithFastResetPackageState

17. Save the dads.conf file.

After your DAD has been created, use the following steps if you plan to configure userfriendly error messages.
18. Edit the dads.conf file on your OAS server and add the following line to the end of

your DAD Location directive:

ErrorDocument 404 /<DAD name>/twbkserr.p_system_error

19. To support the UTF8 character set, set the NLS_LANG parameter.
PlsqlNLSLanguage AMERICAN_AMERICA.AL32UTF8

For Oracle Fusion Middleware 11g

1. Access OEM on your SSB server: http://yourservername:7001/em.

For example, Login as Weblogic.

2. Expand Web Tier and select ohs1.
3. From the Oracle HTTP Server drop-down list, select Administration > Advanced

Configuration.
4. From the Select File drop-down list, select dads.conf.
5. Click Go.
6. Edit or add additional Locations to this file.

The following is a sample DAD configuration:

Banner General 8.3

Middle Tier Implementation Guide
Configuring Self-Service Banner

October 2010

<Location /dbServer_ban8>
SetHandler pls_handler
Order allow,deny
Allow from All
AllowOverride None
PlsqlDatabaseUsername www_user
PlsqlDatabasePassword u_pick_it
PlsqlDatabaseConnectString dbServer.sct.com:1521:BAN8 SIDFormat
PlsqlAuthenticationMode Basic
PlsqlNLSLanguage AMERICAN_AMERICA.AL32UTF8
PlsqlDefaultPage homepage.htm
PlsqlBeforeProcedure twbklist.p_main
PlsqlAlwaysDescribeProcedure Off
PlsqlErrorStyle DebugStyle
ErrorDocument 404 /dbServer_ban8/twbkserr.p_system_error
PlsqlCompatibilityMode

</Location>

7. Click Apply after completing the necessary edits.

8. From Advanced Configuration, select httpd.conf.
9. Click Go.
10. Add additional lines to configure a virtual host in the web server.

The following is a sample configuration:

<VirtualHost YourwlServerIPAddress:9010>
ServerName wlServer.sct.com
DocumentRoot "/aux/ban8/webdocs"
DirectoryIndex homepage.htm
</VirtualHost>

11. Click Apply after completing the necessary edits.

12. To alter or modify obfuscate the DAD password in the dads.conf file, login to the

web server as Oracle and execute the following command:

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Configuring Self-Service Banner

perl dadTool.pl -f /aux/oracle/middleware/asinst_1/config/OHS/ohs1/

mod_plsql/dads.conf

13. Restart the web services for the changes to take effect.

This can be done through the WebLogic console or from the command line with
opmnctl restartproc. After creating DAD, you can use the Before Procedure feature of
the Application Server to enable additional security authentication.
14. Enter twbklist.p_main for the Before Procedure value. Choose OK.

After your DAD has been created, use the following step to improving the PL/SQL
performance in the Oracle HTTP Server.
15. Specify the following parameters, in order, in the dads.conf file.
PlsqlFetchBufferSize 256
PlsqlAlwaysDescribeProcedure off
PlsqlSessionStateManagement StatelessWithFastResetPackageState

16. Save the dads.conf file.

After your DAD has been created, use the following steps if you plan to configure userfriendly error messages.
17. Edit the dads.conf file on your OAS server and add the following line to the end of

your DAD Location directive:

ErrorDocument 404 /<DAD name>/twbkserr.p_system_error

18. To support the UTF8 character set, set the NLS_LANG parameter.
PlsqlNLSLanguage AMERICAN_AMERICA.AL32UTF8

Configuration Steps
Step 1

Set up Your Web Server Files

Use the following steps to set up your Web server files:

1. Create a subdirectory called wtlhelp under the Web server's document root directory

tree. This is the root directory defined during the Oracle Apache HTTP Listener
configuration.
2. Transfer any Web Tailor installed HTML files (if they exist) from your Banner host

machine to the Web server wtlhelp directory. The HTML files reside in the
following Banner directories.
UNIX: $BANNER_HOME/wtlweb/htm

Banner General 8.3

Middle Tier Implementation Guide
Configuring Self-Service Banner

October 2010

VMS: BAN_HOME:[wtlweb.htm]
NT: drive letter:\${banner_home}\wtlweb\htm
You can transfer the text files to your Web server machine by using your sites
preferred file transfer utility (for example, ftp). Transfer the files in ASCII mode.
3. Transfer any Web Tailor-installed GIF files (if they exist) from your Banner host

machine to the Web server wtlgifs directory. The GIF files will reside in the
following Banner directories:
UNIX: $BANNER_HOME/wtlweb/gif
VMS: BAN_HOME:[wtlweb.gif]
NT: drive letter:\${banner_home}\wtlweb\gif
You can transfer the graphic files to your Web server machine by using your sites
preferred binary file transfer utility. Transfer the files in BINARY mode.
4. Transfer any Web Tailor help GIF files (if they exist) from your Banner host machine

to the Web server wtlhelp/images directory. The GIF files will reside in the
following Banner directories:
UNIX: $BANNER_HOME/wtlweb/htm/images
VMS: BAN_HOME:[wtlweb.htm.images]
NT: drive letter:\${banner_home}\wtlweb\htm\images
You can transfer the graphic files to your Web server machine by using your sites
preferred binary file transfer utility. Transfer the files in BINARY mode.
5. Copy homepage.htm in the wtlhelp directory to the document root directory on the

Web server machine. The file homepage.htm can be found in wtlweb/htm.

Note
The homepage.htm file contains only an HTML redirect command to call a

menu that is generated by Web Tailor.

6. In the homepage.htm file, change all occurrences of /test/owa to the DAD name

created during the Oracle Apache HTTP Listener configuration. This is the Oracle
Apache HTTP Listener that was configured to connect to your Banner host machine.
Note
The file homefram.htm is no longer necessary since Web Tailor does not

use framesets now.

7. Create a subdirectory called css (if it doesnt already exist) under the Web servers

document tree. This is the root directory defined during the Oracle Apache HTTP
Listener configuration.

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Configuring Self-Service Banner

8. Copy the .css files in the htm directory to the /css directory on the Web server.

They are:
app-overrides.css
cascade.css
cascade.common.css
cascade-luminis.css
common-controls.css
common-platform.css
ie6.css
ie7.css
ie8.css
login.css

9. Create a subdirectory called js (if it doesnt already exist) under the Web servers

document tree. Copy the contents of $BANNER_HOME/wtlweb/js folder into the js

directory.
10. Create an images folder in the /css directory and copy the images from /htm/images

to the /css/images directory.

11. Create a jquery folder under the /css directory and copy the $BANNER_HOME/
wtlweb/htm/jquery/jquery.autocomplete.css

file into the jquery folder.

12. Under the Web server's document tree, open js/serviceProperties.js and modify

the url and domain details to point to the new OAS 10.1.3.x OC4J deployment
configuration created below in Deploy EAR Files on Oracle Application Server on
page 65.
For example:
var Bannerservice = {
url: 'http://<yourservername:port>',
endpoints: ["/banner-ssb-ws/SSB/standaloneapp/udcxml",
"/banner-ssb-ws/SSB/searchresults/",
"/banner-ssb-ws/SSB/menuentries/"]
}
var auroraService = {
url: 'http://<yourservername:port>',
endpoints: ["/aurora-ws/resources/navigationentries/ssb/
standalone_role_nav_bar"]
}
var CookieConstants = {
domain: '<yourdomainname>'
}

Banner General 8.3

Middle Tier Implementation Guide
Configuring Self-Service Banner

October 2010

13. The Oracle Apache HTTP Listener component needs to be restarted to recognize the

new files. Refer to the Oracle Apache HTTP Server Installation Guide for
instructions on restarting the Oracle Apache HTTP Listener.
14. The SunGard Higher Education example home page is now accessible using the

URL:
http://yourssbservername:port/yourdad/twbkwbis.P_GenMenu?name=homepage

Step 2

Customize Ear Files

The following ear files are delivered with Web Tailor 8.3 and can be found can be found
inside the /java sub-directory in the upgrade:
aurora.ear
aurora-ws.ear
banner-ssb-ws.ear
To customize ear files delivered with Web Tailor, perform the following steps:
1. Copy the aurora-ws.ear and banner-ssb-ws.ear files to a temporary location. For

example:
u01/earfiles

2. Create the following subdirectories:

u01/earfiles/banner_extract
u01/earfiles/banner_extract/war_extract
u01/earfiles/aurora_extract
u01/earfiles/aurora_extract/war_extract

3. In the banner_extract directory, extract the .war files available in the banner-ssbws.ear

file. For example:

jar xvf ..\banner-ssb-ws.ear

4. In the banner_extract/war_extract directory, extract the .war files available in the ear

files. For example:

jar xvf ..\banner-ssb-ws.war
ssb-jdbc.properties and application.properties are the two properties files
available in banner-ssb-ws.ear and aurora-ws.ear files.

5. In the banner-ssb-ws.ear file, open the /u01/earfiles/banner_extract/

war_extract/WEB-INF/classes/ssb-jdbc.properties

and customize this file

according to your needs.

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Configuring Self-Service Banner

ssb-jdbc.driver=oracle.jdbc.driver.OracleDriver
ssb-jdbc.url=jdbc:oracle:thin:@yourservername:port:sid
ssb-jdbc.user=<userid>- The default username of for the database
connection. In most cases, the username should be set to cascadeu.
ssb-jdbc.password=<password> - The default password of the user for
the database connection.
ssb-jdbc.max.active=-1 - The maximum number of active connections that
can be allocated from this pool at the same time, or non-positive for
no limit.
ssb-jdbc.max.idle=8 - The maximum number of active connections that
can remain idle in the pool, without extra ones being released, or
negative for no limit.
ssb-jdbc.max.wait=-1 - The maximum number of milliseconds that the
pool will wait (when there are no available connections) for a
connection to be returned before throwing an exception, or -1 to wait
indefinitely.
ssb-jdbc.proxy=false - Valid values are true and false. True indicates
that Oracle connections will be proxy connections. Proxy connections
will allow Oracles VBS and FGAC rules to be employed for the user.
False indicates that Oracle connections are exclusive for the
identified user.

6. In banner-ssb-ws.ear file, open the /u01/earfiles/banner_extract/

war_extract/WEB-INF/classes/application.properties

file and modify the

following:
host=<the host where the OAS is running>
dad=/s10b811g/ (dad name to be set)
port=<port on which ssb is running>
protocol=http
system.name= <application name that should appear in the Browse menu,
for example, system.name=Banner>

7. In the aurora_extract directory, extract the .war files available in the auroraws.ear

file. For example:

jar xvf ..\aurora-ws.ear

8. In the aurora_extract/war_extract directory, extract the .war files available in the

ear files. For example:

jar xvf ..\aurora-ws.war

9. In aurora-ws.ear file, open the /u01/earfiles/aurora_extract/war_extract/

WEB-INF/classes/application.properties

file and modify the following:

ssb=http://yourservername:port/banner-ssb-ws/SSB/standaloneapp
depth=<maximum level of submenus that should be displayed in Browse
menu, for example, depth=10>

10. Save the properties file and overwrite the modified properties file to the war.

Banner General 8.3

Middle Tier Implementation Guide
Configuring Self-Service Banner

October 2010

11. Reconstruct the ear files. For example:

cd /u01/earfiles/banner_extract/war_extract
[windows] jar cmf META-INF\MANIFEST.MF ..\banner-ssb-ws.war *.*
[Unix] jar cmf META-INF/MANIFEST.MF ../banner-ssb-ws.war *
cd /u01/earfiles/banner_extract
[Windows] jar cmf META-INF\MANIFEST.MF ..\banner-ssb-ws.ear bannerssb-ws.war META-INF
[Unix] jar cmf META-INF/MANIFEST.MF ../banner-ssb-ws.ear banner-ssbws.war META-INF

This will regenerate the /u01/earfiles/banner-ssb-ws.ear

cd /u01/earfiles/aurora_extract/war_extract
[windows] jar cmf META-INF\MANIFEST.MF ..\aurora-ws.war *.*
[Unix] jar cmf META-INF/MANIFEST.MF ../aurora-ws.war *
cd /u01/earfiles/aurora_extract
[Windows] jar cmf META-INF\MANIFEST.MF ..\aurora-ws.ear aurora-ws.war
META-INF
[Unix] jar cmf META-INF/MANIFEST.MF ../aurora-ws.ear aurora-ws.war
META-INF

This will regenerate the /u01/earfiles/aurora-ws.ear

12. Deploy these modified ear files to the Oracle Application Server.

Step 3

Deploy EAR Files on Oracle Application Server

Prior to deploying the EAR files, you must first create a new OC4J instance.
1. Log in to your OAS 10.1.3.x environment using your user ID and password.
2. Create a new group for SGHE application deployments, if the group does not already

exist.
2.1.

Click Create in the Groups section of the Cluster Topology Page.

2.2.

Enter Group Name: sghe_group.

2.3.

Click Create.

3. Create a new instance for this application.

October 2010

3.1.

Expand All Application Servers.

3.2.

Click your installation of 10.1.3, for example,

OAS_10_1_3.<yourservername>

3.3.

Click Create Instance.

Banner General 8.3

Middle Tier Implementation Guide
Configuring Self-Service Banner

3.4.

Use instance name = cascade_<oracle_sid>, where <oracle_sid> is equal to

the Oracle SID of the environment for which this is being deployed.

3.5.

Check Add to an existing group with name sghe_group.

3.6.

Check Start this instance after creation.

3.7.

Click Create.

4. Select the cascade_<oracle_sid> instance name.

5. Select the Applications tab.
6. To deploy aurora.ear file in OAS, do the following:
6.1.

Click the deploy link to select the archive file and the deployment plan.

6.2.

Click Browse... and select the archive location for the aurora.ear file.

6.3.

Click Browse... and select the plan location for aurora_plan.dat file.

6.4.

Click Next.
The Deploy: Application Attributes page is displayed.

6.5.

Click Next.
The Deploy: Deployment Settings page is displayed.

6.6.

Click Next.
The Confirmation page is displayed with the following message:
The Application aurora has been successfully deployed.

7. To deploy aurora-ws.ear files in OAS, do the following:

7.1.

Click the deploy link to select the archive file and the deployment plan.

7.2.

Click Browse... and select the archive location for the aurora-ws.ear file.

7.3.

Click Browse... and select the plan location for aurora-ws_plan.dat file.

7.4.

Click Next.
The Deploy: Application Attributes page is displayed.

7.5.

Click Next.
The Deploy: Deployment Settings page is displayed.

Banner General 8.3

Middle Tier Implementation Guide
Configuring Self-Service Banner

October 2010

7.6.

Click Next.
The Confirmation page is displayed with the following message:
The Application aurora-ws has been successfully deployed.

8. To deploy banner-ssb-ws.ear file in OAS, do the following:

8.1.

Click the deploy link to select the archive file and the deployment plan.

8.2.

Click Browse... and select the archive location for the banner-ssb-ws.ear file.

8.3.

Click Browse... and select the plan location for banner-ssb-ws_plan.dat file.

8.4.

Click Next.
The Deploy: Application Attributes page is displayed.

8.5.

Click Next.
The Deploy: Deployment Settings page is displayed.

8.6.

Click Next.
The Confirmation page is displayed with the following message:
The Application banner-ssb-ws has been successfully deployed.

9. To modify the Server Properties, do the following:

9.1.

9.2.

Select Cluster Topology > Application Server: OAS 10.1.3 server name.
9.1.1.

Click the cascade_<oracle_sid> OC4J Instance.

9.1.2.

Select the Administration tab.

9.1.3.

Locate the Server Properties and click the Go To Task icon.

Under Ports/Web Sites, enter the following information

Name = default-web-site
Port = 8895 (from default 12501-12600 pick any open port)
Protocol = http (from default ajp)

9.3.

Under Start-parameters: Java Options, change the following settings:

Maximum heap size = 1024M (from 64M default)
Initial heap size = 512M (from 2M

October 2010

default)

Banner General 8.3

Middle Tier Implementation Guide
Configuring Self-Service Banner

9.4.

Click Apply.

Note
This step may take a long period of time to complete.
9.5.

Restart the cascade_<oracle_sid> OC4J instance from the Cluster Topology

page.
9.5.1.

Expand OAS 10.1.3 server name.

9.5.2.

Select the cascade_<oracle_sid> checkbox.

9.5.3.

Click Restart.

9.5.4.

Click Yes.

Note
This step may take a long period of time to complete.

Step 4

Set Up Apache httpd.conf for Link Security (Optional)

You can configure the Apache server for extra security against a certain kind of script
injection attack. This setup, described in detail in FAQ 1-2PE6V7, involves prohibiting
links from Self-Service to any URL that is not specifically allowed in the servers
httpd.conf file.
If you use this security feature, you may need to update the list of links in httpd.conf when
new Self-Service pages are added. In general, three kinds of pages must be listed:
Pages that are an initial entry point to SSB
Pages that are called from a redirect in the code
Pages that are opened in a popup window
See FAQ 1-2PE6V7 for detailed instructions.
Step 5

Review and Customize Global Web Rules

Web rules are global settings. They affect the look and feel of all your self-service pages
and specify how the pages function. You will want to review the SunGard Higher
Education-delivered rules to make sure they are appropriate for your institution.
To define and customize Web rules, select Web Rules from the Web Tailor Administration
Menu. The Customize Web Rules page (twbkrul.P_ModifyPg_WebRules) appears. It
allows you to specify settings such as:
The number of minutes the system will allow the user to be inactive before timing
out the session
The formats that will be used for date and time information

Banner General 8.3

Middle Tier Implementation Guide
Configuring Self-Service Banner

October 2010

How many days PINs are valid before they must be reset
If users should see a Terms of Usage page when they first log on
Note
The Java Classpath field is now obsolete.

Note
If your institution is using an LDAP server to authenticate user logons, the
Maximum Number of Login Attempts field and the PIN Expiration in

days field will not be used.

For detailed information about the Customize Web Rules page, refer to the Web Tailor
User Guide.
Step 6

Review and Customize Global User Interface Settings

Examine the basic look and feel of your Web site. You will want to make sure it is
appropriate for your institution.
1. From the Web Tailor Administration Menu in Web Tailor, select Global User

Interface Settings. The changes you make here will affect all the dynamic pages in
your self-service products. These changes include:
The name of your institution as you would like it displayed on the Web site
(Optional) A header image that will overlay the background image at the top
of the screen (defined in the CSS)
The URL that points to the system-level Cascading Style Sheet (CSS) for
application pages
The URL that points to the system-level HTML Help text
The URL that points to the CSS that controls how your dynamic Help text is
displayed (Information Text with the label HELP)
Note
Exit Image, Back Image, and Menu Image are obsolete.

2. To use an image of your own to designate error messages, warning messages, or

required fields (optional):

October 2010

2.1.

Follow the instructions in this step to define a new image.

2.2.

Return to the Customize Global User Interface Settings page

(twbkglui.P_ModifyPgGlobalUI) and select the new image from the
appropriate pull-down menu.

Banner General 8.3

Middle Tier Implementation Guide
Configuring Self-Service Banner

Step 7

Review and Customize Graphic Elements

Graphic elements are images that can be customized to display at various places in SelfService Banner. They can be placed next to menu items, error and warning messages,
links, Info Text, and the like. You will want to review the SunGard Higher Educationdelivered graphic elements to make sure they are appropriate for your institution.
You can use Web Tailor to customize the graphics and icons that appear on your Web
pages, or to define new ones. To do that, use the following steps:
1. Select Graphic Elements from the Web Tailor Administration Menu. Select the

Create button to create a new element, or choose one from the pull-down menu. The
Customize the Selected Graphic Element page appears.
2. Enter information about the graphic element, including:

The name of the element. If you are customizing one that has been delivered by
SunGard Higher Education, you may want to rename it to something unique to
your institution
The URL that points to the element
The images width and height
Any alternate text to be processed by a user agent such as a screen reader. This will
help a visually-impaired user understand how the graphic element is used
Step 8

Review and Customize Web Menus and Web Procedures

Review the SunGard Higher Education-delivered menus and Web procedures, and
customize them if necessary. The TWGBWMNU table stores the basic information for all
menus and procedures.
Note
SunGard Higher Education-delivered data has the source BASELINE.
You cannot change it. You can only change Local data. Select Copy
Baseline entries to Local to make a copy of the BASELINE entries with
the source Local. Data delivered by SunGard Higher Education in future
releases will be delivered as BASELINE so the customizations you make

will not be overwritten. This is true for the following four tables:

TWGBWMNU--Web Tailor menus and procedures

TWGRWMRL--Web Tailor roles
TWGRINFO--Web Tailor Information Text
TWGRMENU--Web Tailor menu items and links
The menus in the self-service products are dynamic, containing a series of links to other
Web pages. Procedures generate Web pages, and can appear as bottom-of-the-page links
on menus.

Banner General 8.3

Middle Tier Implementation Guide
Configuring Self-Service Banner

October 2010

The names of Web pages are defined as package.procedure combinations, e.g.,

bwgksrvy.P_ShowSurveys.
All dynamically-generated menus and interface procedures that are called from the Oracle
Apache PL/SQL Agent must be defined in Web Tailor.
Menu items defined for a menu appear on the normal Web Tailor-generated menus. Menu
items that are defined to appear on a procedure (an application Web page) will appear as a
set of links on the bottom of the page.
The TWGBWMNU table stores the basic information for all menus and
package.procedures.

Customizing Your Institutions Menus and Procedures

To use Web Tailor to customize your institutions menus, access Web Menus and
Procedures from the Web Tailor Administration menu. On the Customize a Web Menu or
Procedure page (twbkwmnu.P_ModifyPgWebMain), choose an existing menu or procedure
from the pull-down menu. For example, to customize the home page provided by SunGard
Higher Education, select homepage from the pull-down list.
Use these steps to enter or change the following information:
1. Create a local row by selecting the Copy Baseline to Local button.
2. Change any of the following:

The pages name and description

The name of the self-service product to which the page belongs, e.g., Student
Self-Service, Finance Self-Service, etc.
Any comments about the page
3. Select the Enabled check box if you want the Web page to be available to menus and

to other pages. Otherwise, leave it cleared. This is helpful if you are creating a new
page and you have not finished yet; do not select the check box until the page is
ready.
4. Select the Non Secured Access Allowed if you want to allow users to access your

page without having them enter a user ID and PIN. Otherwise, leave it cleared.
Note
Non-secured items must appear on non-secured menus to be visible.

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Configuring Self-Service Banner

5. Set the caching method (if the browser supports caching). Select one of the following

from the pull-down menu:

Use System Setting
Allow Caching
Do Not Allow Caching
Note
You will not usually change this setting.

6. (Optional) Change the page title.

7. (Optional) Change the page header.
8. (Optional) Change the name of the graphic you want displayed at the top of the page.
9. Change the location of the cascading style sheet you want to use for the Web page if

you want to override the system-level style sheet and apply a custom style sheet to
just this page.
Note
The Exit Link Image, Menu Link Image, Help Link Image, and Back Link
Image fields are obsolete. The self-service applications use text links now

instead of images.
Note
You will make your Web pages available to a specific role or roles using

Web Tailor.

Step 9

Review and Assign Web Roles to Web Menus and Procedures

A Web role is a SunGard Higher Education-assigned name for the access privileges that an
end-user can have, based on specific records that exist in the Banner database. In addition,
some roles can be assigned to specific individuals. These are usually administrative roles.
The roles identify the characteristics of the individual ID that logs on to the Web. They
identify main functional areas of Banner that contain information about the person.
A person may have more than one role.
Note
A local TWGRWMRL row is automatically created when a local
TWGBWMNU row is created.

Banner General 8.3

Middle Tier Implementation Guide
Configuring Self-Service Banner

October 2010

Menu Authorization

Roles determine what menus are displayed after logging on and what a person has access
to. In addition, users can only see items on those menus that their roles authorize them to
see.
Note
Web user roles should not be confused with Banner security roles.
Banner security roles are an element of Banner system security enforced
above the application level. For information about Banner security roles,

see the Banner Security Technical Reference Manual.

The system uses additional criteria and enforces secure access to additional Web pages the
individual can access. For example, a student cannot register for classes if his current
general student record is not active. Refer to each self-service products implementation
guide for the rules that control a users access and update privileges.
At the bottom of the Customize a Web Menu or Procedure page
(twbkwmnu.P_ModifyPgWebMain), you can identify the roles that can access the pages.
The roles apply equally to menus and procedures.
1. Review the delivered roles to make sure they are appropriate for your institution.
2. If you add a new procedure, assign at least one Web role to it, or else no users will be

able to access it.

Step 10

Review and Define Links on Menus

Now you should review the SunGard Higher Education-delivered links that appear on
your menus. The TWGRMENU table stores the detail information about how to display
individual menu items (menus or procedures).
There are three types:
Menu item - a procedure or menu associated with (defined on) a menu. These are
what you see on the full-page menus.
Bottom-of-the-page link - a procedure or menu defined as a menu item on a
procedure that generates a Web page. These links are navigation aids. For example,
bottom-of-the-page links could be used to move back and forth between two
associated Web pages. Bottom-of-the-page links cannot have a graphic in front of
them; they are only text.
Global menu bottom link - a menu that it has been selected to be at the bottom of
every page in the a module using the Customize a Module in Web Tailor.

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Configuring Self-Service Banner

Note
SunGard Higher Education has removed all graphics associated with
menu items, in order to conform to the W3Cs accessibility guidelines.
You can still associate graphics with menu items, but SunGard Higher
Education does not deliver them that way.

All these items will be displayed to the user based on three criteria:
Is the menu item enabled for the current Web page?
Is the page to which you want to link enabled in your system?
Does the users role allow them to access the Web page where the link would take
them?
All three questions must be answered yes for the item to appear.
Changing the Delivered Links

To change the delivered links, perform the following steps:

1. Select Menu Items from the Web Tailor Administration Menu.
2. Choose the menu that your links will appear on.
3. Make a local row by selecting the Copy Baseline to Local button.
4. Select Customize Menu Items.

You can change the order that the items appear in by selecting the appropriate
number from the pull-down menu, then selecting Reorder these Elements.
You can change the URL, description, status bar text, etc., by selecting the link and
entering the changes on the Customize the selected Menu Item page.
You can add a menu item by selecting Add a New Menu Item and entering the
information on the Customize the selected Menu Item page.
There are two check boxes when you add a new menu item:
Submenu indicator - specifies that the object is a Web Tailor menu, not a
package name. When you select it, its name is passed to
twbkwbis.p_genmenu to display a menu of links.
DB Procedure - if this check box is selected and the Submenu indicator is
not, the object is an application page; a link is constructed to call the
package.procedure directly to generate a Web page.
If neither check box is selected, the link is considered an external link to an outside
site.
You can add a bottom-of-the-page link by adding the item to the procedure as if it
was a menu itself.

Banner General 8.3

Middle Tier Implementation Guide
Configuring Self-Service Banner

October 2010

5. Implement optional menu changes.

You can add a global menu bottom link by selecting Web Modules from the Web
Tailor Administrator menu. Select the appropriate module from the pull-down
menu, and select Customize Module. Expand the pull-down menu next to Global
Menu Bottom Links, and select the appropriate item. Save your changes.
Menu items may be temporarily disabled without deleting them. This may be very
useful for pages which allow student registration or employee open enrollment.
When these functions are not allowed by your institution, simply clear the Enabled
indicators. Your menu item information will be preserved for the next time the
function should be available.
Whenever you enable or disable menu items, make sure you find all the
occurrences of the link. For example, View Addresses and Phones is available
from the Personal Information menu and the Update Addresses and Phones page.
For more information, refer to the Web Tailor User Guide.
Step 11

Review and Customize Information Text (Info Text)

Now you should review the delivered Info Text and customize it if necessary. Info Text is
described in detail in the Web Tailor User Guide.
Customizing Info Text

To create or modify Info Text:

1. Select Information Text from the Web Tailor Administration Menu.
2. Choose a package.procedure combination from the pull-down list.
3. Create a local row by selecting the Copy Baseline to Local button.
4. Select Customize Info Text. The Reorder or Customize Information Text page appears.
5. Select the label of the text you want to change, and the Customize the selected

Information Text Entry page (twbkwinf.P_ReorderPgInfoText) appears. You can

alter the Info Text and save your changes. You can also include a graphic with it by
selecting the graphic from the Image pull-down menu. The image will appear to the
left of the Info Text when it is displayed.
The delivered Info Text has been written to be used with all of Self-Service Banner. If
your institution has not licensed all the products, you may want to customize some of
the messages to refer to only those which you have.
Warning
It is very easy to affect the entire pages appearance by making an error in
any of the embedded HTML in the Info Text. Please test your changes

thoroughly.

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Configuring Self-Service Banner

Step 12

Add Credit Card Processing (Optional)

Generic Web Credit Card Payment logic exists in several Web General and Web Tailor
packages. These packages let you populate, accept, validate, store, and verify or change
address information.
Any of your Web applications may take advantage of Web Credit Card Payment
processing. There are several aspects of the processing which you will want to evaluate
and, perhaps, implement. For details, refer to Payment Processor Connection Handbook.
Step 13

Customize the Home Page

To customize the content of the homepage that will be seen by the Web user:
1. Select Menu Items from the Web Tailor Administration Menu.
2. Select homepage from the pull-down list and select the Customize Menu Items

button.
3. Click Copy Baseline to Local to create a local row.
4. Make any necessary changes and save those changes.

Step 14

Configure the Home Page Menu Items (Optional)

The Cascade theme does not display a Main menu in the secured area. If you have items
on the main menu that do not display as tabs, you will need to either create a new main
menu tab to display this content or move the items on the main menu that do not display as
a tab to an existing tab. This step will be performed within Web Tailor.
Step 15

Select a User Interface

To select a user interface, perform the following steps:

1. Access WebTailor Administration.
2. Click WebTailor Parameters UI_Theme Parameter Value.
3. Select one of the following user interfaces:

cascade
default
4. Save your changes.

Banner General 8.3

Middle Tier Implementation Guide
Configuring Self-Service Banner

October 2010

Step 16

Luminis Integration (Optional)

To integrate Self-Service Banner with Luminis Platform 4.x systems, refer to LDI for eLearning Banner Implementation Guide, Volume 1. To integrate Self-Service Banner with
Luminis Platform 5.x systems, refer to the Luminis Platform Banner Integration Setup
Guide.
Step 17

Configure Web Tailor for LDAP Server (Optional)

You can use the Lightweight Directory Access Protocol (LDAP) authentication process to
authenticate your users IDs and passwords for Self-Service Banner. Users can use their
LDAP user IDs and passwords to logon to all the self-service applications they need to
use.
Note
Admissions Self-Service (part of Student Self-Service) and Advancement
Self-Service allow users to create logon IDs that are temporary (and are
not stored in the SPRIDEN table). LDAP does not authenticate these

users credentials.

The mapping between the LDAP user and the self-service user can be stored on the LDAP
server as an attribute, or it can be stored on the Third Party Access Table (GOBTPAC) in
Banner General.
Note
Authentication in Self-Service Banner is accomplished either through a
proprietary ID/PIN mechanism, or through an LDAP bind. These options
are system-wide, and only one can be chosen. If you choose the LDAP
option, the PIN field in the Banner database and all functions in SelfService that deal with maintaining the PIN become irrelevant and are not
used. These functions would need to be performed using features of your

LDAP server.

You can set the LDAP authentication process to use Single Socket Layer (SSL).
You must perform the following steps to configure Web Tailor for use with your LDAP
server:
1. Set up the LDAP options on the new LDAP Administration page

(twbkldap.P_ModifyPgLDAP) in Web Tailor.

October 2010

1.1.

LDAP Protocol - Specifies the protocol to be used with self-service. Select

LDAP_S if you are using LDAP with SSL at your institution

1.2.

SSL Wallet Location - Specifies the wallet location. This is required if you are
using a one-way or two-way SSL connection.

1.3.

SSL Wallet Password - Specifies the wallet password. This is required if you are
using a one-way or two-way SSL connection.

Banner General 8.3

Middle Tier Implementation Guide
Configuring Self-Service Banner

1.4.

SSL Authentication Mode - Specifies the Authentication Mode.

These options are described in detail later in this chapter.

2. Set up the Web Tailor parameters on the existing Web Tailor Parameters page.
2.1.

LDAPFUNCTION - the package.procedure combination that will perform the

mapping between the LDAP user and self-service ID.

2.2.

LDAPPWDLENGTH - the maximum number of characters for the password.

2.3.

PINNAME - the PINs label on the LDAP logon page. You can customize this
for your institution.

Note
The PIN characteristics set up on the Enterprise PIN Preferences Form
(GUAPPRF) in Banner General are ignored when you are using LDAP to

authenticate your users.

2.4.

USERIDLENGTH - the maximum number of characters a user ID can contain.

2.5.

USERIDNAME - the user IDs label on the LDAP logon page. You can
customize this for your institution.

2.6.

WEBUSER - this contains the Oracle user that Self-Service Banner will connect
as. The new VBS and Personally Identifiable Information (PII) using FGAC
needs this value to function appropriately.
The value delivered with this parameter is UPDATE ME. You must change this
value to be the Oracle ID your users will use to connect to Self-Service Banner
(e.g., OAS_PUBLIC).

Note
This value is required for the system to function properly, regardless of

whether you are using FGAC with VBS or PII.

3. (Optional) Use the column on the GOBTPAC table to map the user to their LDAP

user ID. You can populate the column by using the GOATPAD form.

Banner General 8.3

Middle Tier Implementation Guide
Configuring Self-Service Banner

October 2010

LDAP Function Mapping

The following functions are provided by SunGard Higher Education to perform LDAP
mapping. You must define this function on the Web Tailor Parameters page
(twbkparm.P_DispAllParams) as LDAPFUNCTION.
Warning
When mapping an LDAP user ID on the GOATPAD form, be sure to
assign a different LDAP ID for each Banner ID. They must be unique.

Note
If you want to create a custom function, SunGard Higher Education
recommends that you copy one of the existing functions, modify it, and

change the Web Tailor parameter LDAPFUNCTION to point to it.

Storage Location
of Self-Service
Mapping

Delivered Function

Description

F_LDAP_CUSTOMSEARCH

Returns a string exactly as it is. Use this

function if the LDAP user is mapped to
Self-Service Banner by storing self-service
IDs as an attribute in LDAP.

LDAP Server

F_LDAP_CPSEARCH

In addition to mapping LDAP to SelfService Banner, it also manipulates the

returning string to remove extraneous text
from the end of it.

LDAP Server

F_LDAP_BANNERSEARCH

Returns the mapping from the GOBTPAC

table. Use this function if the LDAP user is
mapped to Self-Service Banner by storing
the LDAP user ID in the
GOBTPAC_LDAP_USER column in the
GOBTPAC table.

GOBTPAC

Step 18

Assign View and Update Privileges for Addresses

Until this point, you have performed most of the set-up and customization work using Web
Tailor. Now there are some steps that you must perform using Banner General.
In Banner General, use the Address Role Privileges Form (GOAADRL) to associate an
address type code from the Address Type Code Validation Form (STVATYP) with a user
role (student, employee, alumni or faculty member) and access privilege (update, display,
or none). Information from this form determines access to the Update Addresses and
Phones and View Addresses and Phones pages.
For example, you can grant the Student role the authority to update billing addresses.

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Configuring Self-Service Banner

Address Type

The value in this field is validated against the Address Type

Validation Table (STVATYP).

Role

The type of user to be granted a level of address view privilege.

Set the Role field the appropriate value.

Privileges

This value indicates what the privilege is. To specify that a

certain role has no privilege on an address type, either list it with
a privilege of None or omit it from the table.
Valid values are:
U = Update
D = Display
N = None

In Banner General, the underlying table for the Address Role Privileges Form is
GORADRL, which is described below.
Field Name

Data Type

Null Indicator

GORADRL_ATYP_CODE

VARCHAR2(2)
VARCHAR2(30)
VARCHAR2(1)
DATE

NOT NULL
NOT NULL
NOT NULL
NOT NULL

GORADRL_ROLE
GORADRL_PRIV_IND
GORADRL_ACTIVITY_DATE

Step 19 Establish Web User Parameters and Third Party History

Information
PIN administration is performed using Banner General, unless you are using an LDAP
server for authentications. In that case, the PIN administration features in Web Tailor are
ignored.
In Banner General:
A history of all PIN changes, and the User ID responsible for those changes, is
stored in the Third Party Access Audit Form (GOATPAD). Only system
administrators should be able to access this form.
Another General form used for managing PINs is the Third Party Access Form
(GOATPAC). You would use it to set up user parameters for third-party access
products. This form allows employees to reset someones PIN without seeing what
that new PIN is.
The same PIN can be used by authorized end-users to access personal and institution
information using telephone, Voice Response, Kiosk, and the Web.

Banner General 8.3

Middle Tier Implementation Guide
Configuring Self-Service Banner

October 2010

Once a PIN has been assigned, the user can change it at any time. Your institutions
policies and procedures may also require PIN changes by designating expiration dates.
Assigning PINs
PINs can be assigned either manually or automatically.
Manual PIN Assignment

Use the Third Party Access Form (GOATPAC) to set up PINs and other user parameters
for third party access products. To update third party information or to view third party
history information, use the Third Party Access Audit Form (GOATPAD). You access the
forms from the General Web Management Menu in Banner General.
Automatic PIN Assignment

A person must have a PIN to be selected for extraction by any of the data synchronization
programs that load third-party systems (such as Luminis or WebCT). Banner system
administrators can assign PINs manually using GOATPAC, or they can create third party
PIN records automatically when they create roles for individuals, to save time.
The Enterprise PIN Preferences Form (GUAPPRF) allows you to specify institution-wide
preferences for how PINs will be handled.
Source Table Triggers
Individual triggers at the source tables are associated with base student-related
processing for students themselves (SGBSTDN), for instructors (SIBINST), and
for financial aid (RORSTAT). These triggers create updated PIN records for the
GOBTPAC, GOBSRID, and GORPAUD tables.
Your institution may want to disable automatic PIN assignment at critical times,
such as during a large financial aid data load.
Batch Processing
Administrators may run the batch Third Party Access Creation Program
(GURTPAC), specifying population selection parameters, to create PIN records for
all the persons identified in the selection. The process generates PINs and
associated detail (audit trails, external user ID, Sourced ID) if a previous PIN
record does not exist. If a PIN record does exist, the person will be bypassed. The
program prints a standard control report, but you may request a detailed status
report, too.
Population selection required runtime parameters include: Application, Selection
ID, Creator ID, and User ID. They are checked by a job-level validation routine to
make sure that the combination of keys is valid with at least one associated PIDM.
The routine converts any lower case input characters to upper case, to prevent
rejection through job submission.

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Configuring Self-Service Banner

You can add the following parameters:

# - Parameter

Description

Length

Validation

01 - Application

Application for the selected

population. Required.

30 characters

GLBAPPL_EQUAL

02- Selection ID

An identifier for the selected

population. Required.

30 characters

Null

03 - Creator ID

The creator of the Selection ID

rules. Required.

30 characters

Null

04 - User ID

The ID of administrator who

performed the population
selection. Required.

30 characters

Null

05 - Pre-expire
PINs?

Specifies whether PIN

One character
numbers should be preexpired. When set to Y, the PIN
records you create have
yesterdays date as a PIN
Expiration Date. When set to
N, the PIN Expiration Date is
null.

Null. Valid values

are Y and N, from
GJBPVAL.

06 - Print Report
Detail?

Specifies whether to produce a One character

detailed report in addition to
the standard control report.
When set to Y, the report lists
each person in the selection,
and the action that occurred.
The detailed report includes
the persons current ID, current
name, and a status message,
sorted by last name. The
generated PIN is not displayed
for security reasons.

Null. Valid values

are Y, N, and E,
from GJBPVAL

Banner General 8.3

Middle Tier Implementation Guide
Configuring Self-Service Banner

N = Print only the

standard report.
Y = Print the
report plus detail.
E = Print errors
only.

October 2010

Entering Current PIN Information

To enter current PIN information, enter the appropriate information into these fields on the
Third Party Access Form (GOATPAC):
PIN Disabled

Use the PIN Disabled Indicator to deny a user access privileges even
with a correct ID and PIN combination. The system administrator can
set this indicator manually.
The system will update the indicator from cleared (No) to selected
(Yes). Access is denied if the number of invalid Web login attempts
using that ID reaches the number of Login Attempts specified on the
Web Tailor Web Rules page (twbkwrul.P_ModifyPgWebRules). For
example, if the number of login attempts allowed in Web Tailor is 3,
and if the third attempt is still uses invalid PIN, the system selects the
indicator.
The indicators default value is cleared for a newly-created PIN. It
retains its current setting (selected or cleared) if a PIN is changed
directly on this form; you must manually clear the check box before the
user can access the account again, even with the new PIN.

Web Access
Terms Accepted

The Usage Accepted Indicator. Use this field to specify whether to

present the Terms of Usage page to Web users when they logon for the
first time. The Terms of Usage page carries the institutions conditions
of use and other information.
If your institution is using the Terms of Usage page, a Web user must
agree to its terms to proceed. After the user agrees, the indicator is
updated to selected (Yes), and the page will not be displayed when they
logon again. If your institution is not using the Terms of Usage page,
the value in the Accept field will always be cleared (No).
If you need to change the information on the Terms of Usage page and
redisplay it to all your users, clear the indicators for all users (No).
Valid values are:
Selected (Yes) = Accepted
Cleared (No) = Not accepted (default)
The Usage Accepted Indicator defaults to cleared when a new PIN is
created. When an existing PIN is changed, it keeps its current setting
(selected or cleared).

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Configuring Self-Service Banner

PIN Expiration
Date

Use the PIN Expiration Date field to specify a date on which you
require a Web user to change the PIN. An expiration date may be
specified at any time. The existing PIN is not valid on the expiration
date. If it has expired, the user must change their PIN on the Web, or
an administrator may change the PIN Expiration Date in this form.
The Web system calculates an expiration date for the new PIN if the
PIN Expiration Days rule in the Web Tailor has a value. The number
of expiration days is added to the current date to calculate the new
expiration date. This new expiration date will be updated and displayed
in this field.
If your institution sets no expiration date for PINs and no Expiration
Days rule exists in Web Tailor, then no new expiration date will be
calculated. If you want to pre-expire a PIN, enter a past date in the
field.

Last Web Access

Date

Date of the last Web access by this user, maintained by Web Tailor.

Reset PIN

An icon that invokes a procedure to change the current PIN value of

the person identified in the key block. The procedure sets the PIN
expiration date to one day less than the current day. When the PIN
value is changed with this procedure, Banner inserts a record into the
PIN History Table (GORPAUD) using a database trigger on the
GOBTPAC table. GORPAUD_CHANGE_IND is set to P.
Note: The value of the new PIN depends on the PIN reset preferences
set for the institution on the GUAPPRF form. Note that U.S.-based
institutions should not use the birthdate option for PIN resets.
According to the U.S. Family Policy Compliance Office (FPCO),
using a students birthdate when assigning PINs is a violation of the
Family Educational Rights and Policy Act (FERPA).

Third Party ID

Mapped to GOBTPAC_EXTERNAL_USER, this is a unique ID within

Banner. When this value is changed, Banner inserts a record into the
PIN History Table (GORPAUD) using a database trigger on the
GOBTPAC table. GORPAUD_CHANGE_IND is set to I.

LDAP User ID

The mapping between the Banner ID and the LDAP User ID. This
allows LDAP to use the settings in Banner General to regulate how the
users credentials are authenticated. Optional.

Banner General 8.3

Middle Tier Implementation Guide
Configuring Self-Service Banner

October 2010

Changing Third Party Information or Viewing History

To change third party information, or view history, use the following fields on the Third
Party Access Audit Form (GOATPAD) in Banner General:
PIN

Enter a new PIN or change an existing PIN for the user. PINs must be six
digits; letters are not permitted. To create a new PIN, enter the six digits
for the PIN and save the record. To change an existing PIN to a new one,
overtype the old PIN with the new one and save the change. You may also
create or change a PIN by selecting the Update button located next to the
PIN heading.

Disabled

Use the PIN Disabled Indicator to deny a user access privileges even
with a correct ID and PIN combination. As the system administrator, you
may set this indicator manually.
The system will update the indicator from cleared (No) to selected (Yes),
meaning that access is denied, if the number of invalid Web logon
attempts using that ID reaches the number of specified on the Web Tailor
Web Rules page (twbkwrul.P_ModifyPgWebRules). For example, if the
number of logon attempts allowed in Web Tailor is 3, and if the third
attempt is still uses invalid PIN, the system selects the indicator.
The indicator defaults to cleared when a new PIN is created. It retains its
current setting (selected or cleared) if a PIN is changed directly on this
form; you must manually remove it before the user can access the account
again, even with the new PIN.

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Configuring Self-Service Banner

Accepted

The Usage Accepted Indicator. Use this field to specify whether to

present the Terms of Usage page to Web users when they log on for the
first time. The Terms of Usage page carries the institutions conditions of
use and other information.
If your institution is using the Terms of Usage page, a Web user must
agree to its terms to proceed. After the user agrees, the indicator is
updated to selected (Yes), and the page will not be displayed when they
log on again. If your institution is not using the Terms of Usage page, the
value in the Accept field will always be cleared (No).
If you need to change the information on the Terms of Usage page and
redisplay it to all your users, reset all the Accept indicators to cleared
(No).
Valid values are:
Selected (Yes) = Accepted
Cleared (No) = Not accepted (default)
The Usage Accepted Indicator defaults to cleared when a new PIN is
created. When an existing PIN is changed, it keeps its current setting
(selected or cleared).

Expiration Date

Use the Expiration Date field to specify when you require a user to
change the PIN. You can specify an expiration date at any time. The
existing PIN is no longer valid on the expiration date. If the PIN has
expired, the user must change their PIN on the Web, or an administrator
may change the PIN Expiration Date in this form.
The system calculates an expiration date for the new PIN if the PIN
Expiration Days rule in the Web Tailor has a value. The number of
expiration days is added to the current date, and this calculated date is
displayed here.
If your institution sets no expiration date for PINs and no Expiration Days
rule exists in Web Tailor, then no new expiration date will be calculated.
If you want to pre-expire a PIN, enter a past date in the field.

User ID

The User ID field displays the Oracle User ID associated with any change
on this form. If the PIN is entered or changed in Banner, the User ID is
the Banner Oracle User ID. If the PIN is changed on the Web by the user,
the User ID is the Oracle Web Broker User ID. The cursor cannot be
moved to this field, but in query mode the field can be accessed and used
to specify query criteria.

Last Web Access

Date

The date derived from Web Tailor Web Session Table, TWGBWSES, of
the last time the user accessed a self-service product.

Banner General 8.3

Middle Tier Implementation Guide
Configuring Self-Service Banner

October 2010

Activity Date

The Activity Date field contains the system-maintained date on which

the last change was made on the GOATPAD form. The cursor cannot be
positioned to this field, but in query mode users can access the field to
specify query criteria.

Third Party ID

Mapped to GOBTPAC_EXTERNAL_USER, this is a unique ID within Banner.

When this value is changed, Banner inserts a record into the PIN History
Table (GORPAUD) using a database trigger on the GOBTPAC table.
GORPAUD_CHANGE_IND is set to I. A Third Party ID may also be created or
changed by selecting the Update button next to the Third Party ID field.

Sourced ID

System-generated, one-up number used to synchronize the user's data

with various SunGard Higher Education partner systems. The ID is
unique for the PIDM. This is a display-only field.

LDAP User ID

The mapping between the Banner ID and the LDAP User ID. This allows
LDAP to use the settings in Banner General to regulate how the users
credentials are authenticated. Optional.

PIN Hint Question

A free-form text field, this value is mapped to GOBTPAC_QUESTION. The

field is required if GOBTPAC_RESPONSE is populated.

PIN Hint
Response

A free-form text field, this value is mapped to GOBTPAC_RESPONSE. The

field is required if GOBTPAC_QUESTION is populated.

Activity Source

Describes the source of the PIN insert or update. Valid codes are:
SELF = User changed the PIN record;
ADMIN = Administrator changed the PIN record;
SYSTEM = Record was changed by logic in a process.

For details about the Third Party Access Form (GOATPAC), refer to Self-Service
Technical Information on page 191.
Step 20

Set Up Campus Directory Processing

Web General lets your institution create campus directories for staff, and class member
directories for alumni.
Batch program bwpredir collects directory information, storing it in tables for display on
the Campus Directory page. The page lists address and phone information for each
directory listing in alphabetical order by the individuals last name or by Department.
Online, Web readers may use the links to jump to different letters of the alphabet to find
other student or staff listings.
The employee directory program runs through Job Submission.

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Configuring Self-Service Banner

The Employee Directory Report is delivered with the Employee Self-Service product.
Please consult Employee Self-Service User Guide for detailed instructions on how to run
the campus directory programs. The Alumni directories are delivered with Advancement
Self-Service.
1. Review Banner General Directory Options. Although the campus directories

themselves are generated using Web General, they are set up in Banner General:
1.1.

Use the Directory Options Rule Form (GOADIRO) to determine the campus
directory options, preferred addresses and telephone numbers to include in the
campus directory.

1.2.

Use the Directory Item Validation Form (GTVDIRO) to list the valid options of
each individual in the directory.

2. Set up the Campus Directory Profile.

In Banner General, use the Directory Options Rule Form (GOADIRO) to determine
which directory profile options from the Directory Profile Table (GORDPRF) will be
included in the campus directory or alumni directory. The form contains indicators for
all of the directory fields.
Another set of indicators allows your institution to determine whether to allow the
user to choose to display a particular item of his or her information in the directory.
Still another set of check boxes allows the institution to determine which profile
information will be defaulted to the campus directory if a user does not have a
directory profile setup.
GOADIRO includes other columns in which to enter address and telephone types,
associated with a priority number to enable the directory processes and profile to
know which addresses and numbers to display and/or update. If telephone types are
not entered, the primary telephone type associated with the corresponding address will
be used. If such a phone number cannot be found, then the system displays Not
Reported on the Web page.
Note
A separate address hierarchy is required because employees and
students will often have different address types for their permanent
addresses. With an address hierarchy, the employee directory will be able
to find addresses for students who are also employees. Were there only
one employee address type for permanent address, student employees
would be listed in the employee directory without permanent addresses.

The following is an example of what GOADIRO needs to include to produce the Campus
Directory.

Banner General 8.3

Middle Tier Implementation Guide
Configuring Self-Service Banner

October 2010

Directory
Information
Directory
Information item
Description
Code

Print in
Alumni,
Employee
or All
Directories

Item Type
Indicator -Address,
Telephone,
or Not
Applicable
(N/A)

Include
in
Directory
Profile

Allow
User to
Choose to
Display in
Directory

Default to
Directory
for Users
without a
Directory
profile

NAME

Permanent
Name

All

N/A

(Yes)

ADDR_PR

Permanent
Address

All

Address

(Yes)

TELE_PR

Permanent
Telephone

All

Telephone

(Yes)

ADDR_CP

Campus
Address

All

Address

(Yes)

TELE_CP

Campus
Phone

Employee

Telephone

(Yes)

ADDR_OF

Office
Address

Employee

Address

(Yes)

TELE_OF

Office Phone Employee

Telephone

TELE_FAX

FAX
Number

All

Telephone

E-mail

All

N/A

(Yes)

DEPT

Department

Employee

N/A

GRD_YEAR

Expected
Graduation
Year

Employee

N/A

COLLEGE

College
Affiliation

Alumni

N/A

TITLE

Employee
Employee
Position Title

N/A

MAIDEN

Maiden
Name

N/A

October 2010

Alumni

Banner General 8.3

Middle Tier Implementation Guide
Configuring Self-Service Banner

Directory
Information
Directory
Information item
Description
Code

Print in
Alumni,
Employee
or All
Directories

Item Type
Indicator -Address,
Telephone,
or Not
Applicable
(N/A)

ADDR_HO

Home
Address

Alumni

N/A

TELE_HO

Home Phone Alumni

N/A

ADDR_BU

Business
Address

Alumni

N/A

TELE_BU

Business
Phone

Alumni

N/A

CLASS_YR

Class Year

Alumni

N/A

PR_COLL

Preferred
College

Alumni

N/A

Allow
User to
Include
Choose to
in
Directory Display in
Directory
Profile

Default to
Directory
for Users
without a
Directory
profile

For details about the Campus Directory tables, refer to Self-Service Technical
Information on page 191.
Step 21

Set Up Web E-Mail Address Options

Web General allows users to change an e-mail address online. The end user can select the
e-mail address type (personal, professional, alternate, school, etc.) to add or change.
Use Banner General to set up this feature:
All of the end users addresses appear on the E-mail Address Form (GOAEMAL).
If the Display on Web indicator is selected, that address will appear in Web
General.
The E-Mail Address Type Validation Form (GTVEMAL) determines which types
of addresses are available in the pull-down list.
E-mail Address Form (GOAEMAL)

The E-mail Address Form lets you maintain one or more e-mail addresses for any ID
already entered into Banner.
You can enter more than one of the same type of e-mail address, but you cannot enter the
same e-mail address for the same type.

Banner General 8.3

Middle Tier Implementation Guide
Configuring Self-Service Banner

October 2010

Only one e-mail record may be designated as the preferred e-mail address.
In the E-mail Address Block, users enter and update one or more e-mail addresses for an
individual ID. When entering a new record, both the e-mail type and e-mail address must
be specified.
If the Inactivate indicator is not selected on GOAEMAL, the e-mail address information
is currently active, and an A is stored in the database field (goremal_status_ind). If the
Inactivate indicator is selected on GOAEMAL, the e-mail address information is inactive,
and an I is stored in the database field (goremal_status_ind)
When a user adds a new e-mail address, the system sets:
The Preferred indicator to cleared (or No, meaning not preferred)
The Inactivate indicator to cleared (or A, meaning active).
If a previous e-mail address had been the preferred address, its Preferred indicator is
automatically cleared (not preferred).
E-mail Type

Enter the code for the type of e-mail address associated with the record.
They can use the LIST function from this field to display the valid e-mail
address types defined in the E-mail Address Type Validation Form
(GTVEMAL), search the items listed, and select one. Required.

E-mail
Addr(ess)

Specify the full e-mail address for the e-mail type record.

Preferred

The e-mail address selected is the users preferred e-mail address. If

multiple e-mail addresses exist for person in the key block, only one of
those addresses may be checked as the preferred e-mail address. If a
preferred e-mail address is updated to inactive, the system will
automatically remove the preferred indicator (cleared).

The address should be entered with all the required syntax and
punctuation. No validation is performed for entries in this field, other
than checking for duplicates, and no e-mail processing is supported. The
stored e-mail address is required, and is informational only. Required.

E-mail Address Type Validation Form (GTVEMAL)

Use this form to define the valid e-mail address type codes for your institution. Examples
of e-mail address types include business, personal, and school.
These codes are used on the E-mail Address Form (GOAEMAL) to enter e-mail address
information for individuals.

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Configuring Self-Service Banner

Code

Enter the code for the type of e-mail address. Required.

Description

Specify the description that should appear on Web pages where users can
view or update e-mail information. Once created, an e-mail address type
code cannot be changed, but the description can be updated any time.
Required.

Activity Date

The date that the record was created or was last changed.

Web

Specifies if the e-mail type will be included in LOVs in Self-Service

Banner as a valid address type.
Note: This indicator has no influence on the E-mail Address Form
(GOAEMAL). Instead, this indicator specifies if this type of address is
valid for use on the Web at your institution. You can use GOAEMAL
to determine which addresses for a particular person should appear
on the Web. For example, you may want a persons university
address to appear, but not their home address.

If selected, the e-mail address type is a URL.

URL

Step 22

Set Up Web Surveys

Use the Survey Definition Form (GUASRVY) in Banner General to define the following
information for a survey:
Whether the survey appears on the Web
Date range when the survey appears on the Web
Description that appears on the Web
Questions and valid responses in the survey
Web products and populations that can access the survey
Main Window

Use this window to describe the survey and, optionally, to identify a population of Banner
IDs that can respond to the survey.
Survey

Name of the survey.

Title

Description of the survey that appears, if the survey is displayed on the

Web.

Display on Web If selected, the survey should appear on the Web.

Display from

First day the survey is displayed on the Web. The format is DD-MONYYYY.

Banner General 8.3

Middle Tier Implementation Guide
Configuring Self-Service Banner

October 2010

Display to

Last day the survey is displayed on the Web. The format is DD-MONYYYY.

Information
Text

Free-form description that appears if the survey is displayed on the Web.

Application

Functional area associated with a population of Banner IDs.

Edit

Editor window

List
Selection

Population Selection Applications

Code that identifies a set of rules to select a population of Banner IDs.

List

Population Selections

Creator

Oracle ID of the user who created the rules to select the population.

User

Oracle ID of the user who ran the Population Selection Extract Process
(GLBDATA) to select the population of Banner IDs.
Note: The Application, Selection, Creator, and User fields identify a
population of Banner IDs that can access and respond to the survey.
No other IDs can access the survey.

Survey Questions Window

Use this window to define the questions and valid responses for the survey.
Survey Name

Name of the survey. This field is display only.

Title

Description of the survey. This field is display only.

Question
Number

Sequential number that identifies each question in the survey. Use

the scroll bar to scroll through the questions in the survey. The
maximum number of questions is 999.

(untitled)

Free-form text of each question in the survey.

If the question is too long to display in this field, select Edit to
display the complete question in the Editor window.

October 2010

Allow Multiple
Responses

If selected, the person taking the survey can give more than one
response to the question, and Y is stored in the database. If cleared,
only one response is allowed and N is stored in the database.

Response [n]

Free-form text that appears on the Web to describe each possible

response to the question. A question can have up to five responses.

Banner General 8.3

Middle Tier Implementation Guide
Configuring Self-Service Banner

Allow
Comments

If selected, the person taking the survey can enter comments as a

response, and Y is stored in the database. If cleared, comments are
not allowed and N is stored in the database.

Comment Text

Free-form text that appears on the Web before the comment box if
comments can be entered as a response.

Survey Roles Window

Use this window to define the self-service products where the survey can appear.

Survey

Name of the survey. This field is display-only.

Title

Description of the survey. This field is display-only.

Roles

Self-service product where the survey can appear. Valid values are
ALUMNI, EMPLOYEE, FACULTY, and STUDENT.

Activity Date

Date when the role was entered or last changed. Display-only.

Banner General 8.3

Middle Tier Implementation Guide
Configuring Self-Service Banner

October 2010

Required Tasks for Single

Sign-On (SSO) to INB, SSB,
and/or Channels

Overview
This chapter contains the preliminary steps you must perform in order to set up Single
Sign-On for either Internet-Native Banner (INB), Self-Service Banner (SSB), or both.
1. Create an Encryption Key on page 99
2. Create Entries in LDAP to Store Configuration Values on page 100
3. Configure Parameters using GUAUPRF on page 102

After completing the steps in this chapter, you must then proceed to the corresponding
Single Sign-On chapter for INB (chapter 4) and/or SSB (chapter 5).
Note
The use of Single Sign-On functionality is optional. If you do not use this
feature at your institution, you do not need to perform the steps in this

chapter.
Note
This section does not cover SSO setup through Banner Enterprise
Identity Services. If you are using Banner Enterprise Identity Services,
please refer instead to the Banner Enterprise Identity Services Handbook.

The Banner implementation of SSO described in this chapter uses a Lightweight Directory
Access Protocol (LDAP) server as a data store and for user validation. It is assumed that
Luminis or another product will provide the SSO framework and session management
for your institution. The implementation steps in this chapter tell you how to add Banner
as a participant in an existing LDAP and SSO framework.
Note
This book provides information for setting up SSO for Luminis Platform
4.x systems. For information to support SSO with Luminis Platform 5.x
systems, refer to the Luminis Platform Banner Integration Setup Guide

that is delivered with the Luminis Platform 5.x documentation set.

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Required Tasks for Single Sign-On (SSO) to INB, SSB, and/or Channels

About Single Sign-On

In the context of Banner, the term Single Sign-On, or SSO, means that users can access
your applications in two different ways:
Through the Luminis Portal using the Campus Pipeline Integration Protocol
(CPIP).
Using an LDAP proxy. You can set up an LDAP server as a proxy for
authentication, and require your users to enter their bind credential, for example, a
user ID and password. If they successfully bind to the LDAP server, they are also
logged into Banner.
You can implement both options using the same set of database packages and a Java
Applet that wraps the Oracle-delivered Forms Applet. The database packages use
configuration data from the Personal Preference Table (GURUPRF), entries on the LDAP
server, and other configuration data to define the names of servers and directories. These
packages are implemented using the PL/SQL features of the OAS10g server.
If you are using the Luminis Portal:
3.1.

You will configure Luminis to recognize the external system sctinb.

3.2.

You will add a link to a page in Luminis that references both the sctinb external
system and the INB URL.

3.3.

When a user is logged on to Luminis and selects the above link, the package
GOKKSSO gets the Luminis user ID and password from the Luminis server
using a server-to-server HTTP connection, and validates it by binding back to
the Luminis LDAP Server. The Luminis user ID is now mapped to the Banner
user ID, if they are different.
The GOKSSSO package generates key information for SSO.

3.4.

The user ID and password are then obfuscated using a key generated by
GOKKSSO and the Oracle DBMS_OBFUSCATION_TOOLKIT utility, and a random
session identifier is generated. The obfuscated user ID and password are DES
Encrypted and placed on a DBMS_PIPE or on the SSO_Q queue if the Advanced
Queuing alternate communication mechanism to that of DBMS_PIPE has been
implemented.

3.5.

An HTTP Redirect sends the obfuscated information to the GOKCSSO

package. This package generates client information for SSO.

3.6.

The GOKCSSO package reads the encrypted data from the pipe or dequeues
from the SSO_Q queue, extracts the obfuscated user ID and password, and alters
the Banner password to match the Luminis password. It then generates a new
session identifier, puts the user ID and password on another DBMS_PIPE or on
the SSO_Q queue if the Advanced Queuing alternate communication mechanism
to that of DBMS_PIPE has been implemented, and redirects it to the INB URL.

Banner General 8.3

Middle Tier Implementation Guide
Required Tasks for Single Sign-On (SSO) to INB, SSB, and/or Channels

October 2010

3.7.

SunGard Higher Educations configuration changes to the INB URL files

cause the Oracle-delivered Applet to be wrapped by a SunGard Higher
Education-delivered Applet. The SunGard Higher Education Applet reads the
data from the DBMS_PIPE (or dequeues from the SSO_Q queue) and extracts the
obfuscated user ID and password. It then calls the Oracle Applet, passing it the
user ID and password, and the user is logged into Banner.
The process is the same without Luminis, except that the user ID and password
originate in a different place. A new Web page defined in gokssso.p_login
prompts the user for an ID and password, then the same programming logic
processes the information.

ID Mappings Between Systems

It is time-consuming and frustrating for users to have to remember different user IDs
passwords for different systems. ID mappings enable you to store the IDs and passwords
in a single location, so that when a user logs onto an application with one ID and
password, and then goes to another application, the system can look up that users ID and
password for the second application and enter it automatically.

Single Sign-On between Luminis and Banner

The following points describe how SSO works between Luminis and Banner:
The mapping exists on the LDAP server, stored in a DN specified in configuration
parameters.
The configuration values are loaded into Banner to point to the SSO procedures at
the Luminis LDAP server.
The Luminis ID is mapped to the Banner ID. The Banner password is synchronized
to the Luminis password for every login.
You will logon to both Banner and Luminis using your Luminis ID and password.
No mapping is defined for situations where your Luminis user ID and password are
used to connect to Banner. If this mapping entry is not defined, the procedures
assume that the Luminis and Banner users are identical.

Single Sign-On between Luminis and Self-Service

Banner
The following points describe how SSO works between Luminis and Self-Service Banner:
The mapping exists in the Luminis LDAP server in the pdsExternalSystemID
attribute. It is a multi-value attribute, and the last five characters of it must be:
::SCT

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Required Tasks for Single Sign-On (SSO) to INB, SSB, and/or Channels

The PIN for this user is also stored in the Luminis secret store.
The values are loaded into Banner when the extract is run against Banner.
Note
The mapping in the GOBEACC table is used to create an Oracle
connection to self-service pages that are restricted using the
Administration Secured feature. For more information, please refer to the

WebTailor 7.0 Release Guide.

The Luminis ID is mapped to the Banner ID.

You will logon to both Banner and Luminis using your Luminis ID and password.

Single Sign-On between Luminis/Channels and Banner

The following points describe how SSO works between Luminis Channels and Banner:
The UserMapDN exists on the LDAP server. For details, refer to:
Step 1, Update New Entries in LDAP for INB in Chapter 4
Step 2, Update New Entries in LDAP for SSB in Chapter 5
The proxy package GSPPRXY determines which Oracle user is used to connect to
the channels:
If the mapping exists on the LDAP server, then the Oracle user defined in the
map is used to connect to the channels.
If the mapping does not exist on the LDAP server, then GSPPRXY checks to
see if the Luminis user is defined in GOBEACC.
If no mapping is defined anywhere, then GSPPRXY assigns the default user
ID and password. The default user is defined in Banner Security PXY_CHANNELS_LUMINIS.
Note
For information about GXPPRXY, refer to the Banner Security Technical

Reference Manual.

The Luminis ID is mapped to the Banner ID.

You will logon to Banner and connect to the channels using your Luminis ID and
password.
Refer to the Luminis Channels for Banner documentation for more information.

Banner General 8.3

Middle Tier Implementation Guide
Required Tasks for Single Sign-On (SSO) to INB, SSB, and/or Channels

October 2010

Single Sign-On and Value-Based Security

To use SSO and VBS, you must make sure that the Oracle IDs that will be restricted under
VBS have been granted the role ban_default_webprivs. This role is required for any
Oracle IDs that will be using the self-service packages.

Implementation Steps
Step 1

Create an Encryption Key

The SSO process uses DES encryption as supported through the Oracle-delivered package
DBMS_OBFUSCATION_TOOLKIT. This type of encryption uses a key, or password, to perform
the encryption.
Note
During your Banner upgrade or new installation, you should have created
the directory KEY_DIR. The GOKKSSO package looks for the key in the
enckey file in the KEY_DIR directory.
Verify that this directory exists by selecting from the DBA_DIRECTORIES
view to see the details of the directory that was created. If KEY_DIR exists
in the database and the physical directory has been created on your
database server, and you have a valid enckey file, then you may skip this
step and proceed to Step 2, Create Entries in LDAP to Store
Configuration Values.
If KEY_DIR does not exist in the DBA_DIRECTORIES table, and the physical
directory has not been created on your database server, you must create
it using the following steps.
Make sure your group permissions are readable by Oracle.

1. Create the physical directory on your database server (e.g. mkdir $BANNER_HOME/
key_dir).

2. Create a plain text file named enckey in the directory you just created.

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Required Tasks for Single Sign-On (SSO) to INB, SSB, and/or Channels

3. Edit the enckey file and enter the key (for example, PASSWORD).

Your key must start in column 1 and be a combination of letters and numbers, and be
at least eight characters. It can be longer (in multiples of eight only), but the GOKKSSO
package only uses the first 24 characters. The DES encryption only uses eight
characters, but SunGard Higher Education has provided for eventual use of the DES3
algorithm in a future release, which uses a 24-character key. The string you enter as
the key is padded to a length of 24, but you must still use at least eight characters,
since those are the ones used by the current DES encryption.
The passwords stored and passed by the SSO process will now be encrypted using
DES and your key.
4. Edit the banssodir.sql script located in the $BANNER_HOME/install directory and

change the directory name to match the name of the directory you just created (e.g.
$BANNER_HOME/KEY_DIR).
Note
If you cannot find the banssodir.sql script, you may need to manually
copy the file from upgrade/Gen70/banssodir.sql to $BANNER_HOME/
install/banssodir.sql.

5. Finally, run the script as follows:

sqlplus /nolog
connect general/general_password
start banssodir

Step 2

Create Entries in LDAP to Store Configuration Values

You must add the configuration entries to your LDAP directory. The default DN path is:
o=config,o=Banner,o=SCTSSOapplications

SunGard Higher Education delivers a number of sample LDIF files to help you. You can
edit any of these files to customize them for your institution. They are located in the
$BANNER_HOME\install directory, and you must use ASCII mode to transfer them to your
LDAP server.
Note
LDIF files are temporary files which you can copy into a temporary
directory on Luminis and then run. These files modify the schema.

For Oracle Internet Directory:

sso_oclass_oid.ldif - Defines the required LDAP Object Classes so you can use
them in the Oracle Internet Directory (OID) and many other servers.

100

Banner General 8.3

Middle Tier Implementation Guide
Required Tasks for Single Sign-On (SSO) to INB, SSB, and/or Channels

October 2010

For SUNOne:

sso_oclass_sunone.ldif - Defines the required LDAP Object Classes if you are

using the Sun LDAP server with Luminis. This file creates an LDAP object class
called SCTSSOConfig that has cn, SCTSSOConfigString, and description as its
required attributes. This file creates the LDAP attribute SCTSSOConfigString, a
single-value string.
sso_root_sunone.ldif - Defines a new root entry in the SUNOne LDAP directory
where you can store parameters, if desired.
sso_root_sunone2.ldif - Defines a new database entry in the SUNOne LDAP
directory where the root entries will be stored.
For All:

sso_parms.ldif - Defines the parameters that must be present for the SSO
process. This file creates the following entries with the object class SCTSSOConfig
in the config directory:
INBServerName
DADNormal
DADSpecial
CPAuth
CPDeAuth
CPLastAct
UserPrefix
SearchBase
UserMapDN
PswdChangeMessage
INBServletPath
HTTPPrefixServer
HTTPPrefixClient
CSSURL
AnonmsSearch

Note
The delivered examples are for SUNOne and OID. You can, however, use
them as examples to interface Banner with other LDAP directories (e.g.,

OpenLDAP and Novell Directory Server (NDS)).

1. Run ldapmodify, a utility delivered with your LDAP server, with the LDIF files you

just edited. Run them in the order specified below.

Warning
Be sure to run the ldapmodify that was delivered with your server. This is
especially important with the platforms where LDAP is delivered as part of
the operating system (e.g., some versions of SUN Solaris). You must use
the ldapmodify command that was delivered with the SunOne software

stored in the Luminis software directory.

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Required Tasks for Single Sign-On (SSO) to INB, SSB, and/or Channels

101

The format of the ldapmodify command in a Luminis SunOne environment is:

ldapmodify -c -a -v -D"cn=Directory Manager" -w <password for
Directory Manager> -f <file name from list above>

For SUNOne, run:

1.1.

sso_oclass_sunone.ldif

Example:
ldapmodify -c -a -v -D "cn=Directory Manager" -w yourpassword -f
sso_oclass_sunone.ldif

1.2.

sso_root_sunone.ldif

Example:
ldapmodify -c -a -v -D "cn=Directory Manager" -w yourpassword -f
sso_root_sunone.ldif

1.3.

sso_root_sunone2.ldif

Example:
ldapmodify -c -a -v -D "cn=Directory Manager" -w yourpassword -f
sso_root_sunone2.ldif

1.4.

sso_parms.ldif

Example:
ldapmodify -c -a -v -D "cn=Directory Manager" -w yourpassword -f
sso_parms.ldif

For OID, run:

1.1.

sso_oclass_oid.ldif

1.2.

sso_parms.ldif

Step 3

Configure Parameters using GUAUPRF

1. Logon to Banner as the BASELINE user.

2. Access the General User Preferences Maintenance Form (GUAUPRF).
3. Go to the LDAP tab.
4. Enter your institutions values in the Default Value field for each configuration

parameter (bind password, bind user ID, location in LDAP directory where SSO
configuration parameters are stored, and URL for LDAP authentication server).

102

Banner General 8.3

Middle Tier Implementation Guide
Required Tasks for Single Sign-On (SSO) to INB, SSB, and/or Channels

October 2010

Parameter

Description

BIND_PASSWORD

This is the password for the bind user. It is stored in the

database using the DES encryption with the encryption key
you configured in an earlier step.

BIND_USER

This is a user with rights to bind to the LDAP server to retrieve

the configuration data for SSO. This user should also be able
to search your LDAP directory to determine if users exist.

This is the location in the LDAP directory where the SSO

configuration parameters will be stored. Several LDIF files are
delivered as examples of where this could be stored.

SERVER

This defines the LDAP server that is used to validate users

and to store additional SSO configuration parameters.
The parameter is formatted using Internet URL format for
LDAP, for example: ldap://my.ldapserver:389
Note: If you are using LDAPS, you will need to configure the
parameters in the SSL key as well.

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Required Tasks for Single Sign-On (SSO) to INB, SSB, and/or Channels

103

Parameter

Description

USERMAP_OPT

Usermap option. Valid values are:

IImmutableID is being used for mapping. This option can
only be used with Luminis Platform IV and later.
LLoginID is being used for login mapping.
NNo usermap option is used.

USERMAP_PRFX

Prefix for the usermap. This file will contain the prefix for the
usermap option. The default delivered value is cn=.
This option is related to CMS-DFCT101141.

5. In the SSL (Secured Socket Layer) key, configure the following parameters:
Parameter

Description

LOCATION

To configure SSL, a certificate wallet must be created on the

Database Server using Oracle Wallet Manager. This
parameter is set to point to the physical location on the server
where this wallet is created. It uses the file: URL format.
Example:
file:d:\oracle\wallet for Windows
file:/u01/oracle/wallet for Unix

PASSWORD

This is the password to the wallet and it is stored using DES

encryption using the key you created in a previous step.

MODE

This is the SSL authentication mode, and can be one of the

following values:
1 - No authentication is required (SSL encryption only)
2 - One-way authentication is required, the client certificate is
authenticated by the server
3 - Two-way authentication is required, the client and the
server authenticate each others certificates

104

Banner General 8.3

Middle Tier Implementation Guide
Required Tasks for Single Sign-On (SSO) to INB, SSB, and/or Channels

October 2010

Implementing Single
Sign-On for Internet-Native
Banner

Follow the steps in this chapter to implement Single Sign-On functionality for InternetNative Banner (INB).
1. Update New Entries in LDAP for INB on page 106
2. Create DADs for Running SSO on page 110
3. Configure your INB Server on page 110
4. Verify Configuration Steps in Banner on page 111
5. Configure your Luminis Server on page 113
6. Test on page 114
7. (Optional) Set up SSO INB on Macintosh on page 114
Note
Before performing these steps, you must already have performed the
steps in chapter 3.

Note
This section does not cover SSO setup through Banner Enterprise
Identity Services. If you are using Banner Enterprise Identity Services,
please refer instead to the Banner Enterprise Identity Services Handbook.
This section provides information for configuring Luminis Platform 4.x
systems. If you are using Luminis Platform 5.x, refer to the Luminis
Platform Banner Integration Setup Guide that is delivered with the

Luminis Platform 5.x documentation set.

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Implementing Single Sign-On for Internet-Native Banner

105

Step 1

Update New Entries in LDAP for INB

Update the following entries in the LDAP server location that you chose previously with
the actual values for your institution. In the sample below, an LDAP browser was used.

Note
You may not see sserv in your browser until you have completed more

steps.

INBServerName - Defines the name of your INB server, in the format server
name:port. One example is my.inbserver.edu:8000, where the server name is
my.inbserver.edu and the port is 8000.
Note
Do not use http:// on the server, as this is configured in another
parameter.

Note
The port is not required if you are using Port 80.

DADNormal - The OAS10g URL snippet that indicates the DAD running under a
"normal" database user, such as WWW_USER or OAS_PUBLIC. If you are running
Self-Service Banner, this is the same as the DAD you use with that system. You
should include the /pls prefix in the name if you are using the pls prefix in your
configuration. One example would be /pls/dadnormal, where dadnormal is the
DAD in OAS10g.
Note
OAS10g no longer requires that you include /pls in the URL, although

you can include it, if desired.

106

Banner General 8.3

Middle Tier Implementation Guide
Implementing Single Sign-On for Internet-Native Banner

October 2010

DADSpecial - The OAS10g URL snippet that indicates the DAD running under the
special BANSSO user. You should include the /pls prefix in the name if you are
using the pls prefix in your configuration. One example would be /pls/dadspecial,
where dadspecial is the DAD in OAS10g that connects to the database as
BANSSO.
Note
OAS10g no longer requires that you include /pls in the URL, although

you can include it, if desired.

CPAuth, CPDeAuth, CPLastAct - These values should be left as delivered in the

LDIF files. They have been made parameters to facilitate future modifications by
SunGard Higher Education or your own local customizations.
CPAuth should be set to gokssso.p_cp_login
CPDeAuth should be set to gokssso.p_cp_logout
CPLastAct should be set to gokssso.p_cp_lastact
UserPrefix - Defines the prefix added to a userid when a bind is issued to the
LDAP server. This provides the flexibility necessary to support users added to
LDAP using the uid= or cn= formats.
SearchBase - The user suffix used for searching and binding as users. It is
appended to the end of user IDs when doing an LDAP bind.
An example of an LDAP user that would be formed by the system with the user ID
is

myuser and the UserPrefix and SearchBase above

uid=myuser,ou=people,o=your.domain,o=cp

UserMapDN - Points to a location in the LDAP directory where users can be

mapped, if they are different from the LDAP server and the Banner database. Each
entry in this location should be of the object class SCTSSOConfig, and the Common
Name (CN) of the entry should be the same as the LDAP user. The
SCTSSOConfigString attribute of the entry should be set to the user in the Banner
database. If the user IDs for a user in both systems are the same, an entry in this
location is not necessary for that user, and it is not recommended for performance
reasons.
One example would be an entry with a DN of
cn=StudentUser,o=usermap,o=Banner,o=SCTSSOapplications and an
SCTSSOConfigString of saisusr. The UserMapDN would be set to
o=usermap,o=Banner,o=SCTSSOapplications and at runtime the LDAP user
StudentUser would be changed to saisusr when the user logs in to Banner.

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Implementing Single Sign-On for Internet-Native Banner

107

How to establish and test the mapping of a Luminis/LDAP ID to an Oracle/Banner ID

In order for users to use SSO to INB through Luminis using LDAP authentication, the
LDAP and Banner IDs must either be:
The same value (Luminis ID = jsmith - Oracle/Banner ID = jsmith)
Mapped to one another in LDAP (Luminis ID = Joe.Smith - Oracle/Banner ID =
jsmith)
The following example explains how to establish and test the ID mapping if the IDs are
different from one another. In this example, the Oracle/Banner account name is jsmith, and
the Luminis account name is Joe.Smith.
Note
With Luminis IV, you could also use immutable ID to create the mapping.

These options are defined in the USERMAP_OPT parameter.

1. First, create a mapping file, for example, sso_map.ldif.

sso_map.ldif
dn: cn=Joe.Smith,o=usermap,o=Banner, o=SCTSSOapplications
SCTSSOConfigString: jsmith
objectClass: top
objectClass: SCTSSOConfig
description: Map of Luminis ID - Joe.Smith to Banner/Oracle ID jsmith
cn: Joe.Smith

OR
sso_map.ldif (using immutable ID)
Note
This option can only be used with Luminis IV.

dn: cn=1234987987,o=usermap,o=Banner, o=SCTSSOapplications

SCTSSOConfigString: jsmith
objectClass: top
objectClass: SCTSSOConfig
description: Map of Luminis ID - Joe.Smith to Banner/Oracle ID jsmith
cn: 1234987987

2. Import this file into the LDAP Server.

ldapmodify -a -c -v -f sso_map.ldif -D "cn=Directory Manager" -w
pipeline

Note that you must wait approximately 20 minutes for the mapping to take
effect.

108

Banner General 8.3

Middle Tier Implementation Guide
Implementing Single Sign-On for Internet-Native Banner

October 2010

3. Login to Luminis as Joe.Smith.

Click your direct INB SSO link or INB Channels link and you should be logged
in to INB as jsmith.
Click your direct SSB SSO link or SSB Channels link and you should be
logged in to SSB as jsmith (who has a Banner ID = 555555555 in this
example).
PswdChangeMessage - Defines the message presented to the user when their
password is modified in the Banner database. It appears only when the password is
changed to a different value, and the message includes a link that continues the
process of logging them into Banner.
INBServletPath - The URL snippet concatenated to the INBServerName to launch
Banner. It generally begins with /forms, and must include the config= parameter,
which points to the proper configuration.
Examples:
/forms/frmservlet?config=sctsso

This is addressed in greater detail later in this chapter.

HTTPPrefixServer - Defines the http protocol for server-to-server HTTP
communications. This is inserted before the INBServerName whenever
communications between servers are performed. It should be http:// for normal
HTTP and https:// for SSL.
HTTPPrefixClient - Defines the http protocol used when communicating to the
client browser. It should be http:// for normal HTTP and https:// for SSL.
CSSURL - Defines a full URL to the Cascading Style Sheet (CSS) you want to use
for the Logon screen. This can be the same value as the CSSURL you are using for
that system.
AnonmsSearch - Specifies if an anonymous search is performed to get the DN
entry. Valid values are:
Y - An anonymous search will be performed to get the DN entry, and that
entry will be used to perform the bind.
A - An authenticated search will be performed to get the DN entry, and that
entry will be used to perform the bind.
N - The entries defined in LDAP will be used to perform the bind.

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Implementing Single Sign-On for Internet-Native Banner

109

Step 2

Create DADs for Running SSO

Refer to chapter 2 for basic information about creating a DAD.

SunGard Higher Education recommends that you use Oracle Enterprise Manager (OEM)
for all configuration file changes.
1. Create two new DADs for INB:

dadnormal.txt
dadspecial.txt
Tip: If INB and SSB use the same Oracle web server at your site, then you can use the
same dadnormal.txt file for both INB and SSB.
Sample DADs

To help you configure the DADs necessary for running your packages, SunGard Higher
Education has delivered sample DAD files: dadnormal.txt and dadspecial.txt. These
files are located in your $BANNER_HOME/install directory.
Note
You must configure dadnormal to be logged on as a normal database
user (e.g., OAS_PUBLIC or WWW_USER), but you must configure dadspecial
to be logged on as the BANSSO special user. This is because BANSSO
has the alter user Oracle privilege necessary to alter the users

passwords after they have logged into Banner.

Step 3

Configure your INB Server

There are a number of steps you must perform to configure your INB server:
1. Copy the delivered bannersso.jar file from $BANNER_HOME/general/java to the
<ORACLE_HOME>/forms/java

directory. Be sure to transfer it in binary mode if you

use FTP.
2. Modify your environment to use the delivered basejsso.htm file, which uses a

different Java Applet and the new sctinb_token parameter. The sctinb_token
parameter is used to pass a session token to the applet so it can access the DBMS_PIPE
(or on the SSO_Q queue if the Advanced Queuing alternate communication
mechanism to that of DBMS_PIPE has been implemented) that contains the
encrypted user ID and password.

110

2.1.

Copy basejsso.htm from the $BANNER_HOME/install directory to the

<ORACLE_HOME>/forms/server directory on your OAS10g server.

2.2.

Access OEM on your INB server.

2.3.

Choose Forms in the System Components section.

Banner General 8.3

Middle Tier Implementation Guide
Implementing Single Sign-On for Internet-Native Banner

October 2010

2.4.

Choose Configuration.

2.5.

Update the baseHTMLJinitiator parameter to point to basejsso.htm.

3. Update your forms configuration. You can use the formsweb_sso.cfg file that is

located in the $BANNER_HOME/install directory for reference.

3.1.

Open the formsweb_sso.cfg file that is located in $BANNER_HOME/ install/

directory.

3.2.

Locate the sctsso configuration section for reference.

3.3.

Access OEM on your INB server.

3.4.

Choose Forms in the System Components section.

3.5.

Choose Configuration.

3.6.

Choose Create New Section and enter your new section name (for example,
sctsso).

3.7.

Add the parameters from the sample formsweb_sso.cfg to your new section.
Example sctsso configuration section on OAS10gR2:
baseHTMLJInitiator=d:\oas10g\forms\server\basejsso.htm
archive_jini=bannersso.jar,banspecial.jar,frmall_jinit.jar,banico
ns.jar,bannerui.jar
workingDirectory=c:\temp
envFile=sctsso.env

4. Copy the sctsso.env file from $BANNER_HOME/install/ to the <ORACLE_HOME>/

forms/server directory on your OAS10gR2 server. Tailor it for your institution.
Make sure the database connect string is set in either the LOCAL (Windows) or
TWO_TASK (Unix) environment variable.

Step 4

Verify Configuration Steps in Banner

The sso_ldapinb script can be used to verify your SSO environment by reading all the
parameters and displaying their values. It is delivered in the $BANNER_HOME/install
directory.
1. Run this script logged on as BANINST1.
2. Verify that the output looks similar to the following example:

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Implementing Single Sign-On for Internet-Native Banner

111

Sample Output (your values will differ)

SQL> @sso_ldapinb
*****
***** GURUPRF SETUP
*****
UPRF-> key=AUTHENTICATION str=BIND_PASSWORD val=
UPRF-> key=AUTHENTICATION str=BIND_USER val=cn=Directory Manager
UPRF-> key=AUTHENTICATION str=DN val=o=config,o=Banner,o=SCTSSOAPPLICATIONS
UPRF-> key=AUTHENTICATION str=SERVER val=ldap://my.ldapserver.com:389
UPRF-> key=SSL str=LOCATION val=Wallet Location
UPRF-> key=SSL str=MODE val=Authentication Mode
UPRF-> key=SSL str=PASSWORD val=Wallet Password
Decrypt BIND_PASSWORD
Decrypt Key is YOURKEYS
Decrypted Password is ur.password
*****
***** LDAP INB SETTINGS
*****
INBServerName is my.ldapserver.com:7778
DADNormal is /DADB70
DADSpecial is /DADB70spec
CPAuth is gokssso.p_cp_login
CPDeAuth is gokssso.p_cp_logout
CPLastAct is gokssso.p_cp_lastact
UserPrefix is uid=
SearchBase is ou=people,o=sct.com,o=cp
UserMapDN is o=usermap,o=Banner,o=SCTSSOapplications
PswdChangeMessage is Your password in the Banner system has been changed
to match your password in the Luminis system.
INBServletPath is /forms90/f90servlet?config=sctsso
HTTPPrefixClient is http://
HTTPPrefixServer is http://
CSSURL is http://my.ldapserver.com:99/css/web_defaultapp.css
AnonmsSearch is N
PL/SQL procedure successfully completed.

You can then use the sso_bindinb script to verify that a successful bind went through for
specified users.
3. Run this script logged on as BANINST1.
4. Verify that the output looks similar to the following example:

Sample Output (your values will differ)

SQL> @sso_bindinb
Enter value for bind_user: USERNAME
old
2:
bind_credential varchar2 (100):='&Bind_User';
new
2:
bind_credential varchar2 (100):='USERNAME';
Enter value for bind_password: 111111
old
3:
bind_password
varchar2 (100):='&Bind_Password';
new
3:
bind_password
varchar2 (100):='PASSWD';
Input Server is
ldap://my.ldapserver.com:389
Server after string is
my.ldapserver.com:389
ldap_srch_base ou=people,o=sct.com,o=cp
ldap_prfx uid=
Successful Server Bind
Before user Bind
Successful user Bind
Cookie string is http://my.ldapserver.com:7778/testdatabase/gokssso.p_banner
PL/SQL procedure successfully completed.

112

Banner General 8.3

Middle Tier Implementation Guide
Implementing Single Sign-On for Internet-Native Banner

October 2010

5. Access Banner using the following URL, using your Luminis ID and password:
yourserver.com:port/testdatabase/gokssso.P_login

6. The General Menu Form (GUAGMNU) should appear.

Step 5

Configure your Luminis Server

This step should be performed by the Luminis administrator.

Note
The following steps provide information for configuring Luminis Platform
4.x systems. For information about configuring Luminis Platform 5.x
systems, refer to the Luminis Platform Banner Integration Setup Guide

that is delivered with the Luminis Platform 5.x documentation set.

1. Use the Luminis console command configman to update the es.systems parameter,

and to add the es.sctinb.configURL and es.sctinb.doGMTOffset parameters.

1.1.

Navigate to the $CP_ROOT/webapps/luminis/WEB-INF directory on the

Luminis server.

1.2.

Export the current properties from Luminis by running the following command:
configman -x ldi_banner.properties

1.3.

Open the ldi_banner.properties configuration file in your text editor.

1.4.

Locate the es.systems parameter and add sctinb to the end.

Example:
es.systems = sct is cal epos mb gtmb webct wp sctwf sctinb

1.5.

Go to the end of the ldi_banner.properties file.

1.6.

Add the es.sctinb.configURL parameter with the value:

http://your.inb.server:port/<YourNormalDAD>/
gokssso.P_GetConfigVersion2

Example:
es.sctinb.configURL = http://your.inb.server:port/testdatabase/
gokssso.P_GetConfigVersion2

1.7.

Add the es.sctinb.doGMTOffset parameter with the value false.

Example:
es.sctinb.doGMTOffset=false

1.8.

From the command prompt on the Luminis server, issue the following
command to import the new values:
configman -i ldi_banner.properties

2. Stop and restart the Luminis server using the stopcp and startcp commands.

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Implementing Single Sign-On for Internet-Native Banner

113

3. From a cygwin window on the Luminis server, issue the following commands to add

filters to Luminis that are required for SSO:

cptool sync password -add cpip sctinb

Note
You must wait at least 10 minutes for this to take effect, or you can stop
and restart your Luminis server again to see the changes immediately.

Step 6

Test

You should always test your changes before migrating them to your production
environment.
1. (Optional) For testing purposes, enter the following in Luminis to create a link that

you can use to access Banner. Make sure you change the text to reflect your
institutions configuration.
Example:
http://your.luminisserver.edu/cp/ip/timeout?sys=sctinb&url=http://
your.inbserver.edu/forms/frmservlet?config=sctsso

Note
The timeout function in the URL above ensures that the Luminis and
Banner sessions are not connected. This is necessary because the
timeout functions of the CPIP protocol are not implemented in Banner.
2. Logon to Luminis and select the link to access Banner. The Banner main menu should

appear.
Note
Do not implement any special Oracle Password Management features
with your test account because they can cause problems with LDAP
testing. Use the default Oracle profile with no Oracle Password

Management features enabled.

Step 7

(Optional) Set up SSO INB on Macintosh

If you want to run Single Sign-on (SSO/LDAP) using INB through Luminis on a
Macintosh, you must perform several additional steps. Otherwise, users will be prompted
to enter the Banner/Oracle user ID and password again when they click the INB link in
Luminis.
Note
The following steps assume that your SSO/LDAP using INB through
Luminis works perfectly on a PC running JINIT.

114

Banner General 8.3

Middle Tier Implementation Guide
Implementing Single Sign-On for Internet-Native Banner

October 2010

1. Access OEM on your INB server. In most cases, OEM can be accessed using:
http://servername:1810.

1.1.

Choose Forms in the System Components section.

1.2.

Choose Configuration.

1.3.

Locate your current SSO/LDAP configuration that works (for example,

ban7_sctsso).

1.4.

Edit the ban7_sctsso configuration.

1.5.

Change the following lines to be SSO-specific:

baseHTMLJInitiator = basejsso.htm
archive_jini =
bannersso.jar,banicons.jar,bannerui.jar,banspecial.jar,
banorep.jar,frmall_jinit.jar
envFile = ban7_sctsso.env

1.6.

Add the following two Mac lines to the configuration:

baseHTML=basejsso_mac.htm
archive=bannersso.jar,banicons.jar,bannerui.jar,banspecial.jar,ba
norep.jar,frmall.jar

1.7.

Save your changes.

2. Copy the file ORACLE_HOME\FORMS\server\base.htm in OAS10gR2 and name it

basejsso_mac.htm.

3. Edit the new basejsso_mac.htm file, making the following changes:

3.1.

Find this value:

CODE="oracle.forms.engine.Main"

And change it to:

CODE="com.sct.banner.web.applet.BannerApplet"

3.2.

Find this value:

And change it to:

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Implementing Single Sign-On for Internet-Native Banner

115

3.3.

Find this value:

And add the following additional line below it:

4. Save your changes to the basejsso_mac.htm file.

5. Test:
5.1.

Login to Luminis on the Mac and test the INB link. It should load the new .jar
file bannersso.jar, and connect you to Banner without the extra Banner/
Oracle login box.

5.2.

Test the direct login URL:

http://server4.xyz.com:9010/ban7_sctsso/gokssso.p_login

5.3.

116

Login with the LDAP user ID and password and it should log you in without
prompting for the Banner/Oracle user ID and password.

Banner General 8.3

Middle Tier Implementation Guide
Implementing Single Sign-On for Internet-Native Banner

October 2010

Implementing Single
Sign-On for Self-Service
Banner

Follow the steps in this chapter to implement Single Sign-On functionality for SelfService Banner (SSB).
1. Create Entries in LDAP to Store Configuration Values on page 117
2. Update New Entries in LDAP for SSB on page 119
3. Configure WebTailor for LDAP Server on page 121
4. Update WebTailor Parameters on page 123
5. Verify Configuration Steps in Self-Service on page 123
6. (Optional) Create DADs for Running SSO with VBS on page 125
7. Configure your Luminis Server on page 127
8. Test on page 128

Before performing these steps, you must already have performed the steps in chapter 3.
Note
This section does not cover SSO setup through Banner Enterprise
Identity Services. If you are using Banner Enterprise Identity Services,
please refer instead to the Banner Enterprise Identity Services
Handbook. This section provides information for configuring Luminis
Platform 4.x systems. If you are using Luminis Platform 5.x, refer to the
Luminis Platform Banner Integration Setup Guide that is delivered with

the Luminis Platform 5.x documentation set.

Step 1

Create Entries in LDAP to Store Configuration Values

You must add the configuration entries to your LDAP directory. The default DN path is:
o=config,o=Banner,o=SCTSSOapplications

SunGard Higher Education delivers the sample LDIF file below to help you. You can
edit this file to customize it for your institution. It is located in the

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Implementing Single Sign-On for Self-Service Banner

117

$BANNER_HOME\install

directory, and you must use ASCII mode to transfer it to your

LDAP server.
Note
LDIF files are temporary files which you can copy into a temporary
directory on Luminis and then run. These files modify the schema.

For all directories:

sso_parms_sserv.ldif - Defines the parameters used by the SSO process for
Self-Service Banner. This file creates the following entries in the sserv directory
(a subdirectory under config):
SSBServerName
DADNormal
CPAuth
CPDeAuth
CPLastAct
UserPrefix
SearchBase
UserMapDN
PswdChangeMessage
HTTPPrefixServer
HTTPPrefixClient
CSSURL
AnonmsSearch

Note
The delivered examples are for OID and SUNOne. You can, however, use
them as examples to interface Banner with other LDAP directories, e.g.,

OpenLDAP and Novell Directory Server (NDS).

1. Run ldapmodify, a utility delivered with your LDAP server, with the LDIF file you

just edited.
Warning
Be sure to run the ldapmodify that was delivered with your server. This is
especially important with the platforms where LDAP is delivered as part of
the operating system (e.g., some versions of SUN Solaris). You must use
the ldapmodify command that was delivered with the SunOne software

stored in the Luminis software directory.

The format of the ldapmodify command in a Luminis SunOne environment is:

ldapmodify -c -a -v -D"cn=Directory Manager" -w <password for
Directory Manager> -f <file name from list above>

For SUNOne, run:

1.1.

sso_parms_sserv.ldif

Example:
ldapmodify -c -a -v -D "cn=Directory Manager" -w yourpassword -f
sso_parms_sserv.ldif

118

Banner General 8.3

Middle Tier Implementation Guide
Implementing Single Sign-On for Self-Service Banner

October 2010

Step 2

Update New Entries in LDAP for SSB

Update the following entries in the LDAP server location that you chose previously with
the actual values for your institution. In the sample below, an LDAP browser was used.

SSBServerName - Defines the name of your Self-Service server, in the format

server name:port. One example would be my.ssbserver.edu:8000, where the
server name is my.ssbserver.edu and the port is 8000.
Note
Do not use http:// on the server, as this is configured in another
parameter.

you can include it, if desired.

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Implementing Single Sign-On for Self-Service Banner

119

CPAuth, CPDeAuth, CPLastAct - These values should be left as delivered in the

LDIF files. They have been made parameters to facilitate future modifications by
SunGard Higher Education or your own local customizations.
CPAuth should be set to gokssso.p_cp_login_sserv
CPDeAuth should be set to gokssso.p_cp_logout_sserv
CPLastAct should be set to gokssso.p_cp_lastact_sserv
UserPrefix - Defines the prefix added to a userid when a bind is issued to the
LDAP server. This provides the flexibility necessary to support users added to
LDAP using the uid= or cn= formats.
SearchBase - The user suffix used for searching and binding as users. It is
appended to the end of user IDs when doing an LDAP bind.
An example of an LDAP user that would be formed by the system with the user ID
is

myuser and the UserPrefix and SearchBase above

uid=myuser,ou=people,o=your.domain,o=cp

UserMapDN - Points to a location in the LDAP directory where users can be

mapped, if they are different between from the LDAP server and the Banner
database. Each entry in this location should be of the object class SCTSSOConfig,
and the Common Name (CN) of the entry should be the same as the LDAP user.
The SCTSSOConfigString attribute of the entry should be set to the user in the
Banner database. If the user IDs for a user in both systems are the same, an entry in
this location is not necessary for that user, and it is not recommended for
performance reasons.
One example would be an entry with a DN of
cn=StudentUser,o=usermap,o=Banner,o=SCTSSOapplications and an
SCTSSOConfigString of saisusr. The UserMapDN would be set to
o=usermap,o=Banner,o=SCTSSOapplications and at runtime the LDAP user
StudentUser would be changed to saisusr when the user logs in to Banner.

PswdChangeMessage - Defines the message presented to the user when their

password is modified in the Banner database. It appears only when the password is
changed to a different value, and the message includes a link that continues the
process of logging them into Banner.
HTTPPrefixServer - Defines the http protocol for server-to-server HTTP
communications. This is inserted before the INBServerName whenever
communications between servers are performed. It should be http:// for normal
HTTP and https:// for SSL.
HTTPPrefixClient - Defines the http protocol used when communicating to the
client browser. It should be http:// for normal HTTP and https:// for SSL.
CSSURL - Defines a full URL to the Cascading Style Sheet (CSS) you want to use
for the Logon screen. This can be the same value as the CSSURL you are using for
that system.

120

Banner General 8.3

Middle Tier Implementation Guide
Implementing Single Sign-On for Self-Service Banner

October 2010

AnonmsSearch - Specifies if an anonymous search is performed to get the DN

entry. Valid values are:
Y - An anonymous search will be performed to get the DN entry, and that
entry will be used to perform the bind
N - The entries defined in LDAP will be used to perform the bind.
Step 3

Configure WebTailor for LDAP Server

You can use the Lightweight Directory Access Protocol (LDAP) authentication process to
authenticate your users IDs and passwords for Self-Service Banner. Users can use their
LDAP user IDs and passwords to logon to all the self-service applications they use.
Use the following steps to configure WebTailor specifically for Single Sign-On to
Luminis. Your LDAP administrator can provide you with the values you need for this step.
Note
You may have already completed several of the steps when you
configured Self-Service Banner in chapter 2.

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Implementing Single Sign-On for Self-Service Banner

121

1. Logon to WebTailor as the WebTailor Administrator.

2. Go to the LDAP Administration page (twbkldap.P_ModifyPgLDAP) in WebTailor and

set up the LDAP options:

2.1.

LDAP Protocol - Specifies the protocol to be used with self-service. Select

LDAP_S if you are using LDAP with SSL at your institution.

Note
If you are not using LDAP authentication for Self-Service Banner, then the

protocol should be left as none.

2.2.

Search IndicatorIndicates whether anonymous search should be performed

before binding.

2.3.

LDAP Server NameLDAP server name that is used to validate users.

2.4.

LDAP PortPort number for LDAP server.

2.5.

Search Base for LDAPUser suffix used for searching and binding users.

2.6.

Suffix for LDAP UserUser suffix that should be used before binding user.

2.7.

Prefix for LDAP UserUser prefix that should be used before binding user.

2.8.

Attribute for Banner in LDAPAttribute which stores Self-Service Banner ID in

LDAP.

2.9.

SSL Wallet Location - Specifies the wallet location. This is required if you are
using a one-way or two-way SSL connection.

2.10. SSL Wallet Password - Specifies the wallet password. This is required if you are

using a one-way or two-way SSL connection.

2.11. SSL Authentication Mode - Specifies the authentication mode.

122

Banner General 8.3

Middle Tier Implementation Guide
Implementing Single Sign-On for Self-Service Banner

October 2010

Step 4

Update WebTailor Parameters

1. Login to WebTailor as the WebTailor Administrator.

2. Go to the WebTailor Parameters page (twbkparm.P_DispAllParams) and enter values

for the following parameters:

Parameter Name

Value

CPBASEURL

http://servername.yourdomain.com

CPCOOKIEDOMAIN

.yourdomain.com

CPCOOKIENAME

CPSESSID

CPCOOKIEPATH

CPPASSWDEXP

Specifies how password are expired in a Banner/Luminis

setup.

CPTIMEOUTURL

SCTSSB

(where SCTSSB is the name specified for Banner SelfService in your CPIP configuration)
Example:

/cp/ip/timeout?sys=sctssb&api=

LDAPMAPUSER

Specifies where LDAP mapping is defined.

See the Web Tailor Parameters topic in Chapter 3 of the Banner Web Tailor User
Guide for a detailed description of these and other Web Tailor parameters.
Step 5

Verify Configuration Steps in Self-Service

The sso_ldapssb.sql script can be used to verify your SSO environment by reading all
the parameters and displaying their values. It is delivered in the $BANNER_HOME/install
directory.
1. Run this script logged on as BANINST1.
2. Verify that the output looks similar to the following example:

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Implementing Single Sign-On for Self-Service Banner

123

Sample Output (your values will differ)

SQL> @sso_ldapssb
*****
***** BASIC LDAP SETTINGS
*****
LDAP Function: twbklogn.f_ldap_cpsearch
Server: my.ldapserver.edu:389
User: cn=Directory Manager
PW: ur.password
Config Base: o=sserv,o=config,o=Banner,o=SCTSSOAPPLICATIONS
*****
***** TWGBLDAP SETTINGS
*****
Protocol: NONE
Search Indicator: N
Server Name: my.ldapserver.edu
Port: 389
Search Base: ou=People,o=sct.com,o=cp
Suffix:
Prefix: uid=
Attribute for Banner: pdsExternalSystemID
Wallet Location:
Authentication Mode:
*****
***** LDAP SSB SETTINGS
*****
SSBServerName - my.ldapserver.edu:9000
DADNormal - /DADB70
CPAuth - gokssso.p_cp_login_sserv
CPDeAuth - gokssso.p_cp_logout_sserv
CPLastAct - gokssso.p_cp_lastact_sserv
UserPrefix - uid=
SearchBase - ou=people,o=sct.com,o=cp
UserMapDN - o=usermap,o=Banner,o=SCTSSOapplications
PswdChangeMessage - Your password in the Banner system has been changed to match
your password in the Lumins system.
HTTPPrefixServer - http://
HTTPPrefixClient - http://
CSSURL - http://my.ldapserver.edu:9100/css/web_defaultapp.css
AnonmsSearch - N
PL/SQL procedure successfully completed.

You can then use the sso_bindssb script to verify that a successful bind went through for
specified users.
3. Run this script logged on as BANINST1.
4. Verify that the output looks similar to the following example:

Sample Output (your values will differ)

SQL> @sso_bindssb
Run this as the user in your DAD from your Application Server
Enter value for directorymanagerpassword: cp.admin
old 30: ldap_dir_pwd := '&DirectoryManagerPassword';
new 30: ldap_dir_pwd := 'ur.password';
LDAP Server: my.ldapserver.edu:389
Before bind
Bind was successful
PL/SQL procedure successfully completed.

5. On the WebTailor LDAP Administration page, change the LDAP Protocol to LDAP.
6. Use your Luminis ID and password to log into Self-Service.

124

Banner General 8.3

Middle Tier Implementation Guide
Implementing Single Sign-On for Self-Service Banner

October 2010

Step 6

(Optional) Create DADs for Running SSO with VBS

Note
This step is required only if you are using VBS.

Self-Service Banner allows you to logon with your Oracle password instead of your
Banner ID and PIN.
The process in which SSO works seamlessly between Banner and Luminis is as follows:
1. As part of the normal SSO process between Luminis and Banner, your Luminis ID is

checked to see if it can be mapped to an Oracle/Banner ID.

2. The programming logic then checks the WebTailor tables to see if there are any for

which the ADMIN switch is set to Y (TWGBWMNU_ADM_ACCESS_IND = Y).

3. If any ADMIN switches are set to Y, then the user ID and password are encrypted and

stored in a cookie. The Oracle password is now identical to the one in Luminis.
4. You are then transferred to Self-Service Banner, and the CPSESSID cookie is set.
5. When you select a menu link in Self-Service Banner that has the ADMIN switch set,

the programming logic checks to see if the CPSESSID cookie exists.

6. If it does, _admin is added to the end of the DAD name in the URL.
7. This is picked up by the Oracle Application Service using a rewrite rule, which does

an internal redirect to a perl script.

8. The perl script changes the _admin to the actual ADMIN DAD, as defined by the

WEBUSER WebTailor parameter.

9. The programming logic then redirects to the TWBKAUSR package that maintains all

the post data, using the URL as a parameter.

10. The TWBKAUSR package receives the request from the perl script and uses the

encrypted cookie to build an authentication header.

11. The utl_http package issues the actual URL request with this header set, providing

the authorization to the ADMIN DAD so you arent prompted for a username and
password.
12. The results from the URL are edited to add _admin to all the URLs contained in it, so

the rewrite rule will be invoked again if you click on one of those URLs. You will not
need to enter your password again for this session.
Note
You must copy $BANNER_HOME/install/admin_redir.pl to
<ORACLE_HOME>/Apache/Apache/cgi-bin/admin_redir.pl.

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Implementing Single Sign-On for Self-Service Banner

125

13. In order for this process to work correctly, you must do the following:
13.1. Create a new DAD identical to your database DAD, and append the letter o to

the end. Refer to chapter 2 for information about creating a DAD.

Example:
DAD name: test
New DAD name: testo
Note
If you have changed the CGI-BIN Admin Directory Suffix to a value
other than o in your web rules in WebTailor, then you must append that

value rather than o.

13.2. Include the following rewrite rules in your OAS10g http.conf configuration

file located in <ORACLE_HOME>/Apache/Apache/conf/.

<Location /YourDAD_admin>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_METHOD} GET
RewriteRule /YourDAD_admin/(.*) /perl/admin_redir.pl\?dadname=YourDAD&url=http:/
/YourSSBServer/YourDADo/$1\%3F%{QUERY_STRING}
RewriteCond %{REQUEST_METHOD} POST
RewriteRule /YourDAD_admin/(.*) /perl/admin_redir.pl\?dadname=YourDAD&url=http:/
/YourSSBServer/YourDADo/$1\%3F%{QUERY_STRING}
</Location>

Where

Example

YourDAD_admin is the name of your DAD,

followed by the string _admin

test_admin

/perl/admin_redir.pl is the UNIX example of

the SunGard Higher Education-delivered script
located in $BANNER_HOME/install/ directory.

/perl/admin_redir.pl

Note: You should not rename this

file.

This script must be copied to <ORACLE_HOME>/

Apache/Apache/cgi-bin/ on your SSB server.

126

YourDAD is the name of your DAD

test

YourDADo is the name of your DAD, followed by

an o

testo

YourSSBServer is the name or IP address of your

server which runs Self-Service Banner

ssb.yourschool.edu:8000

Banner General 8.3

Middle Tier Implementation Guide
Implementing Single Sign-On for Self-Service Banner

Note: The port is not needed if it is

80.

October 2010

Step 7

Configure your Luminis Server

This step should be performed by the Luminis administrator.

that is delivered with the Luminis Platform 5.x documentation set.

1. Use the Luminis console command configman to update the es.systems parameter,

and to add the es.sctssb.configURL and es.sctssb.doGMTOffset parameters.

1.1.

Navigate to the $CP_ROOT/webapps/luminis/WEB-INF directory on the

Luminis server.

1.2.

Export the current properties from Luminis by running the following command:
configman -x ldi_banner.properties

1.3.

Open the ldi_banner.properties configuration file in your text editor.

1.4.

Locate the es.systems parameter and add sctssb to the end.

Example:
es.systems = sct is cal epos mb gtmb webct wp sctwf sctinb sctssb

1.5.

Go to the end of the ldi_banner.properties file.

1.6.

Add the es.sctssb.configURL parameter with the value:

http://your.ssb.server:port/testdatabase/
gokssso.P_GetConfigVersion2_sserv

Example:
es.sctssb.configURL = http://your.ssb.server:port/
<YourNormalDAD>/gokssso.P_GetConfigVersion2_sserv

1.7.

Add the es.sctssb.doGMTOffset parameter with the value false.

Example:
es.sctssb.doGMTOffset=false

1.8.

From the command prompt on the Luminis server, issue the following
command to import the new values:
configman -i ldi_banner.properties

2. Stop and restart the Luminis server using the stopcp and startcp commands.
3. From a cygwin window on the Luminis server, issue the following commands to add

filters to Luminis that are required for SSO:

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Implementing Single Sign-On for Self-Service Banner

127

cptool sync password -add cpip sctssb

Note
You must wait at least 10 minutes for this to take effect, or you can stop
and restart your Luminis server again to see the changes immediately.

Step 8

Test

You should always test your changes before migrating them to your production
environment.
1. (Optional) For testing purposes, enter the following in Luminis to create a link that

you can use to access SSB. Make sure you change the text to reflect your institutions
configuration.
http://your.luminisserver.edu/cp/ip/timeout?sys=sctssb&url=http://
your.ssbserver:port/YourDAD/bwgkogad.P_SelectAtypView

2. Logon to Luminis and select the link to access Self-Service Banner. In this example,

you would be taken to your information in the Directory Profile.

128

Banner General 8.3

Middle Tier Implementation Guide
Implementing Single Sign-On for Self-Service Banner

October 2010

Implementing Luminis
Channels for Banner

This chapter details the following steps for implementing Luminis Channels for
Banner.
1. Create the Home Directory for Luminis Channels for Banner on page 134
2. Edit the Configuration File on page 134
3. Localize the Configuration File on page 138
4. Deploy the EAR File on page 139
5. Install CAR Files on page 141
6. Publish the Channel on page 142
7. Check Your Work on page 143

Each Luminis Channel for Banner is delivered as a .car (channel archive) file. The .car file
is a .zip file that contains all elements needed to render the channel and to set up database
elements, supporting automation, publishing characteristics, etc., for the channel.
Note
This section provides information for configuring Luminis Platform 4.x
systems, which employ Banner Channels. Luminis Platform 5.x systems
provide similar Banner integration through portlets. If you are using
Luminis Platform 5.x, refer to the Luminis Platform Banner Integration
Setup Guide that is delivered with the Luminis Platform 5.x

documentation set.

Prerequisites
Before proceeding with your Luminis Channels for Banner implementation, make sure
you have completed the following prerequisite activities:

Apply Upgrade
Apply the Luminis Channels for Banner upgrade to your Banner database.

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Implementing Luminis Channels for Banner

129

Set up Security on GSASECR

1. Access the Security Maintenance Form (GSASECR).
2. Go to the Objects tab and verify that there has been an entry created for CHANNEL.

The delivered record should look like this:

Object: CHANNEL
Current Version: 7.0
System Code: G
Default Role: BAN_DEFAULT_M
Note
The Current Version value may be a higher version.

3. Go to the Classes tab and verify that there has been an entry created for

PXY_CHANNEL_LUMINIS. Move your cursor to that record to highlight the record.

Then press the Objects button and assign the CHANNEL object to this class with a
role of BAN_DEFAULT_M. The PXY_CHANNEL_LUMINIS class determines the
default user mapping for Banner Channels and will be used for all users that do not
have an Oracle account in the Banner database (for example, students).
4. Define a default Oracle ID for Banner Channels. Go to the Users tab and enter the ID

you would like to use. The recommended user ID is INTEGMGR, or you can create a
new Oracle ID. Next, press the Modify button and then User Classes. Click the All
radio button next under Show Classes and look for the PXY_CHANNEL_LUMINIS
class. Click the value in the class code item for this record. If the field is protected
against update, then there is already a default user assigned to the class (and
GSASECR will not allow more than one user to be assigned to this class).
5. Press the Close button twice to return to the Users tab.
6. On the Users tab, enter the same user ID (INTEGMGR or new ID) that you just

entered. Press the Alter button, check the Authorize BANPROXY box, and save
your changes.
7. Users with existing Oracle accounts (such as employees, finance users, and so on)

must be granted access to the CHANNEL object to use Banner Channels. The easiest
way to do this is to assign the CHANNEL object to one or more classes that are
assigned to your users. For example, to allow all users in the BAN_GENERAL_C
class access to Channels, go to the Classes tab and highlight BAN_GENERAL_C.
Then press the Objects button and add the CHANNEL object to this class with a role
of BAN_DEFAULT_M.

130

Banner General 8.3

Middle Tier Implementation Guide
Implementing Luminis Channels for Banner

October 2010

8. Individual users also must be granted BANPROXY access. Go to the Users tab and

enter the persons Oracle ID. Then press the Alter button, check the Authorize
BANPROXY box, and save your changes.

Perform Required Steps

Perform the required steps from chapter 3 of this guide, if you have not already performed
them. Note that if the Single Sign-On steps from chapter 4 and chapter 5 are not also
completed, login will be required every time a link to Internet-Native Banner or SelfService Banner is used from within a channel.

Architectural Overview
Every channel that integrates with Banner connects to it using a Java channel class named
com.sct.portals.luminis.ProviderChannel. The design of this channel provides for
easy configuration and connection to a database instance.
The ProviderChannel asks for the content and renders it within the portal. For Banner, a
provider is used to communicate to a J2EE application running within OAS10g.
The banportals application is a J2EE application, which delivers the content for
channels. It manages fine-grained access through an Oracle database connection pool.
Since the ProviderChannel communicates to the banportals application using HTTPS
(as shown in the illustration below), you must make sure that a line of communication is
available and will not be hampered by a firewall. You could also use the HTTP protocol,
but, since some data is sensitive in nature, SunGard Higher Education recommends that
you use HTTPS for your production instances.

ProviderChannel

Get content with

SOURCE_INFO
parameter

Oracle Application Server

banportals
Return XML for
rendering

The channel type for the ProviderChannel is custom. The ProviderChannel expects its
channel parameters to dictate what to execute on the Banner side.
The following parameters are used.

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Implementing Luminis Channels for Banner

131

Parameter Name

Type

Description

DEFAULT

Req

This parameter specifies the default view for the

channel to render.
Example: LI_DASHBOARD_DEFAULT

PROVIDER

Req

For all Banner channels the provider to be used is

com.sct.banner.portals.providers.
BannerDataProvider.

SOURCE_INFO

Req

This parameter is the driver command to acquire

channel specific data.

CACHE_TIMEOUT

Opt

If a channels data is not refreshed often, it could be

very beneficial to system performance to cache the
channel for a period of time while the user is logged into
the system. The CACHE_TIMEOUT value is the number of
seconds on a per-user per-session basis to cache a
channel.
The Banner channel framework will automatically
refresh the cache if the channel is focused or if the edit
button is clicked.

EDIT

132

Opt

Banner General 8.3

Middle Tier Implementation Guide
Implementing Luminis Channels for Banner

If the channel appears different in edit mode from the

way it appears in default mode, a different style sheet
will be used.

October 2010

Parameter Name

Type

Description

SOURCE_SSL

Opt

An SSL is a map of all style sheet titles and their related

XSL files. By default the ProviderChannel will take
the SOURCE_INFO name and apply .ssl to the end to look
up the SSL file. If a specific SSL file is needed that does
not follow this naming convention, an SSL can be
specified using the SOURCE_SSL parameter.
Example: /com/sct/banner/portals/ui/gc_nav/
gc_nav.ssl

CONNECTION_NAME

Opt

By default, channels will use the default connection

database pool setup on the OAS10g server. If multiple
connection pools are available, a channel can set the
CONNECTION_NAME parameter to link the channel to a
specific pool.
For example, if you have a PROD database that is your
default connection pool, but want to have a channel
interact with your TEST database you could specify
TEST as your CONNECTION_NAME.
Review setting up your connection pools for more
details.

Preparing to Install Luminis Channels for

Banner
Before you can configure and install the Luminis Channels for Banner, some files have to
be moved to the Luminis servers and others need to be moved to the OAS10g server.
The following files are used in the installation and configuration of Luminis Channels for
Banner.

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Implementing Luminis Channels for Banner

133

File Name

Description

sctecf.car

This file lays down the foundation on which Luminis

Channels for Banner are built. It stands for the Enterprise
Channel Foundation. It will be placed in a specified directory
on the Luminis server.

banportals.ear

This file is deployed to the OAS10g server and is used to

accept requests for content and return XML content to the
portal.

bannerCommon.car

This file provides the BannerDataProvider used to

implement the Luminis Channels for Banner. It also contains
the common XSL, images, and properties used by all Luminis
Channels for Banner. This file contains a properties file that
tells it the location of the OAS10g server that all channels will
contact for content.

banportalsadmin.
jar

This helper file provides a means to easily import properties

from a file and disseminate them through both the
banportals.ear and bannerCommon.car.

banportals.config

This is a template file that is used to set values within

banportals.ear and bannerCommon.car.

Step 1

Create the Home Directory for Luminis Channels for Banner

1. To manipulate and configure the files, create a directory on the OAS10g server.

Example:
/u01/PROD/sghe/banner/channels

2. Copy the contents of your Banner production directory/channel/admin to this

directory. In the instructions in this chapter, this directory is referred to as the

CHANNEL_HOME directory.
Step 2

Edit the Configuration File

Edit the banportals.config file that is located in your CHANNEL_HOME directory (for
example, D:\SGHE\BAN7\CHANNELS\banportals.config).

134

Banner General 8.3

Middle Tier Implementation Guide
Implementing Luminis Channels for Banner

October 2010

Banner Database Connection Configuration

Property Name

Description

connectionName.
list

Connection listings. Each item in this list will expect to have

<connection name>.<property> specified.
For example, the default value in the list makes the
configuration look for default.tnsName,
default.UserName, etc.:
connectionName.list=default
connectionName.list=default, other

connectionName.
default

For channels that do not specify the connection name to use,

the default name will be used.
Example:
connectionName.default=default

default.tnsName

TNS Name to use when connecting to the Banner database.

Example:
default.tnsName=LB70.sct.com

default.userName

Connection pool user to use.

Example:
default.userName=banproxy

default.password

Connection pool password to use.

Example:
default.password=banproxy

default.
poolConfig.
min-limit

Minimum number of physical connections maintained by the

pool.
Example:
default.poolConfig.min-limit=1

default.
poolConfig.
max-limit

Maximum number of physical connections maintained by the

pool.
Example:
default.poolConfig.max-limit=5

default.
poolConfig.
increment

Incremental number of physical connections to be opened

when all the existing ones are busy and a new connection is
requested.
Example:
default.poolConfig.increment=1

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Implementing Luminis Channels for Banner

135

Property Name

Description

default.
poolConfig.timeout

Specifies how much time must pass before an idle physical

connection is disconnected.
Example:
default.poolConfig.timeout=30

This does not affect a logical connection. The default time is

in seconds.
log4j.rootCategory

This specifies the logging level and logging scheme to be

used from within the servlet. The default logging level is
INFO, stdout, which directs the output of the servlet to the
system output, which in turn writes to the <ORACLE_HOME>/
opmn/<oc4j instance> logs.
To limit the growth and overall size of the log, the logging can
be turned down to ERROR. To do so, set the value of
log4j.rootCategory to ERROR, stdout.

Banner Channel Properties

Property Name

Description

providerServlet.
url

URL to access the Banner portal servlet. This is the URL of

the webserver, and points to the OC4J servlet, which will
reside on the webserver machine.
Example:
providerServlet.url=https://
yourservername.com:4445/banportals/

The port of 4445 in the document is an example. You will

provide the port number that takes you to the welcome page
of the webserver (for example, http://
yourservername.com:7777).
The /banportals/ portion of the URL is suggested as the
virtual path for the OC4J servlet. You will then reference the
banportals portion of the URL in later steps.

136

Banner General 8.3

Middle Tier Implementation Guide
Implementing Luminis Channels for Banner

October 2010

Property Name

Description

providerServlet.
userName

User name to secure the servlet.

Example:
providerServlet.userName=channelAdmin

providerServlet.
password

Password to secure the servlet.

Example:
providerServlet.password=u_pick_it

The recommended value for username is channelAdmin. You

can use any value for the password.
This username and password are used for authentication
between Luminis and the OC4J servlet engine. When you
complete Step 3, Localize the Configuration File, the
information stored in banportals.config is loaded into the
bannerCommon.car and banportals.ear files. Then
bannerCommon.car is moved to the Luminis server and
banportals.ear is deployed on the OAS10g server. When
the OC4J servlet engine receives a Channel request, it
compares the username/password stored in banportals.ear
with the username/password sent by Luminis from the
bannerCommon.car file.
Thus the providerServlet username and password need to be
defined only in the banportals.config file. There does not
need to be any corresponding OS user, Oracle user, etc.
XSL Parameters

The following are parameters that will be set on each XSLT translation. Additional
parameters can be added here for custom parameters in XSLTs.

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Implementing Luminis Channels for Banner

137

Property Name

Description

xsl-parameter.
erpUrlBase

URL for the INB server.

Example:
xsl-parameter.erpUrlBase=http://
yourservername.com:7777/forms90/
f90servlet%3Fconfig%3Dsctsso
%2526separateFrame%3Dfalse
%2526otherParams%3Dlaunch_form%3D

Note: If you want to load Banner forms in a separate window,

remove %2526separateFrame%3Dfalse from the URL
above.
xsl-parameter.
urlHostAndPath

URL for the self-service application.

Example:
xsl-parameter.urlHostAndPath=http://
yourservername.com:9001/YourDAD/

xsl-parameter.
externalSystem-inb

CPIP URL for the INB system.

Example:
xsl-parameter.externalSystem-inb=
%2fcp%2fip%2ftimeout%3fsys%3dsctinb

xsl-parameter.
externalSystem-ssb

CPIP URL for the self-service system.

Example:
xsl-parameter.externalSystem-ssb=
%2fcp%2fip%2flogin%3fsys%3dsct

Step 3

Localize the Configuration File

The banportals.config file contains values that need to be inserted into the
bannercommon.car and the banportals.ear file.
To roll out the changes an installer file, banportalsadmin.jar, is provided.To use this
installer, a Java VM must be installed on the same machine as the CHANNEL_HOME. A Java
VM of 1.3.1 or higher is required.
Tip
If the CHANNEL_HOME is on the same machine as your OAS10g server, you
can use the JAVA_HOME rooted at <ORACLE_HOME>/jdk. Set an
environment variable JAVA_HOME and point it to <ORACLE_HOME>/jdk.

Then ensure that JAVA_HOME\bin is the first item in your PATH.

Tip
To check the java version, run
java version

138

Banner General 8.3

Middle Tier Implementation Guide
Implementing Luminis Channels for Banner

October 2010

To execute the installer, run

java jar banportalsadmin.jar banportals.config

Step 4

Deploy the EAR File

SunGard Higher Education recommends that you use Oracle Enterprise Manager to
deploy the EAR file.
Using Oracle Enterprise Manager
1. Create an OC4J instance for the EAR file. For example, the Banner database is named

PROD:
PROD_banportals

It is recommended that you create a new OC4J instance for each channel servlet
instance. SunGard Higher Education recommends a naming convention of
<SID>_banportals where <SID> is the service identifier for your Banner instance.
2. Select the created OC4J instance, and go to the Applications tab. Click Deploy EAR

file (or Deploy Application in older versions).

3. You may be shown an introduction. Read it, then click Next.
4. Browse for the banportals.ear file that has just been updated in the CHANNEL_HOME

directory and select this file for deployment.

This step actually takes the EAR file within the CHANNEL_HOME directory and moves it
up to the OAS10g server. The EAR file must be made available to the machine on
which you are browsing the Enterprise Manager. If access is not readily available, the
file must be moved locally to the browser machine to upload it to the OAS10g server.
When selecting an application, select:
J2EE Application = the local file system location of the EAR file
For example, if the computer you are using to view the Enterprise Manager has a
shared drive to the OAS10g server, the J2EE Application location would refer to
CHANNEL_HOME/banportals.ear file. If you do not have access using mapped drives
or symbolic links, you will need to FTP the file to the local machine and then select
the file locally.
5. Select a name to identify the application within the OC4J instance. This name must

be unique to the OC4J instance and should typically contain the application currently
being deployed. The suggested name is <SID>_banportals.
6. Click Next.
7. Map the URL for the web modules. If the desired web root URL is not banportals,

alter the value on this step of the Oracle Enterprise Manager deployment wizard.

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Implementing Luminis Channels for Banner

139

8. Click Finish to navigate to the last summary step.

9. When the summary is displayed, click Deploy to deploy the EAR file. This step

generally takes approximately one to three minutes to complete.

10. Go to the Oracle Enterprise Manager home page to ensure that the newly created

OC4J instance is started.

11. Deploy the base CAR files

From your CHANNEL_HOME location copy the following files to the Luminis server
CP_ROOT/webapps/luminis/WEB-INF/cars:
bannerCommon.car
sctecf.car

For Luminis III.2 systems and higher, this directory will already exist. For earlier
versions of Luminis, you must create it.
Using Command Line Deployment - DCMCTL

This method is an alternative to the steps listed above. Although Oracle Enterprise
Manager is recommended for deploying the EAR file, you can also deploy it from the
command line by following the steps below.
1. As the owner of the OAS10g server, navigate to <ORACLE_HOME>/dcm/bin.
2. Create an OC4J instance:
dcmctl createcomponent co <OC4J Instance Name> -ct oc4j

where:
co = component name
ct = component type
It is recommended that you create a new OC4J instance for each channel servlet
instance. SunGard Higher Education recommends a naming convention of
<SID>_banportals where <SID> is the service identifier for your Banner instance.
For example:
dcmctl createcomponent co PROD_banportals ct oc4j

3. Deploy the EAR file to the newly created OC4J instance.

dcmctl deployapplication co <OC4J Instance Name> -a
banportals f $CHANNEL_HOME/banportals.ear

4. Ensure that the OC4J instance is running.

dcmctl start co <OC4J instance name>

140

Banner General 8.3

Middle Tier Implementation Guide
Implementing Luminis Channels for Banner

October 2010

5. Deploy the base CAR files.

From your CHANNEL_HOME location copy the following files to the Luminis server
CP_ROOT/webapps/luminis/WEB-INF/cars:
bannerCommon.car
sctecf.car

For Luminis III.2 systems and higher, this directory will already exist. For earlier
versions of Luminis, you must create it.

Installing a Luminis Channel for Banner

Step 5

Install CAR Files

1. Copy (or FTP in binary mode) the gc_nav.car file from your Banner production

directory/channels/admin directory to the following directory:

$CP_ROOT/webapps/luminis/WEB-INF/cars

Note
For Luminis III.2 systems and higher, this directory will already exist. For

earlier versions of Luminis, you must create it.

2. Copy (or FTP in binary mode) the CAR files for each licensed Self-Service product

from its corresponding $BANNER_HOME\web_product\java\*.car directory to the

following directory:
$CP_ROOT/webapps/luminis/WEB-INF/cars

For example, if Student Self-Service is installed, then you need to copy the CAR files
located in the Banner Production directory/stuweb/java directory.
Examples:
copy $BANNER_HOME\aluweb\java\*.car $CP_ROOT/webapps/luminis/WEB-INF/
cars
copy $BANNER_HOME\facweb\java\*.car $CP_ROOT/webapps/luminis/WEB-INF/
cars
copy $BANNER_HOME\finweb\java\*.car $CP_ROOT/webapps/luminis/WEB-INF/
cars
copy $BANNER_HOME\genweb\java\*.car $CP_ROOT/webapps/luminis/WEB-INF/
cars
copy $BANNER_HOME\payweb\java\*.car $CP_ROOT/webapps/luminis/WEB-INF/
cars
copy $BANNER_HOME\stuweb\java\*.car $CP_ROOT/webapps/luminis/WEB-INF/
cars

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Implementing Luminis Channels for Banner

141

copy $BANNER_HOME\wtlweb\java\*.car $CP_ROOT/webapps/luminis/WEB-INF/

cars

Note
You can only install the products you have licensed.

3. Restart the Luminis Web server.

Once the restart is complete, the channel will be recognized by the system and any
optional data required to set up its supporting elements will be processed.
Step 6

Publish the Channel

For detailed information about the WebTailor pages mentioned in this procedure, see the
Luminis Channels for Banner Handbook.
1. Logon to Luminis as the administrator.
2. Choose the Channel Admin link.
3. Choose the Modify a currently published channel link.

The system displays the Channel Manager page. When the system was restarted
previously, it automatically processed all the elements needed for the initial setup of
the channel. Therefore, you will only need to modify values to customize the channel
for your institutions business practices.
4. Locate the channel you want to modify. You can use the page number links to go to a

different page, and you can select a category from the pull-down list to reduce the
number of channels displayed on the Channel Manager page.
5. Click the Edit button for the channel you want to modify. The system displays the

Channel Manager page at the Review workflow step.

6. Click the Categories step.
7. For the Categories step, check the check box for the category you want the channel

associated with (Applications is recommended), then click Next or the Groups step.
8. For the Group step, check the check box for the group you want the channel

associated with, then click Next or the Review step.

Note
If you are using Luminis III.2 or higher, the system automatically assigns
SunGard Higher Education-delivered channels to the Auto-Published
category, and only a user with the Admin role can subscribe to it.
SunGard Higher Education recommends that an Admin user subscribe to

142

Banner General 8.3

Middle Tier Implementation Guide
Implementing Luminis Channels for Banner

October 2010

the channel to test it, modify institutional preferences if necessary, then

reassign it to a different group as explained in this procedure.

Only users assigned to the group selected in this step will be able to subscribe
to the channel.
9. For the Review step, click Finished.
Note
If desired, you can modify any of the clickable values displayed on the

Review step, but you do not need to do this for installation.

Step 7

Check Your Work

1. Return to the Luminis portal.

2. Subscribe to the channel.
3. Test it to make sure it works.

Locale-Specific URLs
For a multi-language implementation of Banner, you can set up locale-specific URLs for
INB and SSB.
Note
This setup is possible only for an international version of Banner.

1. Edit the banportals.config file to add locale-specific configurations to the end of the

file. For example:

xsl-parameter.erpUrlBase.<Locale>= Locale-specific INB URL
xsl-parameter.urlHostAndPath.<Locale>= Locale-specific SSB URL

2. Run banportaladmin.jar to generate the bannerCommon.car, sctecf.car, and banportals

EAR files.
3. To deploy, restart the web server.

Example INB Test for the My Banner Channel

1. Create a BANSECR/Oracle account for testing, if you do not already have one:

October 2010

1.1.

Login to Banner as BANSECR.

1.2.

Go to the User Maintenance section of GSASECR.

1.3.

Enter a user such as testinb7 and choose insert.

Banner General 8.3

Middle Tier Implementation Guide
Implementing Luminis Channels for Banner

143

1.4.

Enter a password.

1.5.

Enter TEMP for Temp Tablespace.

1.6.

Enter USERS for Default Tablespace.

1.7.

Enter BAN_DEFAULT_CONNECT for the Default Role.

1.8.

Check the Authorize BANPROXY check box.

1.9.

Save your changes.

1.10. Click Modify, and then User Classes, and finally BAN_GENERAL_C class

(which should include object CHANNEL - BAN_DEFAULT_M) to enroll the user in

that class.
1.11. Login to INB as testinb7 (or whatever test user you just set up) with the

password to confirm that it works.

2. Set up a My Banner menu item for the E-mail Form (GOAEMAL):
2.1.

While still logged in as testinb7, go to form GUAPMNU.

2.2.

Enter a few personal forms such as GOAEMAL, SPAIDEN, and GTVEMAL.

2.3.

Save your changes.

2.4.

Exit Banner.

3. Log back into Banner as any user with access to GOAEACC:

144

3.1.

Go to GOAEACC.

3.2.

For Username, enter TESTINB7.

3.3.

For ID, enter 111111111.

3.4.

Save your changes.

3.5.

Exit Banner.

Banner General 8.3

Middle Tier Implementation Guide
Implementing Luminis Channels for Banner

October 2010

4. Create a matching Luminis test account (such as testinb7), if do not already have one:
4.1.

Login to Luminis as administrator.

4.2.

Choose Admin Toolbox.

4.1.

In User Admin, select New.

4.1.

Enter test for First Name.

4.1.

Enter inb7 for Last Name.

4.1.

Enter 01-JAN-1980 (or some value) for Birthdate.

4.1.

Enter the password.

4.1.

Confirm the password.

4.1.

Enter testinb7 as the Login Name.

4.1.

Choose Next and then OK.

4.1.

Exit Luminis.

5. Login to Luminis with your test account.

6. Choose Content/Layout.
7. Choose the Add Channel button in desired location.
8. Select Category = Application.
9. Choose GO.
10. Select My Banner.
11. Choose the Add Channel button.
12. Choose the Back to All Users Sample tab and review your work.
13. Choose the new My Banner link from your chosen location.
14. Choose the E-mail Address Form link and it should launch INB 7.x and the

GOAEMAL form.

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Implementing Luminis Channels for Banner

145

Example SSB Test for Personal Information Channel

1. Locate a Banner ID with access to SSB. Example:

ID = 111111111 (ex. SPRIDEN_ID)

2. Login to Luminis as the administrator.
2.1.

Choose Admin Toolbox.

2.2.

In User Admin, select New.

2.3.

Enter test for First Name.

2.4.

Enter ssb7 for Last Name.

2.5.

Enter 01-JAN-1980 (or some value) for Birthdate.

2.6.

Enter 111111111 (ex. SPRIDEN_ID) in the External Information System ID

field.

2.7.

Enter the password.

2.8.

Confirm the password.

2.9.

Enter testssb7 as the Login Name.

2.10. Choose Next and then OK.

2.11. Exit Luminis.
3. Login to Luminis with testssb7 and the password.
4. Choose Content/Layout.
5. Choose the Add Channel button in desired location.
6. Select Category = Application.
7. Choose GO.
8. Select the Personal Information link.
9. Choose the Add Channel button.
10. Click the Back to All Users Sample tab, and review your work.
11. Choose the new Personal Information link from your chosen location.
12. Choose Update E-mail Addresses. You should be transferred directly into the SSB

application on the Change E-mail web page.

146

Banner General 8.3

Middle Tier Implementation Guide
Implementing Luminis Channels for Banner

October 2010

Implementing Banner HR
Effort Reporting and Labor
Redistribution

Banner HRs Effort Reporting and Labor Redistribution system is a Rich Internet
Application (RIA). To implement it, you need to install Oracle Application Server
10.1.3.x. The minimum requirement for installation is the J2EE Server.

Procedure to Deploy Effort Reporting and

Labor Redistribution
Deploy the ear File
To deploy the Effort Reporting and Labor Redistribution ear file, complete the following
steps:
Note
The efc.ear files release 8.3.0.2 and later, require JDK 1.6. You can
download JDK 1.6 from:
http://java.sun.com/javase/downloads/widget/jdk6.jsp
To update the Oracle Application Server to use JDK 1.6, follow Solution
#1 in FAQ 1-7GUEKE Oracle Doc ID 396096.1 How to Update the
Default JDK Installed in Application Server 10.1.3.

To confirm your java version, run the command java -version.

1. Create a folder called EffortDeploy on your Oracle Application Server and copy the

efc.ear file and ERLR plan file to this new folder.

For OAS version 10.1.3.1 or 10.1.3.3, use efc_plan.dat. If the server is
configured with SSL, then use efc_plan_ssl.dat.
For OAS version 10.1.3.4 and later, use efc_plan_10_1_3_4.dat. If the server is
configured with SSL, then use efc_plan_ssl_10.1.3.4.dat.
2. Create a folder called earExtract within the EffortDeploy folder and Unzip the
efc.ear

file into this new folder. (from earExtract)

Windows: jar xvf ..\efc.war

Unix: jar xvf ../efc.war

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Implementing Banner HR Effort Reporting and Labor Redistribution

147

3. Create a folder called warExtract within the earExtract folder and unzip the efc.war

file created from Step 2 into this new folder. (from warExtract)
Windows: jar xvf ..\efc.war
Unix: jar xvf ../efc.war
4. Go to the folder EffortDeploy\earExtract\warExtract\WEB-INF\classes and

modify the applicationContext-springSecurity.xml file. Change the logout-success-url

to point to your Employee Self Service URL.
<security:logout logout-url="/efc-flex/j_spring_security_logout"
logout-success-url="http://<Oracle Application
Server>:<port>/<sid>
/twbkwbis.P_GenMenu?name=pmenu.P_MainMnu"/>

148

Banner General 8.3

Middle Tier Implementation Guide
Implementing Banner HR Effort Reporting and Labor Redistribution

October 2010

5. Go to the folder EffortDeploy\earExtract\warExtract\WEB-INF\classes and

configure your datasource information in file jdbc.properties.

# This file contains JDBC specific properties that are configurable by
a client.
jdbc.driver=oracle.jdbc.driver.OracleDriver
jdbc.url=jdbc:oracle:thin:<Oracle Database Server>:<port>:<sid>
jdbc.user=flexusr
jdbc.password=<password>
jdbc.max.active=-1
jdbc.max.idle=8
jdbc.max.wait=-1
jdbc.proxy=false
jdbc.driver

The jdbc driver classname.

jdbc.url

The url used to locate the database for this datasource.

jdbc.user

The default username for the database connection.The flexusr account was created in
the 8.1 release.
Note
If you are configuring Effort Reporting and Labor Redistribution (ERLR)
8.1 while also using Travel and Expense Management 8.2, you must use
Banners GSASECR form to add the ban_default_m role as a default

role for the flexuous account.

jdbc.password

The default password of the user for the database connection.

jdbc.max.active

The maximum number of active connections that can be allocated from this pool at the
same time, or non-positive for no limit.
jdbc.max.idle

The maximum number of active connections that can remain idle in the pool, without
extra ones being released, or negative for no limit.
jdbc.max.wait

The maximum number of milliseconds that the pool will wait (when there are no
available connections) for a connection to be returned before throwing an exception,
or -1 to wait indefinitely.

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Implementing Banner HR Effort Reporting and Labor Redistribution

149

jdbc.proxy

Valid values are true and false.

True indicates that Oracle connections will be proxy connections. Proxy connections
will allow Oracles VBS and FGAC rules to be employed for the user.
False indicates that Oracle connections are exclusive for the identified user.
6. If you are using efc.ear version 8.3.0.4 and above, perform the following additional

configuration steps.
6.1.

Configure activemq.properties file found at the folder

EffortDeploy\earExtract\warExtract\WEB-INF\classes as mentioned below.
If your OAS is configured to use non-secure protocols(http/ajp), then modify
the transportconnectoruri.http url to replace the localhost with your OAS server
name.
If your OAS is configured to use secure protocols (https/ajps), do the following:
comment out the transportconnectoruri.http url
uncomment the transportconnectoruri.https url and replace the
localhost with your OAS server name.
Any available port numbers on the application Server can be used in the above
URLs.

Note
Here OAS refers to the Oracle application server where the Effort
Certification and Labor Redistribution(ERLR) Application is being
deployed which may or may not be same as your SSB Oracle
Application Server.
6.2.

In the same location mentioned above, you will also find a xml file
activemq.xml. This file will have to be configured to use correct transport
connectors as mentioned below.
If your ERLR OAS is configured to use non-secure protocols (http/ajp), then no
changes are required to the file. By default the transportconnectoruri.http uri is
available for use.
If your ERLR OAS is configured to use secure protocols(https/ajps), do the
following:
comment out the transportconnectoruri.http and
transportconnectoruri.tcp

uncomment the transportconnectoruri.https uri

150

Banner General 8.3

Middle Tier Implementation Guide
Implementing Banner HR Effort Reporting and Labor Redistribution

October 2010

7. Reconstruct the ear file using the steps below.

7.1.

Change directory to the warExtract folder and create efc.war. This will
overwrite the originally extracted war file.
Windows: jar cmf META-INF\MANIFEST.MF ..\efc.war *.*
Unix: jar cmf META-INF/MANIFEST.MF ../efc.war *

7.2.

Change directory to the earExtract folder and create the efc.ear file. This will
overwrite the originally extracted ear file. (jar cmf META-INF\MANIFEST.MF
..\efc.ear efc.war META-INF)

8. Access OEM on your 10.1.3.x Oracle Application Server. In most cases, OEM can be

accessed using http://yourservername:8888.

You will be creating a new instance in the following steps.
9. Create a new group for SGHE application deployments.
9.1.

Choose Create in the Groups section of the Oracle Application Server console.

9.2.

Enter Group Name: sghe_group.

9.3.

Choose Create.

10. Expand All Application Servers.

11. Choose your installation of 10.1.3, for example, asdbR3.<yourservername>.
12. Choose Create Instance.
13. Use instance name = efc.
14. Add to existing group with name: sghe_group.
15. Check Start this instance after creation.
16. Choose Create.
17. Under Cluster Topology > Application Server: OAS 10.1.3 server name, click

the new efc instance and then choose Applications.

18. Choose Deploy.
19. In the Archive section, browse for the modified ear file from Step 6.
20. In the Deployment Plan section, browse for the ERLR plan file.

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Implementing Banner HR Effort Reporting and Labor Redistribution

151

For OAS version 10.1.3.1 or 10.1.3.3, use efc_plan.dat. If the server is

configured with SSL, then use efc_plan_ssl.dat.
For OAS version 10.1.3.4 and later, use efc_plan_10_1_3_4.dat. If the server is
configured with SSL, then use efc_plan_ssl_10.1.3.4.dat.
21. Click Next.
22. Click Next.
23. Click Deploy.

Modify the Server Properties

After youve deployed the ear file, modify the server properties with the information that
follows. The ear file created by the installer must be deployed to an OAS R3 (10.1.3.x)
instance. The ear file should be deployed to a new instance that has no other application
deployed to it.
1. Access the server properties as follows:
1.1.

Under Cluster Topology > Application Server: OAS 10.1.3 server name,
click the efc instance.

1.2.

Click the Administration tab.

1.3.

Locate Server Properties and click the Go To Task icon.

2. Under Ports > Web Sites, make the following settings:

Name = default-web-site
Port = 8889
Protocol = http

3. Change the following settings in Start-parameters: Java Options:

Maximum heap size = 1024M
Initial heap size = 512M

It is recommended that the instance be configured with a minimum of 1 gigabyte as

the max memory. This parameter may need to be increased depending upon the size of
your institution.
4. The max perm size should be set to at least 512M by adding the following under

Start-parameters:
Java Options on the Server Properties of the instance:
'-XX:MaxPermSize=512M'

152

Banner General 8.3

Middle Tier Implementation Guide
Implementing Banner HR Effort Reporting and Labor Redistribution

October 2010

5. Add the following option to the Start-parameters: Java Options of the Server

Properties for the OC4J instance:

-Doc4j.jmx.security.proxy.off=true

Note
If you are using efc.ear version 8.3.0.4 and later and your OAS is using
secured protocols, then update the JVM configuration on your OAS with
the following new arguments.
Djava.compiler=none -Djavax.net.ssl.keyStore=<your keystore location>

Djavax.net.ssl.keyStorePassword=<your keystore password>

6. Under the Start-parameters: OC4J options, add the option -userThreads if it is

not already present.

7. The Apache TIMEOUT parameter in the httpd.conf defaults to 5 minutes. This

parameter may need to be increased depending upon the size of your institution for
the ERLR batch extract process.
8. Restart your Oracle Application Server.

Integrate Employee Self-Service with ERLR

To integrate Employee Self-Service with ERLR, you must update SSB Web Tailor.
1. Login to SSB as a Web Tailor Administrator.
2. Click WebTailor Administration tab.
3. Select WebTailor Parameters from the WebTailor menu.
4. Click Parameter ESS_TO_ERLR_URL.
5. Change Parameter Value = UPDATE ME to Parameter Value = <protocol>://<OAS

server name>:<port number>/efc/efc-flex/.

Setup SSB Roles

1. Login to SSB as a Web Tailor Administrator.
2. Click the WebTailor Administration tab.
3. Select User Roles from the WebTailor menu.
4. Enter your user ID in the User ID field.
5. Click Submit.

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Implementing Banner HR Effort Reporting and Labor Redistribution

153

6. Select the Effort Certification Administrator and Labor Redistribution Initiator

check boxes.
7. Click Submit.

Integrate Banner Payroll with ERLR

To integrate Effort Certification with the Banner Payroll Java process PHPECEX
(phpecex.jar), you must update the Position Control Installation Form (NTRINST).
1. Login to Banner as a userid with access to the NTRINST form.
2. Go to the NTRINST form.
3. Enter the following details under Effort Certification Web Service.
3.1.

If you are using ERLR release 8.3.0.4 and later, use the following URL:
URL = <protocol>://<OAS server name>:<port number>/efc/jms

The above url should match the url that you have used within the
activemq.properties file. For example:
http://<your OAS server name>:8182/efc/jms
OR
https://<your OAS server name>:9100/efc/jms
3.2.

Otherwise, use:
URL = <protocol>://<OAS server name>:<port number>/efc/ws/
effortReportRequestService

Note
The port number in the above URL is where the ERLR oc4j container is
configured. In other words, this is the port number that you will be using in

the URL to launch the application.

3.3.

Enter u_name_it in the Password field.

Note
This is more like a passcode and has no userid associated with it and you
can pick any value you like. The Java PHPECEX process calls the Web
Service/JMS URL with the passcode. The ERLR Web service/JMS will
then connect to the Banner database as flexusr/u_pick_it defined on
ERLR deployment in "jdbc.properties" to confirm the passcode in the
database match the one used on the calling URL. If they match, the Web

Service/JMS will process the request as required.

4. Save the changes.

154

Banner General 8.3

Middle Tier Implementation Guide
Implementing Banner HR Effort Reporting and Labor Redistribution

October 2010

You will now be able to submit the PHPECEX process from GJAPCTL.

Single Sign on
The ERLR application supports the LDAP user id. There is no further sign on required,
when you are logged-in from the Banner Self Service application. If you are using LDAP,
the LDAP user id will have to be associated to a valid GOATPAD user id on the LDAP
user administration page. With Web Tailor Protocol set to LDAP, you can still connect to
ERLR with date expired PIN on GOATPAD.

Load balancer configuration

If you are implementing the ERLR application in a Load balanced environment,
terminating the SSL at the LBR, then the services-config.xml file will have to be
configured as mentioned below.
1. Edit the file /WEB-INF/flex/services-config.xml.

This can be done before efc.ear deployment in the following location:

EffortDeploy\earExtract\warExtract\WEB-INF\flex
This can be done after efc.ear deployment on the OAS Server in the following
location:
ORACLE_HOME\j2ee\efc\applications\efc\efc\WEB-INF\flex
Note
You should restart the OAS server once you make this change.

2. Locate the following lines:

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Implementing Banner HR Effort Reporting and Labor Redistribution

155

<endpoint uri="https://{server.name}:{server.port}/
{context.root}/messagebroker/amfsecure"
class="flex.messaging.endpoints.SecureAMFEndpoint"/>
<properties>
<add-no-cache-headers>false</add-no-cache-headers>
</properties>
</channel-definition>

3. Change these lines to the following:

<channel-definition id="my-amf"
class="mx.messaging.channels.AMFChannel">
<endpoint uri="http://{server.name}:{server.port}/
{context.root}/messagebroker/amfsecure"
class="flex.messaging.endpoints.AMFEndpoint"/>
<properties>
<polling-enabled>false</polling-enabled>
<add-no-cache-headers>false</add-no-cache-headers>
</properties>
</channel-definition>
<channel-definition id="my-secure-amf"
class="mx.messaging.channels.SecureAMFChannel">
<endpoint uri="https://{server.name}:{server.port}/
{context.root}/messagebroker/amfsecure_"
class="flex.messaging.endpoints.SecureAMFEndpoint"/>
<properties>
<add-no-cache-headers>false</add-no-cache-headers>
</properties>
</channel-definition>

The following changes were made to the original file:

amf to amfsecure
amfsecure to amfsecure_
4. Enable the Redirect Rewrite option in the http profile for the virtual server.
Note
In other load balancers, it may be Reply Rewriting instead of Redirect

Rewrite.

156

Banner General 8.3

Middle Tier Implementation Guide
Implementing Banner HR Effort Reporting and Labor Redistribution

October 2010

Troubleshooting
FAQ 1-477BWE

Question: The application server version for Employee Self-Service 8.1 and higher is
listed as 10gR3 (10.1.3.x). However, the other Self-Service products are indicating
10.1.2.x as the minimum. What is the reason for this difference?
Answer: Employee Self-Service 8.1 and higher includes the Effort Reporting and Labor
Redistribution (ERLR) enhancement. This ERLR enhancement uses a Rich Internet
Application (RIA) user interface and was developed using Adobe Flex. If you plan on
using this enhancement, you need to be at the 10gR3 Application Server version to
support Adobe Flex. If you are not using ERLR, you can use either 10gR2 or 10gR3.
FAQ 1-4C7JS9

Question: What are the minimum requirements to use Effort Certification and Labor
Redistribution delivered in Employee Self-Service 8.1?
Answer: You must install all the following releases in order to use this product:
Banner General 8.1
Banner Finance 8.1
Banner Human Resources 8.1
Banner Position Control 8.1
Banner Web Tailor 8.1
Banner Web General 8.1
Banner Employee Self-Service 8.1
FAQ 1-5H1FFN

Question: Where can I locate the source code for Effort Reporting (ERLR)?
Answer: It is located at the Customer Support Center Software download area under
Banner Employee Self-Service. Select the Effort Reporting check box under 8.x. When
you select the file for download, click the I Agree field to acknowledge that you are in
agreement with the terms and conditions before being able to download the source code.
FAQ 1-8CICOB

Question: I receive the following error when trying to access the Effort Certification or
Labor Redistribution Menu:
Bad Request mod_plsql:/pls/BAN8/UPDATEMEj_spring_security_check HTTP-400 Bad
procedure name:part exceeds 30 bytes.

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Implementing Banner HR Effort Reporting and Labor Redistribution

157

Answer: A new Web Tailor Parameter ESS_TO_ERLR_URL has been added to the
TWGBPARM table. This parameter is delivered with a value of UPDATEME. In the Web
Tailor Parameters menu in Web Tailor, enter the Web URL of the server where the Effort
Certification application has been installed at your site in the field ESS_TO_ERLR_URL
to replace the UPDATEME. For example, :http://<ERLR OAS server Name>:<port
number>/efc/efc-flex/.
FAQ 1-47QEDK

Question: Will SunGard certify/support OAS 10.1.3.x for all Banner Self-Service
products?
Answer: Application Server 10g Release 10.1.3 does not include Forms and is
subsequently not available for forms deployment (INB). Banner Self Service 8.1 and
above is supported with 10.1.3.4.
If you are using earlier versions of Banner Self Service (Pre June 2009) and ERLR, you
need 2 OAS environments. If you are at the latest versions (Posted after June 2009) of
Banner Self Service, you do not need two OAS environments and can run at 10.1.3.4 or
earlier.
FAQ 1-4HDSVM

Question: Error deploying efc.war - Invalid archive file Jar file efc.war is missing a
standard deployment located at WEB-INF/web.xml.
You are deploying the efc.ear file in OAS 10.1.3.x and enter the following details:
Archive Location = D:\SCT\BAN8\EffortDeploy\efc.ear
Plan Location = D:\SCT\BAN8\EffortDeploy\efc_plan.dat
When you click Next, you get the following error:
Failed in unploading archive.
Invalid archive file: Jar file efc.war is missing a standard deployment located at WEBINF/web.xml
Answer: In most cases, this error is caused by a corrupt efc.ear file. Doing ls -l efc.ear
reveals a size corruption issue on the file. For example, the size should be around
(50836525):
-rw-r--r--

2 ban8

dba

50836525 Nov 6 17:58 efc.ear

When the error mentioned above occurred, the size was (1761):

158

Banner General 8.3

Middle Tier Implementation Guide
Implementing Banner HR Effort Reporting and Labor Redistribution

October 2010

-rwxrwx--- 1 oracle dba

1761 Jan 7 13:54 efc.ear

Note
To fix this, you have to configure the ear file again by following the steps
mentioned in the implementation section. Make sure you start out the

process with a valid baseline ear and empty directories.

FAQ 1-4J52TW

Question: How to enable DEBUG in the efc.ear / tvlexp.ear application?

Answer: The following instructions explain how to implement DEBUG for the efc.ear
file.
Note
These steps are similar for debugging the tvlexp.ear file. This was tested

with OAS 10.1.3.3 installed on Win2003 server.

1. Edit the file ORACLE_HOME\j2ee\efc\applications\efc\efc\WEB-

INF\classes\log4j.properties.
2. Change (2 locations for efc) log4j.rootLogger=ERROR, file

to
log4j.rootLogger=DEBUG, file
3. Save the changes.
4. Ensure that the Dlog4j.configuratorClass flag is not set.
5. Select the efc OC4J Instance from Cluster Topology > Application Server:

OAS_10_1_3.rocoram2.corp.sct.com > .
6. Click the Administration tab.
7. Locate Server Properties and click the Go To Task icon.
8. From the Start-parameters: Java Options click the Delete icon for this row if it exists:

Dlog4j.configuratorClass=com.sungardhe.framework.logging.DBLoggingConfigurat
or
9. Apply changes.
10. Restart the OC4J application on OEM Console.
11. Review the DEBUG log file in the default location:

ORACLE_HOME\j2ee\home\efc.log

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Implementing Banner HR Effort Reporting and Labor Redistribution

159

12. Review additional log file locations as needed in.

ORACLE_HOME\opmn\logs\
ORACLE_HOME\j2ee\efc\log\
ORACLE_HOME\j2ee\efc\log\efc_sghe_group_1
If you want to change the location or name of the log file, you can edit this line in
log4j.properties:
log4j.appender.file.File=efc.log
The location is relative to ORACLE_HOME\j2ee\home
For example, log4j.appender.file.File=../efc/log/efc.log will place the file in
ORACLE_HOME\j2ee\efc\log\efc.log
You can turn on additional debugging for other modules as needed in the
log4j.properties. For example, change
### HIBERNATE LOGGING ###
log4j.logger.org.hibernate=error
to
### HIBERNATE LOGGING ###
log4j.logger.org.hibernate=DEBUG
You will get more details in the efc.log file.
FAQ 1-4U7LAV

Question: Banner OAS OC4J applications (efc, tvlexp) getting Error occurred during
initialization of VM - Could not reserve enough space for object heap.
This error was replicated on a Win2003 SP2 32bit server running OAS 10.1.3.1.
You are configuring Banner OAS OC4J applications. For example, efc.ear or tvlexp.ear.
1. Set the configuration parameter XX:MaxPermSize=512M.
2. Restart the OC4J instance.

You get the following error:

Could not reserve enough space for object heap.
Could not create the Java virtual machine.

160

Banner General 8.3

Middle Tier Implementation Guide
Implementing Banner HR Effort Reporting and Labor Redistribution

October 2010

This error occurred during initialization of VM. More details on the error can be found
in the OC4J Instance in the directory ORACLE_HOME\opmn\logs.
Answer: This error is caused by memory limitations on Win32 machines (and also
application that load themselves into process address space). Java needs to allocate a
contiguous block of memory (including heap and perm), and sometimes it can't reserve as
much memory as is required.
Run the following commands from the server command prompt to determine the current
amount contiguous memory available to Java:

java -Xmx1024m -XX:MaxPermSize=512m -version

java -Xmx1024m -XX:MaxPermSize=384m -version

java -Xmx1024m -XX:MaxPermSize=256m -version

java -Xmx1024m -XX:MaxPermSize=128m -version

Try running these command one at a time. If the command errors with the above error
message, try the next command until you find correct working MaxPermSize for your
server.
Once you have that values, you can adjust the OC4J configuration to match that and restart
the OC4J application and test the Banner OC4J application.
The following are the other possible options to get the Banner recommended
MaxPermSize=512m working:
Add more memory to the server
Maximize Virtual memory on the server
Reboot the server with only the essential OAS applications running
More details on performance tuning of OAS 10.1.3.1 (OC4J) can be found at:
http://download.oracle.com/docs/cd/B31017_01/core.1013/b28942
top_issues.htm#BCFEEABC
Review the section "3.1.2 Ensure Sufficient Java Heap for OC4J"
If your OC4J instance does not start due to the above error, you have to manually edit the
configuration file. For example:
1. Edit ORACLE_HOME\opmn\conf\opmn.xml.
2. Locate the OC4J application name for example "efc".
<process-type id="efc" module-id="OC4J" status="enabled">
<module-data>

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Implementing Banner HR Effort Reporting and Labor Redistribution

161

3. Adjust the following memory settings to smaller values as needed.

Xmx1024M
Xms512M
XX:MaxPermSize=512M
4. Restart the OC4J application.
FAQ 1-54FY90

Question: Deploying efc.ear on AIX results in error: Operation failed with error: [efc:efc]
- Exception creating EntityManagerFactory using PersistenceProvider class
org.hibernate.ejb.HibernatePersistence for persistence unit efc.
Answer: Deploying efc.ear on AIX results in error:
Operation failed with error: [efc:efc] - Exception creating EntityManagerFactory using
PersistenceProvider class org.hibernate.ejb.HibernatePersistence for persistence unit efc.
The version of Java delivered with OAS 10.1.3.1 is:
java -version
java version "1.5.0"Java(TM) 2 Runtime Environment, Standard Edition (build pap32dev20060511 (SR2))
IBM J9 VM (build 2.3, J2RE 1.5.0 IBM J9 2.3 AIX ppc-32 j9vmap3223-20060504 (JIT
enabled)J9VM - 20060501_06428_bHdSMRJIT - 20060428_1800_r8GC 20060501_AA)JCL - 20060511a
To resolve, install newer version of Java and point the $ORACLE_HOME/jdk to the new
version. Java 1.5.0 SR6b has been reported to fix the issue. Newer versions of java should
work as well. Afterwards, the java -version command shows:
java -version
java version "1.5.0"Java(TM) 2 Runtime Environment, Standard Edition (build
pap32devifx-20071025a (SR6b))
IBM J9 VM (build 2.3, J2RE 1.5.0 IBM J9 2.3 AIX ppc-32 j9vmap3223-20071007 (JIT
enabled)J9VM - 20071004_14218_bHdSMRJIT - 20070820_1846ifx1_r8GC 200708_10)JCL - 20071025

162

Banner General 8.3

Middle Tier Implementation Guide
Implementing Banner HR Effort Reporting and Labor Redistribution

October 2010

FAQ 1-57QR36

Question: How to deploy the ERLR application against 2 database instances PROD and
TEST?
Answer: This assumes you have already deployed and tested the ERLR application using
the default installation steps mentioned in this guide. Now you want to deploy the
application a second time against a TEST database instance using the same OAS 10.1.3.x
server. The main method to distinguish between the two applications is the OC4J instance
name and the port number. For example:
PROD = OC4J=efc, port=8889, URL=http://<OAS Server Name>:8889/efc/efc-flex/
TEST = OC4J=efc_test, port=8891, URL=http://<OAS Server Name>:8891/efc/efc-flex/
In the above example, ERLR application is deployed twice in the same application server.
The test version is deployed within the efc_test oc4j container at the port 8891 and the
production version is deployed within the efc oc4j container at the 8889 port.
FAQ 1-6XNR24

Question: What configuration is needed to implement SSO/LDAP with ERLR

application?
Answer: The Employee Self-Service 8.2 upgrade shipped a fix for using the ERLR
application in a SSO/LDAP enabled environment. When institutions using the Effort
Reporting application are using LDAP, and users are accessing the application via
Employee Self-Service, they are unable to sign into the Flex application dynamically.
LDAP is now supported in the sign on process for this application, as long as the LDAP
user has a record on GOATPAD, with a PIN. This means that when the user has the proper
record on GOATPAD, and accesses the "Effort Certification" or "Labor Redistribution"
links from the Employee Menu in Employee Self-Service, they will be able to access the
application without further sign on required.
This solution requires every LDAP user who accesses the Effort Reporting application
from Employee Self-Service to have an entry on GOATPAD, with a PIN.
Key setup notes:
The Oracle ID needs to be linked to Banner ID on GOAEACC
The Banner ID needs a valid GOATPAD Pin record
The main difference with functionality of ERLR with LDAP is that with Web Tailor
Protocol=LDAP you can still connect to ERLR with date expired PIN on GOATPAD.
With Web Tailor protocol=NONE, you can not connect to ERLR with date expired PIN
and get a login error and are prompted with login box.

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Implementing Banner HR Effort Reporting and Labor Redistribution

163

FAQ 1-B56YZK

Question: Logging into ERLR using SSO results in the following error:
Your sign in attempt was not successful, try again - phklrcm.p_set_user_context.
The error below is logged into the ERLR log when debug is turned on from the efc.log
file:
[Mar 16 19:50:26] ERROR (TransactionAspectSupport.java) - Application exception
overridden by rollback exception
org.springframework.dao.DataAccessResourceFailureException:
CallableStatementCallback;
SQL [{call phklrcm.p_set_user_context(?)}]; Io exception: There is no process to read
data written to a pipe.;
nested exception is java.sql.SQLException: Io exception: There is no process to read data
written to a pipe.
at
org.springframework.jdbc.support.SQLErrorCodeSQLExceptionTranslator.translate(SQL
ErrorCodeSQLExceptionTranslator.java:284)
at org.springframework.jdbc.core.JdbcTemplate.execute(JdbcTemplate.java:952)
Answer: This error was replicated when OAS 10.1.3.4 is installed on AIX and the OAS
Server has been updated to use the AIX Java version and not the OAS Java version. For
example, AIX Java "1.5.0 build pap32devifx-20090327 (SR9-SSU)" was used with the
ERLR OC4J container instead of the OAS 10.1.3.4 shipped Java "1.5.0 build pap32dev20080315 (SR7)". Switching the Java back to the OAS 10.1.3.4 delivered version and
redeploying the ERLR application and restarting the OAS server fixed this issue.
FAQ 1-BEHAQB

Question: How can I determine the version of my deployed ERLR application?

Answer: The efc.ear file contains the current version of the ERLR application you are
running. The Payweb product ships the efc.ear file. If you login to the ERLR application,
on the login screen in the lower right corner you should see this information Banner Effort
Certification (Release 8.3.0.1). That is the current version of the deployed efc.ear file.

164

Banner General 8.3

Middle Tier Implementation Guide
Implementing Banner HR Effort Reporting and Labor Redistribution

October 2010

FAQ 1-BIDEEG

Question: Banner ERLR intermittent delay or connection error.

Answer:You click on the Employee Self Service (ESS) tab and then on the Effort
Certification or Labor Distribution (ERLR Effort Reporting and Labor Redistribution)
link and there is a connection delay or freeze. If running in debug mode these errors may
appear in the efc.log file.
Unable to translate SQLException with Error code '17410', will now try the fallback
translator
Translating SQLException with SQL state 'null', error code '17447', message
You are running on a Unix Application Server.
Solution:Verify the oracle user's $PATH has the Oracle Home/jdk/bin in the $PATH so
that the java executable in the Oracle Home/jdk/bin directory is the java being executed.
To verify, execute these commands:
su - oracle

which java
~/product/10.1.3/OracleAS/jdk/bin/java

java -version
java version "1.5.0_06"Java(TM) 2 Runtime Environment, Standard Edition
(build 1.5.0_06-b05)

If running 1.5.0_06, upgrade to jdk 1.5.0_08 by following the steps given below:
FAQ 1-AZ8C52
Oracle Doc ID 396096.1 How to Update the Default JDK Installed in Application Server
10.1.3
Poor performance issues have been seen to be fixed when using jdk version 1.5.0_08.
To verify, execute these commands:su - oraclewhich java~/product/10.1.3/OracleAS/jdk/
bin/javajava -versionjava version "1.5.0_06"Java(TM) 2 Runtime Environment, Standard
Edition (build 1.5.0_06-b05)If running 1.5.0_06, upgrade to jdk 1.5.0_08 by following the
steps below: FAQ 1-AZ8C52 Oracle Doc ID 396096.1 How to Update the Default JDK
Installed in Application Server 10.1.3 Poor performance issues have been seen to be fixed
when using jdk version 1.5.0_08.

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Implementing Banner HR Effort Reporting and Labor Redistribution

165

FAQ 1-BQ94WA

Question: Deploying the efc.ear from p1-bhwd2n_bwp80300 results in - Bad version

number in .class file.
Answer: The patch readme file has the following note:
If this ear file is installed, the application server must also be upgraded to Java 1.6. If you
would like to run the 8.3.0.2 efc.ear file you will need to update the OAS Java version from
1.5.x to 1.6.x.
Question: How to configure jdbc.properties file when implementing the FLEX
applications (ERLR and Travel & Expense) in a RAC environment?
Answer: Currently the jdbc.properties file is configured with the following syntax:
jdbc.url=jdbc:oracle:thin:@<server name>:<port>:<sid>

For RAC implementation, use the following syntax:

jdbc.url=jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=
TCP)
(HOST=<server
name>)(PORT=<port>)))(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=<sid>)
))

Question: Error deploying the ERLR application on OAS 10.1.3.5 - Unable to resolve
datasource jdbc/OracleDS.
Answer:
1. Edit the file OAS_HOME/j2ee/efc/config/data-sources.xml
2. Find the following lines:

<!--managed-data-source name="OracleDS"
connection-pool-name="Example Connection Pool"
jndi-name="jdbc/OracleDS"/>
<connection-pool name="Example Connection Pool">
<connection-factory factoryclass="oracle.jdbc.pool.OracleDataSource"
user="foo"
password="bar"

166

Banner General 8.3

Middle Tier Implementation Guide
Implementing Banner HR Effort Reporting and Labor Redistribution

October 2010

url="jdbc:oracle:thin:@//localhost:1521/ORCL">
</connection-factory>
</connection-pool-->

3. Change to (uncommenting the OracleDS section)

<managed-data-source name="OracleDS"
connection-pool-name="Example Connection Pool"
jndi-name="jdbc/OracleDS"/>
<connection-pool name="Example Connection Pool">
<connection-factory factoryclass="oracle.jdbc.pool.OracleDataSource"
user="foo"
password="bar"
url="jdbc:oracle:thin:@//localhost:1521/ORCL">
</connection-factory>
</connection-pool>

4. Restart OAS 10.1.3.x. For example:

opmnctl stopall
opmnctl startall
FAQ 1-6XQF54

Question: Banner HR Effort Certification Extract phpecex error

org.xml.sax.SAXException Bad envelope tag.
Answer: The "Bad envelope tag" errors will occur if the incorrect url is entered into the
Banner NTRINST form.
The url which is entered in the NTRINST is:
http://yourAppServerName.yourDomainName:<port number>/efc/ws/
effortReportRequestService

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Implementing Banner HR Effort Reporting and Labor Redistribution

167

FAQ 1-7EK05O

Question: Running PHPECEX from GJAPCTL and getting

org.springframework.transaction.TransactionSystemException Could not commit JPA
transaction.
Answer: To fix this, re-deploy the latest Employee Self-Service 8.2 version of the efc.ear
on the OAS server so that it matches the Payroll 8.2 version installed in the database and
then retest the PHPECEX process.
FAQ 1-8WCP0Y

Question: Running PHPECEX results in error AxisFault faultString (301)Moved

Permanently.
You are running the PHPECEX process from GJAPCTL and getting the following error in
the log file:
LOG
AxisFault
faultCode: {http://xml.apache.org/axis/}HTTP
faultSubcode:
faultString: (301)Moved Permanently
faultActor:
faultNode:
faultDetail:
{}:return code: 301
{http://xml.apache.org/axis/}HttpErrorCode:301
(301)Moved Permanently
at
org.apache.axis.transport.http.HTTPSender.readFromSocket(HTTPSender.java:744)
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:144)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)

168

Banner General 8.3

Middle Tier Implementation Guide
Implementing Banner HR Effort Reporting and Labor Redistribution

October 2010

at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
*** PHPECEX completed successfully ***
Answer: Confirm the ERLR Web Services URL defined on the Banner form NTRINST is
setup correctly. For example, the error above was seen when the NTRINST URL was
http://<server name>:<port number>/efc/efc-flex/
and it should have been set to
http://<server name>:<port number>/efc/ws/effortReportRequestService
FAQ 1-BF11BA

Question: Running PHPECEX results in AxisFault - (404)Not Found.

You are running the PHPECEX program from GJAPCTL and getting and error in the log
file
Log
AxisFault
faultCode: {http://xml.apache.org/axis/}HTTP
faultSubcode:
faultString: (404)Not Found
faultActor:
faultNode:
faultDetail:
{}:return code: 404
<HTML><HEAD><TITLE>404 Not Found</TITLE></
HEAD><BODY><H1>404 Not Found</H1>Resource /efc/efc-flex/
ws/effortReportRequestService not found on this server</BODY></HTML>
{http://xml.apache.org/axis/}HttpErrorCode:404

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Implementing Banner HR Effort Reporting and Labor Redistribution

169

(404)Not Found
at org.apache.axis.transport.http.HTTPSender.readFromSocket(HTTPSender.java:744)
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:144)
Answer: Confirm you are using the correct ERLR web services URL on the NTRINST
form. For example, this error replicated when using the following URL:
URL: http://<server name>:<port number>/efc/efc-flex/ws/effortReportRequestService
This should read:
URL: http://<server name>:<port number>/efc/ws/effortReportRequestService
FAQ 1-C106XB

Question: Running PHPECEX results in AxisFault - java.net.ConnectException:

Connection refused.
You are running the PHPECEX program from GJAPCTL and getting and error in the log
file
Log
AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
faultSubcode:
faultString: java.net.ConnectException: Connection refused
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/axis/}stackTrace:java.net.ConnectException: Connection
refused
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:333)
*** PHPECEX completed successfully ***

170

Banner General 8.3

Middle Tier Implementation Guide
Implementing Banner HR Effort Reporting and Labor Redistribution

October 2010

Connected.
Answer: Ensure that the correct Effort Certification Web Service URL is being entered on
the NTRINST form. For example, if the ERLR Login URL is http://<server name>:8889/
efc/efc-flex/index.html.
But on NTRINST it is using http://<server name>:8899/efc_TEST/ws/
effortReportRequestService. Notice the wrong port # is being used "8899" and also
"efc_TEST" is incorrect. Some client also have a typo in this section of the URL "/ws/
effortReportRequestService".
The correct URL in this example should be the following:
http://<server name>:8889/efc/ws/effortReportRequestService
You can confirm this by calling the following URL:
http://<server name>:8889/efc/ws/effortReportRequestService
from a browser and it should open the login box for the ERLR application if the URL is
correct.
FAQ 1-5KZWN6

Question: Why am I receiving the error unable to determine user information on the
Effort Certification Login page?
Answer: Ensure that you have added the following option to the Start parameters:
Doc4j.jmx.security.proxy.off=true
userThreads
From the Start-parameters: Java Options, click Add Another Row Enter the following
parameter:
Doc4j.jmx.security.proxy.off=true
From Start-parameters: OC4J Options click Add Another Row.
Enter the following parameter:
-userThreads
You are running the ERLR application in a non-load balanced and non-SSL environment
yet you have implemented the paperfix outlined in this defect below.

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Implementing Banner HR Effort Reporting and Labor Redistribution

171

Defect 1-AUSTI7 - Deploying the ERLR application in a load balanced SSL environment
results in Unable to determine the user information.
Remove the paperfix from the non-load balanced and non-SSL environment and retest
ERLR.
This modification mentioned in the defect 1-AUSTI7 is required only when running in a
load balanced SSL environment.
Some clients have reported fixing this error by following these steps:
1. Close all browser session and close any open programs running on the PC.
2. Open an IE browser session and remove all cookies, cache, history etc.
3. Close all browser session and reboot the PC.
4. Open an IE browser session and retest the ERLR login URL with a proper ID and

PIN and the error should no longer replicate.

FAQ 1-68H3MG

Question: Logging into the ERLR application against an Oracle 11g database results in
Your sign in attempt was not successful, try again.
ORA-00942 twgbldap
Turn on Debug.
The efc.log showed the following error:
[Jul 10 14:32:05] DEBUG (SQLErrorCodeSQLExceptionTranslator.java) - Translating
SQLException with SQL state '42000',
error code '942', message [ORA-00942: table or view does not exist]; SQL was
[select twgbldap_protocol from twgbldap where rownum <= 1] for task
[StatementCallback]
Review the details in empss80200ug.pdf - BANNER EMPLOYEE SELF-SERVICE 8.2
UPGRADE GUIDE page 21.
Step 11 Part B
Running the scripts that grants new role to the flexusr should fix the issue
Restart the ERLR application on the OAS server.

172

Banner General 8.3

Middle Tier Implementation Guide
Implementing Banner HR Effort Reporting and Labor Redistribution

October 2010

You should now be able to login to the ERLR application

Also review the BANNER EMPLOYEE SELF-SERVICE 8.2 UPGRADE GUIDE.
Some clients have reported fixing this error by following the steps given below:
1. Close all browser session and close any open programs running on the PC.
2. Open an IE browser session and remove all cookies, cache, history etc.
3. Close all browser session and reboot the PC.
4. Open an IE browser session and retest the ERLR login URL with a proper ID and

PIN and the error should no longer replicate.

FAQ 1-B5LBBV

Question: Logging into ERLR applications with PII turned on results in - Your sign in
attempt was not successful, try again.
Turn on Debug.
The efc.log showed the following error:
[Mar 17 15:46:09] WARN (SettingsFactory.java) - Could not obtain connection
metadata
java.sql.SQLException: Io exception: The Network Adapter could not establish the
connection
Answer: The FLEXUSR should be excluded from all PII rules if PII is implemented on
the database.
1. Login to Banner and go to GOAFPUD.

UserID = FLEXUSR
2. Select the Exempt from PII check box.
3. Save changes.
4. Restart the ERLR Application (OC4J).

This could also be done from SQLPLUS as mentioned below.

5. After this, restart the oc4j container.
6. Retest ERLR login from SQLPLUS.

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Implementing Banner HR Effort Reporting and Labor Redistribution

173

sqlplus general/u_pick_it
insert into gobfpud
(gobfpud_fgac_user_id, gobfpud_exempt_ind,
gobfpud_cross_domain_ind, gobfpud_activity_date,
gobfpud_user_id, gobfpud_fdmn_code)
select username,'Y','Y',sysdate, user, null
from dba_users
where not exists (select 'x' from gobfpud
where gobfpud_fgac_user_id = username)
and username in ('FLEXUSR');

Some clients have reported fixing this error by following the steps given below:
1. Close all browser sessions and close any open programs running on the PC.
2. Open an IE browser session and remove all cookies, cache, history etc.
3. Close all browser sessions and reboot the PC.
4. Open an IE browser session and retest the ERLR login URL with a proper ID and

PIN.
The error does not replicate.
Question: Deploying the ERLR application in a load balanced SSL environment
results in network time-out error.
When you log into the ERLR application with the correct credentials, you get a
network time-out error in the browser.
IE Browser error:
The page cannot be displayed.
Firefox Browser Error:
Unable to connect.
Using the ERLR LBR access URL, results in network time-out error. To trace the
network traffic, use the following Firefox Live HTTP Headers Extension. This https is
redirected to http.
HTTP/1.1 302 Moved Temporarily
Date: Wed, 03 Mar 2010 21:43:38 GMT
Server: Oracle Containers for J2EE

174

Banner General 8.3

Middle Tier Implementation Guide
Implementing Banner HR Effort Reporting and Labor Redistribution

October 2010

Set-Cookie: JSESSIONID=9518264e22b89d801c7e57204eeab15bc9944b284b13;
path=/
tvlexp
Cache-Control: private
Connection: Keep-Alive
Keep-Alive: timeout=15, max=100
Location: http://<Load balancer>.sungardhe.com/tvlexp/tvlexp-flex/index.html
Transfer-Encoding: chunked
Answer: Create a forwarding/redirect rule on the Load Balancer that will
automatically redirect requests from the http port 80 to the https port 443. The ERLR
applications should now avoid the network timeout error.
Another fix is to enable the Redirect Rewrite option in the http profile for the virtual
server. Other load balancers may call it reply rewriting.

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Implementing Banner HR Effort Reporting and Labor Redistribution

175

176

Banner General 8.3

Middle Tier Implementation Guide
Implementing Banner HR Effort Reporting and Labor Redistribution

October 2010

Implementing Banner
Finance Travel and
Expense Management

Banner Finance's Travel and Expense Management system is a Rich Internet

Application (RIA). To implement it, you need to install Oracle Application Server
10.1.3.4. The minimum requirement for installation is the J2EE Server.
For additional information on Travel and Expense Management deployment, refer to FAQ
1-4DIQJ3.

Deploy the Travel and Expense ear file

To deploy the Travel and Expense ear file, please complete the following steps:
Note
The tvlexp.ear files release 8.3.0.1 and later, require JDK 1.6. You can
download JDK 1.6 from:
http://java.sun.com/javase/downloads/widget/jdk6.jsp
To update the Oracle Application Server to use JDK 1.6, follow Solution
#1 in FAQ 1-7GUEKE Oracle Doc ID 396096.1 How to Update the Default
JDK Installed in Application Server 10.1.3.

To confirm your java version, run the command java -version.

1. Create a folder called tvlexp on your Oracle Application Server and copy the
tvlexp.ear

and tvlexp_plan.dat files to this new folder.

For OAS version 10.1.3.1 or 10.1.3.3, use tvlexp_plan.dat. If the server is

configured with SSL, use tvlexp_plan_ssl.dat.
For OAS version 10.1.3.4 and later, use tvlexp_plan_10_1_3_4.dat. If the server
is configured with SSL, use tvlexp_plan_ssl_10.1.3.4.dat.
Note
If you wish to deploy Travel and Expense 8.3 in an SSL environment,
please use the tvlexp_plan_ssl.dat file.

2. Create a folder called earExtract within the tvlexp folder and Unzip the tvlexp.ear

file into this new folder. (from earExtract)

Windows: jar xvf ..\tvlexp.ear

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Implementing Banner Finance Travel and Expense Management

177

Unix: jar xvf ../tvlexp.ear

3. Create a folder called warExtract within the earExtract folder and unzip the
tvlexp.war file

created from Step 2 into this new folder. (from warExtract)

Windows: jar xvf ..\tvlexp.ear

Unix: jar xvf ../tvlexp.ear
4. Go to the folder tvlexp\earExtract\warExtract\WEB-INF\classes and configure

your datasource information in the jdbc.properties file.

(or flexusrsee note below)

jdbc.password=<password>
jdbc.max.active=-1
jdbc.max.idle=8
jdbc.max.wait=-1
jdbc.proxy=false
jdbc.driver

The jdbc driver classname.

jdbc.url

The url used to locate the database for this datasource.

jdbc.user

The default username for the database connection.

If you are configuring Travel and Expense Management 8.2 or later, use the ftaeusr
username.
If you are configuring Travel and Expense Management 8.1, use the flexusr
username.
If you are configuring Travel and Expense Management 8.1 while also using Effort
Reporting and Labor Redistribution (ERLR) 8.2, use the flexusr username. In this
case you must use Banners GSASECR form to add the ban_default_m role as a
default role for the flexusr account.
jdbc.password

The default password of the user for the database connection.

jdbc.max.active

178

Banner General 8.3

Middle Tier Implementation Guide
Implementing Banner Finance Travel and Expense Management

October 2010

The maximum number of active connections that can be allocated from this pool at the
same time, or non-positive for no limit.
jdbc.max.idle

The maximum number of active connections that can remain idle in the pool, without
extra ones being released, or negative for no limit.
jdbc.max.wait

The maximum number of milliseconds that the pool will wait (when there are no
available connections) for a connection to be returned before throwing an exception,
or -1 to wait indefinitely.
jdbc.proxy

Valid values are true and false.

True indicates that Oracle connections will be proxy connections. Proxy connections
will allow Oracles VBS and FGAC rules to be employed for the user.
False indicates that Oracle connections are exclusive for the identified user.
5. Reconstruct the ear file using the steps below.
5.1.

Change directory to the warExtract folder and create tvlexp.war. This will
overwrite the originally extracted war file.
Windows: jar cmf META-INF\MANIFEST.MF ..\tvlexp.war *.*
Unix: jar cmf META-INF/MANIFEST.MF ../tvlexp.war *

5.2.

Change directory to the earExtract folder and create the tvlexp.ear file. This
will overwrite the originally extracted ear file. (jar cmf METAINF\MANIFEST.MF ..\tvlexp.ear tvlexp.war META-INF)

6. Access OEM on your 10.1.3.x Oracle Application Server. In most cases, OEM can be

accessed using http://yourservername:8888.

7. Create a new group for SGHE application deployments, if the group does not already

exist.

October 2010

7.1.

Click Create in the Groups section of the Cluster Topology Page.

7.2.

Enter Group Name: sghe_group.

7.3.

Click Create.

Banner General 8.3

Middle Tier Implementation Guide
Implementing Banner Finance Travel and Expense Management

179

8. Create a new instance for this application.

8.1.

Expand All Application Servers.

8.2.

Click your installation of 10.1.3, for example,

OAS_10_1_3.<yourservername>.

8.3.

Click Create Instance.

8.4.

Use instance name = tvlexp.

8.5.

Check Add to an existing group with name sghe_group.

8.6.

Check Start this instance after creation.

8.7.

Click Create.

9. Deploy the .ear file and the .dat file.

9.1.

Click the new tvlexp instance.

9.2.

Click the Applications tab.

9.3.

Click Deploy.

9.4.

In the Archive section, check Archive is present on local host. Upload the
archive to the server where Application Server Control is running.

9.5.

Browse for the modified ear file from Step 5.

9.6.

In the Deployment Plan section, browse for the Travel and Expense plan file.
For OAS version 10.1.3.1 or 10.1.3.3, use tvlexp_plan.dat. If the server is
configured with SSL, use tvlexp_plan_ssl.dat.
For OAS version 10.1.3.4 and later, use tvlexp_plan_10_1_3_4.dat. If the
server is configured with SSL, use tvlexp_plan_ssl_10.1.3.4.dat.

9.7.

Click Next. It may take some time to upload.

9.8.

Click Next.

9.9.

Click Deploy. It may take some time to upload.

9.10. Click Return.

180

Banner General 8.3

Middle Tier Implementation Guide
Implementing Banner Finance Travel and Expense Management

October 2010

Modify the Server Properties

After youve deployed the ear file, modify the server properties with the information that
follows. The ear file created by the installer must be deployed to an OAS R3 (10.1.3.4)
instance. The ear file should be deployed to a new instance that has no other application
deployed to it.
1. Access the server properties as follows:
1.1.

Under Cluster Topology > Application Server: OAS 10.1.3 server name,
click the tvlexp instance.

1.2.

Click the Administration tab.

1.3.

Locate Server Properties and click the Go To Task icon.

2. Under Ports > Web Sites, make the following settings:

Name = default-web-site
Port = 8890
Protocol = http

3. Change the following settings in Start-parameters: Java Options

Maximum heap size = 1024M
Initial heap size = 512M

It is recommended that the instance be configured with a minimum of 1 gigabyte as

the max memory. This parameter may need to be increased depending upon the size of
your institution.
4. The max perm size should be set to at least 512M by adding the following under

Start-parameters:
Java Options on the Server Properties of the instance:
'-XX:MaxPermSize=512M'

5. Add the following option to the Start-parameters: Java Options of the Server

Properties for the OC4J instance:

-Doc4j.jmx.security.proxy.off=true

6. Under the Start-parameters: OC4J options, add the option -userThreads if it is

not already present.

7. The Apache TIMEOUT parameter in the httpd.conf defaults to 5 minutes. This

parameter may need to be increased depending upon the size of your institution.
8. Restart your Oracle Application Server.

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Implementing Banner Finance Travel and Expense Management

181

Tips and Additional Information

If you are using Travel and Expense Management in combination with Banner Workflow,
check that the clock on the Workflow server matches the clock on the Travel and Expense
Management server. If the two clocks are out of sync, then report statuses, which are
generated on both servers, could be listed in the wrong order for Travel and Expense
Management users.
For additional information on Travel and Expense Management deployment, refer to FAQ
1-4DIQJ3.

Setup SSB Roles

1. Login to SSB as a Web Tailor Administrator.
2. Click the WebTailor Administration tab.
3. Cick User Roles.
4. Enter ID.
5. Click Submit.
6. Check the Role boxes for:

Travel and Expense Administrator

Travel and Expense Approver
Travel and Expense User
At a minimum, this role is required to logon to the application.
7. Click Submit.

Load balancer configuration

If you are implementing the Travel and Expense application in a Load balanced
environment, terminating the SSL at the LBR, then the services-config.xml file will have
to be configured as mentioned below.
1. Edit the file /WEB-INF/flex/services-config.xml.

This can be done before tvlexp.ear deployment in the following location:

tvlexp\earExtract\warExtract\WEB-INF\flex
OR

182

Banner General 8.3

Middle Tier Implementation Guide
Implementing Banner Finance Travel and Expense Management

October 2010

This can be done after tvlexp.ear deployment on the OAS Server in the following
location:
ORACLE_HOME\j2ee\tvlexp\applications\tvlexp\tvlexp\WEB-INF\flex
Note
You need to restart the OAS server once this change is made.

2. Locate the following lines:

<channel-definition id="my-amf"
class="mx.messaging.channels.AMFChannel">
<endpoint uri="http://{server.name}:{server.port}/
{context.root}/messagebroker/amf"
class="flex.messaging.endpoints.AMFEndpoint"/>
<properties>
<polling-enabled>false</polling-enabled>
<add-no-cache-headers>false</add-no-cache-headers>
</properties>
</channel-definition>
<channel-definition id="my-secure-amf"
class="mx.messaging.channels.SecureAMFChannel">
<endpoint uri="https://{server.name}:{server.port}/
{context.root}/messagebroker/amfsecure"
class="flex.messaging.endpoints.SecureAMFEndpoint"/>
<properties>
<add-no-cache-headers>false</add-no-cache-headers>
</properties>
</channel-definition>

3. Change these lines to the following:

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Implementing Banner Finance Travel and Expense Management

183

<channel-definition id="my-secure-amf"
class="mx.messaging.channels.SecureAMFChannel">
<endpoint uri="https://{server.name}:{server.port}/
{context.root}/messagebroker/amfsecure_"
class="flex.messaging.endpoints.SecureAMFEndpoint"/>
<properties>
<add-no-cache-headers>false</add-no-cache-headers>
</properties>
</channel-definition>

The two changes made to the original file are:

amf to amfsecure
amfsecure to amfsecure_
4. Enable the Redirect Rewrite option in the http profile for the virtual server.
Note
In other load balancers, it may be Reply Rewriting instead of Redirect

Rewrite.

Troubleshooting
FAQ 1-BEHAQB

Question: How can I determine the version of my deployed TVLEXP application?

Answer: The tvlexp.ear file contains the current version of the TVLEXP application you
are running. The travel product ships the tvlexp.ear file. Once you login to the TVLEXP
application, in the lower right hand side of the login page, you will see this information
Travel and Expense Management (Release 8.3.0.1). That is the current version of the
deployed tvlexp.ear file.
FAQ 1-BSXM1V

Question: Deploying the efc.ear or tvlexp.ear and getting - Error creating bean with name
_methodSecurityInterceptorPostProcessor.
Answer: You are deploying the tvlexp.ear and getting the error. For example, Travel and
Expense error message from the tvlexp.log file....
[May 25, 2010 11:20:15 AM] Binding efc web-module for application efc to site defaultweb-site under context root tvlexp

184

Banner General 8.3

Middle Tier Implementation Guide
Implementing Banner Finance Travel and Expense Management

October 2010

[May 25, 2010 11:20:28 AM] Operation failed with error: Error creating bean with name
'_methodSecurityInterceptorPostProcessor': BeanPostProcessor before instantiation of
bean failed; ...
In most cases this error occurs because you have updated the OAS Server or OC4J
container to use Java 1.6.x instead of the default Java 1.5.x. You are also deploying an
older Java 1.5.x version of the tvlexp.ear files. You must use the Java 1.6.x version of the
ear files with the OC4J that is running Java 1.6.x. For example, deploying the ear file from
tvlexp.ear version 8.3.0.1 ships with patch p1-bicr7b_ft80300.trz (this requires OAS with
Java 1.6.x) will fix this issue. Ensure that you are deploying the correct ear file with the
correct OC4J container Java version.
FAQ BGVOIQ

Question: Banner Finance Travel and Expense (T&E tvlexp) Expense Manager button
error - An unspecified constraint violation exception has occurred.
Answer: You click the Finance T&E Expense Manager button and receive the error:
an unspecified constraint violation exception has occured
com.sungardhe.common.exception.constraint.UnspecifiedConstraint
Exception:org.springframework.transaction.TransactionSystemException: Could not
commit JPA transaction;
nested exception is javax.persistence.RollbackException: Transaction marked as
rollbackOnlyTurning on debug and look at the tvlexp.log file.
ERROR (JDBCExceptionReporter.java) - ORA-00942: table or view does not exist
ERROR (?) - org.springframework.dao.InvalidDataAccessResourceUsageException:
could not execute query;
nested exception is org.hibernate.exception.SQLGrammarException: could not execute
query
You have installed T&E v8.3 on Oracle RDBMS 11.1.x (11gR1)
Solution: Verify the user FTAEUSR has the correct Roles assigned. For 11g databases, the
Roles are explained in Step 11B of the Banner Travel and Expense Management 8.2
Upgrade Guide.
To assign the role to the FTAEUSR user, run the commands below in a SQL Plus session.
SQL> connect system/password
SQL> GRANT USR_TVLEXP_M TO FTAEUSR;
SQL> ALTER USER FTAEUSR DEFAULT ROLE USR_TVLEXP_M;

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Implementing Banner Finance Travel and Expense Management

185

FAQ BSMO65

Question: Deploying the tvlexp.ear from p1-bicr7b_ft80300 results in - Bad version

number in .class file.
For example, Log from OAS deployment of tvlexp.ear from p1-bicr7b_ft80300:
[May 25, 2010 9:44:01 AM] Binding web application(s) to site default-web-site begins...
[May 25, 2010 9:44:01 AM] Binding tvlexp web-module for application tvlexp to site
default-web-site under context root tvlexp
[May 25, 2010 9:44:11 AM] Operation failed with error: Bad version number in .class file
Answer: The patch readme file has this note:
If this ear file is installed, the application server must also be upgraded to Java 1.6.
If you want to run the 8.3.0.1 tvlexp.ear file, you have to update the OAS Java
version from 1.5.x to 1.6.x.
FAQ 1-B5LBBV

Question: Logging into Travel applications with PII turned on results in - Your sign in
attempt was not successful, try again.
Turn on Debug.
The tvlexp.log showed the following error:
[Mar 17 15:46:09] WARN (SettingsFactory.java) - Could not obtain connection metadata
java.sql.SQLException: Io exception: The Network Adapter could not establish the
connection
Fix
The FTAEUSR should be excluded from all PII rules if PII is implemented on the
database.
1. Login to Banner and go to GOAFPUD.

UserID = FTAEUSR
2. Check the box for Exempt from PII.
3. Save changes.
4. Restart the TVLEXP Application (OC4J).

186

Banner General 8.3

Middle Tier Implementation Guide
Implementing Banner Finance Travel and Expense Management

October 2010

5. Retest TVLEXP login.

Note
TVLEXP 8.1 uses FLEXUSR. TVLEXP 8.2 and higher uses FTAEUSR.

OR
Fix
sqlplus general/u_pick_it
insert into gobfpud
(gobfpud_fgac_user_id, gobfpud_exempt_ind,
gobfpud_cross_domain_ind, gobfpud_activity_date,
gobfpud_user_id, gobfpud_fdmn_code)
select username,'Y','Y',sysdate, user, null
from dba_users
where not exists (select 'x' from gobfpud
where gobfpud_fgac_user_id = username)
and username in ('FTAEUSR');
Question: Deploying the TVLEXP application in a load balanced SSL environment
results in network time-out error.
This was tested with the 8.3 version of tvlexp.ear.
When you Log into the TVLEXP application with the correct credentials, you get a
network time-out error in the browser
IE Browser error:
The page cannot be displayed
Firefox Browser Error:
Unable to connect
Using the TVLEXP LBR access URL, results in network time-out error

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Implementing Banner Finance Travel and Expense Management

187

To trace the network traffic, use the Firefox Live HTTP Headers Extension. you will see
the below. Note that https is redirected to http.
HTTP/1.1 302 Moved Temporarily
Date: Wed, 03 Mar 2010 21:43:38 GMT
Server: Oracle Containers for J2EE
Set-Cookie: JSESSIONID=9518264e22b89d801c7e57204eeab15bc9944b284b13; path=/
tvlexp
Cache-Control: private
Connection: Keep-Alive
Keep-Alive: timeout=15, max=100
Location: http://<Load balancer>.sungardhe.com/tvlexp/tvlexp-flex/index.html
Transfer-Encoding: chunked
Answer: Create a forwarding/redirect rule on the Load Balancer that will automatically
redirect requests from the http port 80 to the https port 443. The TVLEXP applications
should now avoid the network timeout error.
Another fix is to enable the Redirect Rewrite option in the http profile for the virtual
server. Other load balancers may call it reply rewriting.
FAQ 1-9KD4TY

Question: Setting up tvlexp for BEIS integration with CAS (SSO)

Answer: FAQ 1-9KD4TY - Setting up tvlexp for BEIS integration with CAS (SSO)
tvlexp - Travel and Expense Management
BEIS - Banner Enterprise Identity Services
CAS - Central Authentication Service (http://www.jasig.org/cas)
Quick steps
The following two files are attached to the FAQ.
web.xml
applicationContext-springsecurity.xml
1. Take a backup of the existing files and copy the following two files to the OAS

10.1.3.x server location where tvlexp is installed:

cp web.xml $ORACLE_HOME/j2ee/tvlexp/applications/tvlexp/tvlexp/WEB-INF/
web.xml
cp applicationContext-springsecurity.xml $ORACLE_HOME/j2ee/tvlexp/
applications/tvlexp/tvlexp/WEB-INF/classes/applicationContext-springsecurity.xml

188

Banner General 8.3

Middle Tier Implementation Guide
Implementing Banner Finance Travel and Expense Management

October 2010

2. Edit/Modify web.xml.
3. Replace yourcasserver with CAS server URL being used.
4. Replace yourteserver with TE URL being used.
5. Restart your OAS Server.

For more information, please refer to the the BEIS handbook (beis80100hb.pdf).

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Implementing Banner Finance Travel and Expense Management

189

190

Banner General 8.3

Middle Tier Implementation Guide
Implementing Banner Finance Travel and Expense Management

October 2010

Self-Service Technical
Information

The following describes the PIN tables for Self-Service Banner.

Third Party Access Form Table

The underlying table for the Third Party Access Form (GOATPAC) and the Third Party
Access Audit Form (GOATPAD) is GOBTPAC. Technical descriptions follow.

GOBTPAC
Field Name

Data Type

Null Indicator

GOBTPAC_PIDM

NUMBER(8)
VARCHAR2(1)
VARCHAR2(1)
DATE
VARCHAR2(30)
VARCHAR2(256)
DATE
VARCHAR2(30)
VARCHAR2(90)
VARCHAR2(30)
VARCHAR2(8)
VARCHAR2(255)
VARCHAR2(128)

NOT NULL
NOT NULL
NOT NULL
NOT NULL
NOT NULL

GOBTPAC_PIN_DISABLED_IND
GOBTPAC_USAGE_ACCEPT_IND
GOBTPAC_ACTIVITY_DATE
GOBTPAC_USER
GOBTPAC_PIN
GOBTPAC_PIN_EXP_DATE
GOBTPAC_EXTERNAL_USER
GOBTPAC_QUESTION
GOBTPAC_RESPONSE
GOBTPAC_INSERT_SOURCE
GOBTPAC_LDAP_USER
GOBTPAC_SALT

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Self-Service Technical Information

191

Third Party Access Audit Form Tables

The underlying tables for the Third Party Access Form (GOATPAC) and the Third Party
Access Audit Form (GOATPAD) are GOBTPAC and GORPAUD. Technical descriptions
follow.

GOBTPAC
Field Name

Data Type

Null Indicator

GOBTPAC_PIDM

NUMBER(8)
VARCHAR2(1)
VARCHAR2(1)
DATE
VARCHAR2(30)
VARCHAR2(6)
DATE
VARCHAR2(30)
VARCHAR2(90)
VARCHAR2(30)
VARCHAR2(8)
VARCHAR2(255)

NOT NULL
NOT NULL
NOT NULL
NOT NULL
NOT NULL

GORPAUD
Field Name

Data Type

Null Indicator

GORPAUD_PIDM

NUMBER(8)
DATE
VARCHAR2(30)
VARCHAR2(6)
VARCHAR2(30)
VARCHAR2(1)

NOT NULL
NOT NULL
NOT NULL

GORPAUD_ACTIVITY_DATE
GORPAUD_USER
GORPAUD_PIN
GORPAUD_EXTERNAL_USER
GORPAUD_CHG_IND

NOT NULL VALUES:

P = PIN Change
I = ID Change

Campus Directory Tables

Use the following tables to understand Campus Directory tables related to Self-Service
Banner.

192

Banner General 8.3

Middle Tier Implementation Guide
Self-Service Technical Information

October 2010

GTVDIRO --- Directory Item Validation Table

Primary Key: GTVDIRO_CODE
The form allows the user to query delivered data or to insert new data. Data with a
system_req_ind of checked (Yes) cannot be deleted. Also, when the system_req_ind is
checked (Yes), the gtvdiro_code cannot be updated.

Field Name

Description

Data Type

Null
Indicator

GTVDIRO_CODE

Code for
Directory Item
Description for
Directory Item
Is this a required
code for the
system?
Valid values:
selected (Yes)
cleared (No)
Activity Date

VARCHAR2(8)

NOT NULL

VARCHAR2(30)

NOT NULL

VARCHAR2(1)

NOT NULL

DATE

NOT NULL

GTVDIRO_DESC
GTVDIRO_SYSTEM_REQ_IND

GTVDIRO_ACTIVITY_DATE

GOBDIRO --- Directory Options Rule Table

Primary Key: GOBDIRO_CODE
Data with a system_req_ind of Y cannot be deleted.

Description

Data Type

GOBDIRO_DIRO_CODE

Code for Directory

Item
Alumni, Employee,
or All Indicator
Valid values:
Employee (E)
Alumni (D)
All (A)
Address, Telephone,
or Not Applicable
Valid values:
Address (A)
Telephone (T)
Not Applicable (N)

VARCHAR2(8) NOT NULL

GOBDIRO_DIRECTORY_TYPE

GOBDIRO_ITEM_TYPE

October 2010

Null
Indicator

Field Name

VARCHAR2(1) NOT NULL

Banner General 8.3

Middle Tier Implementation Guide
Self-Service Technical Information

193

Description

Data Type

GOBDIRO_DISP_PROFILE_IND

Include in Directory
Profile Indicator?
Valid values:
selected (Yes)
cleared (No)
Allow user to choose
to display in
directory?
Valid Values:
selected (Yes)
cleared (No)
Default to directory
for users without a
directory profile?
Valid Values:
selected (Yes)
cleared (No)
Is this a required code
for the system?
Valid Values:
selected (Yes)
cleared (No) (default)
Activity Date
Sequence Number

VARCHAR2(1) NOT NULL

GOBDIRO_UPD_PROFILE_IND

GOBDIRO_NON_PROFILE_DEF_I
ND

GOBDIRO_SYSTEM_REQ_IND

GOBDIRO_ACTIVITY_DATE
GOBDIRO_SEQ_NO

194

Null
Indicator

Field Name

Banner General 8.3

Middle Tier Implementation Guide
Self-Service Technical Information

VARCHAR2(1) NOT NULL

DATE
Number

NOT NULL
NOT NULL

October 2010

GORDADD --- Directory Address Table

Primary Key: GORDADD_DIRO_CODE, GORDADD_PRIORITY_NO

Field Name

Description

Data Type

Null
Indicator

GORDADD_DIRO_CODE

Code for Directory

Item
Priority Number
Address Type Code
Telephone Type Code
Activity Date

VARCHAR2(8)

NOT NULL

NUMBER (1)
VARCHAR2(2)
VARCHAR2(4)
DATE

NOT NULL
NOT NULL
NOT NULL
NOT NULL

GORDADD_PRIORITY_NO
GORDADD_ATYP_CODE
GORDADD_TELE_CODE
GORDADD_ACTIVITY_DATE

GORDPRF -- Directory Profile Table

Primary Key: GORDPRF_PIDM, GORDPRF_DIRO_CODE

Field Name

Description

Personal
Identification
Number
GORDPRF_DIRO_CODE
Code for Directory
Item
GORDPRF_DISP_DIRECTORY_IND Display Indicator
Valid Values: Y or
GORDPRF_PIDM

Data Type

Null
Indicator

NUMBER(8)

NOT NULL

VARCHAR2(8)

NOT NULL

VARCHAR2(1)

NOT NULL

N
GORDPRF_USER_ID

GORDPRF_ACTIVITY_DATE

User ID of person
who last changed
the record
Activity Date

VARCHAR2(30) NOT NULL

DATE

NOT NULL

Web Server Directory Setup

You can choose to have one base directory that contains a subdirectory for each instance of
Banner Self Service. For example, you can setup a base directory of Banner and have
subdirectories such as prod, test, and pprd. Each of these directories will then be
considered a document root directory for one instance. The document root directory is
where you would place the homepage.htm file.

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Self-Service Technical Information

195

Depending on the products you have licensed or installed, there can be other files in this
directory. The document root will contain a subset of the following directories depending
on the products you have licensed or installed.
css
alugifs
aluhelp
facgifs
fachelp
gengifs
genhelp
js
paygifs
payhelp
resdocs
resgifs
reshelp
stugifs
stuhelp
wtlgifs
wtlhelp

Migration of files from Upgrade to Web

Server
If an upgrade, install, or patch is delivered with an htm directory, the files in this directory
should be copied to the Web server into the *help directory for the appropriate product.
The same is true for the gif directory delivered with upgrades, installs, or patches and these
files should be moved to the appropriate *gifs directory. In some cases, an upgrade will
require you to move files to a different directory. For example, web_defaultapp.css is
delivered in the htm directory of Web Tailor and needs to be moved to the css directory on
the Web server. In such cases, refer to the documentation for the upgrade or install or
patch for specific instructions.

196

Banner General 8.3

Middle Tier Implementation Guide
Self-Service Technical Information

October 2010

Single Sign-On
Connectivity Overview

This section describes how the Banner database, Internet-Native Banner (INB),
Luminis, and your browser interact when you log in to one product and access another.
This information may be helpful if you already have Single Sign-On implemented at your
institution, and that you are trying to add Banner, Self-Service Banner, and Luminis to it.
Note
This appendix does not cover SSO setup through Banner Enterprise
Identity Services, or SSO explicitly for Luminis Platform 5.x systems. If
you are using Banner Enterprise Identity Services, please refer instead to
the Banner Enterprise Identity Services Handbook. If you are integrating
with Luminis Platform 5.x, refer to the Luminis Platform Banner
Integration Setup Guide that ships with the Luminis Platform 5.x

documentation set.

Accessing Banner from Luminis

1. The end user selects a link to INB, and Luminis receives the request.
Note
Steps 2 - 7 are performed only once, when the first user accesses the
system from Luminis using SSO.

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Single Sign-On Connectivity Overview

197

2. Luminis calls the configURL set in the Luminis configuration for Banner that is

defined in the es.systems parameter. This URL calls the database procedure
gokssso.P_GetConfigVersion2.
3. P_GetConfigVersion2 calls the Banner database, telling Luminis which URLs to call

for login and logout.

4. The procedure calls the Luminis server LDAP, asking for configuration data.
5. Configuration data is returned to the database and URLs are built to be sent back to

Luminis.
6. The URLs are passed back to the INB server to be transferred to Luminis.
7. The URLs are sent to Luminis.

Note
The following steps are performed for each user.

8. The Luminis server uses the configuration data it received to build the logon request.
9. The procedure gokssso.p_cp_login is called to process the login request.
10. The procedure revalidates the credentials it received.
11. If the credentials are valid, the process continues.

198

Banner General 8.3

Middle Tier Implementation Guide
Single Sign-On Connectivity Overview

October 2010

12. The procedure encrypts the credentials, generates a token, and creates a database

pipe containing the data. The token is also the pipe name. If the Advanced Queuing
alternate communication mechanism to that of DBMS_PIPE has been implemented, the
encrypted credentials and generated token are enqueued to the SSO_Q queue. The
token value will be used for subsequent conditional dequeuing.
13. A URL is sent back to Luminis as the pickup URL, which includes the token.
14. Luminis communicates the pickup URL back to the browser as a redirect.
15. The browser redirects to the pickup URL, which is a call to procedure
gokcsso.p_call_banner.

16. The INB startup Java Applet receives the authentication information from the

database pipe (or from the SSO_Q queue if the Advanced Queuing alternate
communication mechanism to that of DBMS_PIPE has been implemented).
17. The authentication information passed in memory to the Oracle forms applet.
18. The forms applet starts and a Banner session is started.

Accessing Self-Service Banner from

Luminis

1. The end user selects a link to Self-Service Banner (SSB in the diagrams that follow),

and Luminis receives the request.

Note
Steps 2 - 7 are performed only once, when the first user accesses the
system from Luminis using SSO.

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Single Sign-On Connectivity Overview

199

2. Luminis calls the configURL set in the Luminis configuration for SSB that is defined

in the es.systems parameter. This URL calls the database procedure

gokssso.P_GetConfigVersion2_sserv.

3. P_GetConfigVersion2_sserv is a database call that tells Luminis which URLs to

call for login and logout.

4. The procedure calls the Luminis server LDAP, asking for configuration data.
5. Configuration data returned to the database and URLs are built to be sent back to

Luminis.

6. The URLs are passed back to the INB server to be transferred to Luminis.
7. The URLs are sent to Luminis.

8. The Luminis server uses the configuration data it received to build the logon request.
9. The procedure gokssso.p_cp_login_sserv is called to process the login request.
10. The procedure revalidates the credentials it received.
11. If the credentials are valid, the process continues.
12. The procedure encrypts the credentials, generates a token, and creates a database

13. A URL is sent back to Luminis as the pickup URL, which includes the token.

200

Banner General 8.3

Middle Tier Implementation Guide
Single Sign-On Connectivity Overview

October 2010

14. Luminis communicates the pickup URL back to the browser as a redirect.
15. The browser redirects to the pickup URL, which is a call to procedure
gokcsso.p_call_banner_sserv.

The CPSESSID cookie is created.

16. The SSB session starts because the CPSESSID cookie exists.

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Single Sign-On Connectivity Overview

201

202

Banner General 8.3

Middle Tier Implementation Guide
Single Sign-On Connectivity Overview

October 2010

Oracle Version-Specific
Information

Oracle Database 11g

Beginning with Banner General Release 8.2, Banner is able to offer support for Oracle
Database 11g. Database 11g is officially supported, but is not required. Oracle Database
version 10.2.0.3 is the minimum required for Banner 8.x.

Required Versions for Banner in Database 11g

For institutions migrating to Database 11g:
Oracle Database 11g: version 11.1.0.7.0 is the minimum required.
Oracle Application Server: version 10.1.2.x is the minimum required. Version
10.1.2.3.0, with patch 1-3GSD7J applied, is recommended.
Oracle Developer*Suite: version 10.1.2.x is the minimum required. Version
10.1.2.3.0 is recommended.
The following are the minimum Banner releases needed for institutions migrating to
Database 11g:
Banner Advancement 8.2
Banner Accounts Receivable 8.1
Banner Document Management Suite 8.2
Banner Finance 8.3
Banner Financial Aid 8.4
Banner General 8.2
Banner Position Control 8.2
Banner Human Resources 8.2
Banner Student 8.2
Banner Voice Response 8.0

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Oracle Version-Specific Information

203

For Banner Self-Service products, the following are the minimum required releases:
Banner Advancement Self-Service 8.3
Banner Employee Self-Service 8.2
Banner Faculty Self-Service 8.2
Banner Finance Self-Service 8.0
Banner Financial Aid Self-Service 8.4
Banner Student Self-Service 8.2
Banner Web General 8.2
Banner Web Tailor 8.2
For other SunGard Higher Education products Database 11g support will be listed in FAQ
1-4W1JEA..

Case-Sensitive Passwords in 11g

Oracle Database 11g supports case-sensitive passwords. This feature allows users to create
stronger passwords that mix upper- and lowercase characters. Use of this feature is not
required.
If you are migrating to Database 11g and want to take advantage of case-sensitive
passwords in Banner, you must make the following settings:
The initialization parameter SEC_CASE_SENSITIVE_LOGIN must be set to TRUE.
You must create an Oracle*Forms environment variable,
FORMS_USERNAME_CASESENSITIVE and set its value to 1 (the number one).
Note
Environment variable FORMS_USERNAME_CASESENSITIVE is available only

when using Application Server version 10.1.2.2 or higher.

Issues with Database 11g

There are several known issues and concerns that you should review before proceeding
with a migration to Oracle Database 11g. These issues are outlined in FAQ 1-4W1JEA,
Banner and Oracle Database 11g. The FAQ will be updated as new issues are discovered
and new solutions are found. Highlights of known issues are described below.

204

Banner General 8.3

Middle Tier Implementation Guide
Oracle Version-Specific Information

October 2010

Platform Issues
There are several known issues with Oracle Database 11g on various platforms. Further
details of these issues can be found in FAQ 1-4W1JEA.
An Oracle error occurs on startup in certain Linux platforms with Oracle Database
11.1.0.7. This issue is Oracle Bug 7272646.
With Application Server version 10.1.2.3.0 and the UTF-8 character set, text may
be replace by the pound sign (#) under some circumstances. This issue is Oracle
Bug 7126045: Oracle Patch 5983622 resolves the problem.
Banner Java code references to ojdbc14.jar and classes12.zip no longer exist in the
Oracle 11g (11.1.0.7.0) default location $ORACLE_HOME/jdbc/lib. This problem is
partially resolved through changes to shell scripts files; the modified files are
delivered with. Banner HR 8.2, Banner Student 8.2, and Banner Financial Aid
8.4.2. A workaround is available for the other affected object, script file
GURPDJAR. This issue is Defect 1-5I381L.
Luminis single sign-on (SSO) was impacted by a behavior change of Database
11g related to the password column in DBA_USERS. This problem was resolved
through changes to objects gokcss1.sql and gspsecr.sql delivered with Banner
General 8.2.
Depending on your platform, Oracles prerequisites may require an operating
system upgrade before installing Database 11g.
Oracle error ORA-24247 may be encountered when sending e-mails after
upgrading to Database 11g. Instructions for resolving this issue are found in FAQ
1-4W1JEA.

Change in Default Role Behavior

With Database 11g, Oracle has changed the way that default roles can be used in
connection with database security. Roles that are password-encrypted, such as the
BAN_DEFAULT_CONNECT role, cannot be assigned as a users default role. This issue
is described in Defect 1-5DG7XF, which lists two possible workarounds for this issue. For
more information, refer to FAQ 1-5BWTYS and Oracle Metalink Note 745407.1.

Oracle Database 10g and Application

Server 10g
This section includes FAQs related to configuring and maintaining an Oracle 10g database
and Oracle 10g Application Server. Since new FAQs are added to the Customer Support
Center on a frequent basis, you might want to periodically review FAQ #1-S35GU, which
contains a listing of all 10g-related FAQs.

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Oracle Version-Specific Information

205

In addition, the following FAQs address specific issues:

14145--Contains answers to common questions about Oracle 10g support and
requirements.
1-5K95Q--Provides steps for upgrading an Oracle 9.2.0.6 Banner 7.2 database to
Oracle 10.2.0.1 on Linux Red Hat 3.0.
1-SEFVX--A listing of Banner problem resolutions related to Oracle Database 10g
and Banner Cost-Based Optimization (CBO).
1-ST9HR--Instructions for correcting poor database performance if you have the
database initialization parameter SGA_MAX_SIZE set to a value greater than 50% of
physical memory on the server.
Note
The SGA_MAX_SIZE parameter is described in the Example Init.ora For

Oracle RDBMS 10.2.0 topic in the following section.

1-RUMST--How to adjust your Web Cache properties for a high volume of SelfService Connections.
1-DY3Q5--How to bypass Oracle 10g v9.0.4 Web Cache for Forms.
CMS-13884--Addressing performance problems with Forms 10g using SSL and
INB.
1-4PGDH--Addressing performance issues with INB Webforms Forms 10g using
Oracle Database 9i and Oracle Database 10g.
1-DH6D6--FAQs about Banner and Oracle Application Server 10g Release2.
CMS-14077--Oracle MetaLink Note:294749.1 (Troubleshooting WebForms
Tuning / Performance /Time out).
1-RZ7CW--Oracle 10g Release 10.2.0.2 Advisory - UNION with CONNECT BY.

10g Database
Example Init.ora For Oracle RDBMS 10.2.0
(FAQ#1-95O8T)
This note contains example starting point settings for a Banner or ODS (Operational Data
Store) Oracle 10.2.0 initSID.ora file.
Using an SPFILE is recommended. An SPFILE can be created from the example
initSID.ora in this note by using the information in CMS-10978 How To Migrate From A
Pfile To A Spfile Metalink Doc ID: Note:166601.1.

206

Banner General 8.3

Middle Tier Implementation Guide
Oracle Version-Specific Information

October 2010

Example:
CREATE SPFILE FROM PFILE = 'initBAN7.ora';

To change a parameter use the alter system command.

Example:
alter system set job_queue_processes=30;
alter system set job_queue_processes=30 scope=spfile;
create pfile='initBAN7.ora' from spfile;

Oracle 10.2 init.ora

The database name is set when the database is created. Typically the instance name is the
same as the db_name.
Example:
db_name = BAN7

Create three control files on different file systems in case one fails.
control_files = (/u01/oradata/ctl1BAN7.dbf,
/u02/oradata/ctl2BAN7.dbf,
/u03/oradata/ctl3BAN7.dbf)
Required for Oracle RDBMS version 10.2.0.2 for Oracle Bug # FAQ 1-VDJ4I
Note:373806.1 Hierarchical Query Dumps in
evaopn2_optimizer_order_by_elimination_enabled = FALSE

Required to fix Oracle Bug 4622729. Wrong results from queries using NOT
EXISTS. Bug is fixed in Oracle11.
_unnest_subquery = FALSE

false ONLY when applying Oracle patches and installing Java. May cause
problems with database performance and integrity if set to FALSE during normal
database activity.
_system_trig_enabled = false

Rollback segments - System Managed Undo

Normally you need only set undo_tablespace for RAC since Oracle will use the
first undo tablespace available.
undo_management = auto
undo_tablespace = RBS

Destination of the trace and core files:

background_dump_dest = /u02/oracle/dump
core_dump_dest = /u02/oracle/dump
user_dump_dest = /u02/oracle/dump
audit_file_dest = /u02/oracle/dump
max_dump_file_size = 10240

Required for ODS (Operational Data Store) Databases for Metadata creation:
utl_file_dir = /u02/oracle/UTL

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Oracle Version-Specific Information

207

Buffer cache size

New parameter replacing db_block_buffers:
db_cache_size = 100M 25 users
db_cache_size = 400M
#db_cache_size = 1G 100+ users

New SGA parameter--See Metalink Note 270065.1 (FAQ 1-PCW2R). Total size of
the SGA including buffer cache, log_buffer, shared_pool_size, large_pool_size.
Some customers have reported that explicitly setting minimum SHARED_POOL_SIZE
along with SGA_TARGET has improved performance. See Metalink Note:257643.1.
(FAQ 1-G88U0).
sga_target = 500M 25 users
shared_pool_size = 300M
sga_target = 1G
sga_target = 2G 100+ users
SGA_MAX_SIZE

should be set to allow sga_target to dynamically increase

SGA_MAX_SIZE should not exceed 50% of physical memory of machine in order to

prevent thrashing of memory.
sga_max_size = 2G

Cursor_Space_For_Time description:
Shared SQL areas are kept pinned in the shared pool. As a result, shared SQL areas
are not aged out of the pool as long as an open cursor references them. Because
each active cursor's SQL area is present in memory, execution is faster. However,
the shared SQL areas never leave memory while they are in use. Therefore, you
should set this parameter to TRUE only when the sga_target is large enough to hold
all open cursors.
cursor_space_for_time = true

Although cursor_sharing=similar may reduce the parsing overhead for parsing

similar SQL statements that differ only in literal values, exact should be set. Exact
is the default value. Testing has shown similar may cause problems.
cursor_sharing = exact

Number of session cursors to cache.

Subsequent parse calls will find the cursor in the cache and will not need to reopen
the cursor
session_cached_cursors = 50
session_cached_cursors = 200 100+ users

New parameters replacing sort_area_size

Note
For OpenVMS, value must be 0.
pga_aggregate_target
pga_aggregate_target
pga_aggregate_target
workarea_size_policy

208

Banner General 8.3

Middle Tier Implementation Guide
Oracle Version-Specific Information

=
=
=
=

50M 25 users
500M
1G 100+ users
auto

October 2010

Maximum number of o/s user processes that can simultaneously connect to Oracle.
Also include background processes - locks, job queue
processes = 100 25 users
processes = 300
processes = 800 100+ users

Sessions should be twice the number of processes

sessions = 600
dml_locks = 10000
open_cursors = 1024

New Optimizer settings For on 10.2

has shown to provide better performance than FIRST_ROWS for
Banner databases. Some Banner customers may see even better performance with
FIRST_ROWS_1.
FIRST_ROWS_10

For ODS databases, FIRST_ROWS is recommended.

Since the Cost-Based Optimizer is sensitive to the particular data in a database and
the capabilities of a particular hardware configuration, it may be necessary to
change the optimizer_index_caching and optimizer_cost_adj parameters to achieve
optimal performance.
FAQ 1-GGFI4 Init.ora Parameters Which Effect Oracle Cost Based Optimizer
(CBO)
optimizer_mode = FIRST_ROWS_10
optimizer_index_caching = 90
optimizer_index_cost_adj = 30
optimizer_dynamic_sampling = 2

See FAQs
1-MR8NU Oracle 10.2 Performance And optimizer_secure_view_merging
And MERGE ANY VIEW.
1-1A87XT Note5195882.8 Bug 5195882 - Queries in FGAC use full table
scan instead of index access.
optimizer_secure_view_merging = false

This parameter has been shown to fix performance problems with certain ODS
composite views in 10.2.0.2 but has not been completely tested with all Banner
processes.
See FAQ 1-1A1HZ7 ODS Mapping Error
_complex_view_merging = false

Set to the version of the database.This parameter may affect the optimizer path
compatible = 10.2.0.2

i/o calls for full table scan--If set too high may cause performance problems.
Recommended values 8 to 32.
db_file_multiblock_read_count = 16

Allow users to see their trace files if database is in secured environment:

_trace_files_public = true

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Oracle Version-Specific Information

209

Year2000 date compliant format:

nls_date_format = DD-MON-RR

or
Oracle default date format:
nls_date_format = DD-MON-YY

Note
Although the format DD-MON-YY is not Y2K compliant, the Banner date

routines provide Y2K compliance.

Back-up and Recovery:

db_recovery_file_dest = /u01/oracle/flash_recovery
#db_recovery_file_dest_size = 20G
#log_archive_dest_1 = /u01/oracle/logs
#log_archive_start = true
#log_archive_format = %t_%s_%r.dbf

Multi-Threaded Server MTS. Also known as Shared Server.

instance_name = BAN7
dispatchers = "(protocol=tcp)(dispatchers=2)"
dispatchers = "(protocol=ipc)(dispatchers=2)"
max_dispatchers = 10
service_names = BAN7
local_listener =
"(address=(protocol=tcp)(host=YourHostName)(port=1521))"

Required for SQL trace and Statspack. Has minimal performance impact.
timed_statistics = true

Required for 10.2 upgrade. Set the appropriate Database block size--2048 to 16384
(Linux, Solaris, Windows). 2048 to 32768 (AIX, HP, Tru64).
db_block_size
db_block_size
db_block_size
db_block_size

=
=
=
=

2048
8192
16384
32768

Resource limits are enforced in database profiles.

resource_limit = true

Allow dba remote access using the orapwBAN7 password file.

The file orapwBAN7 can be used by only one database. The password file can
contain names other than SYS.
Example:
cd $ORACLE_HOME/dbs
orapwd file=orapwBAN7 password=manager entries=5
remote_login_passwordfile = exclusive

210

Banner General 8.3

Middle Tier Implementation Guide
Oracle Version-Specific Information

October 2010

Required for setting up Oracle Database Control 10g using emca:

job_queue_processes = 10
Oracle Database 10g supports automatic checkpoint tuning. 10g Automatic
checkpoint tuning is in effect if FAST_START_MTTR_TARGET is unset.
fast_start_mttr_target = 300

10.2 obsolete params

hash_join_enabled = true
max_enabled_roles = 50
sql_trace = false
_complex_view_merging = false

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Oracle Version-Specific Information

211

212

Banner General 8.3

Middle Tier Implementation Guide
Oracle Version-Specific Information

October 2010

Troubleshooting

Single Sign-On for INB

Unsupported OID Service
Try one of the following:
Verify syntax in the es.sctinb.configURL parameter in configman.
Check that your DAD user has execute permissions on gokssso and gokcsso
packages.
LDAP bind password and getting error ORA-29283
Try one of the following:
Double-check the permissions on the enckey file and make sure it is readable by
Oracle.
Recreate the KEY_DIR and enckey file.
LDAP Bind Failed. Message is ORA-31202: DBMS_LDAP: LDAP client/server
error: No such object
Try one of the following:
Make sure login userid is defined in LDAP server.
Check that you have the correct SearchBase configurations.
Check that you have the correct UserPrefix configuration.
ORA-31202: DBMS_LDAP: LDAP client/server error: Invalid credentials
Make sure you are using the correct LDAP password to login.
When allowing multiple INB sessions from one Luminis link
Either of the following error messages could occur:
FRM-92050: Failed to connect to the Server
FRM-92102: A network error has occurred. The Form Client has attempted to reestablish its connection to the server 1 time(s) without success. Please check the
network connection and try again later.

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Troubleshooting

213

Change the OAS webserver setting

d:\oas10g\Apache\Jserv\servlets\zone.properties

from:
session.useCookies=true

To:
session.useCookies=false

Single Sign-On for SSB

Unsupported OID Service
Try one of the following:
Verify syntax in the es.sctssb.configURL parameter in configman.
Check that your DAD user has execute permissions on gokssso and gokcsso
packages.
LDAP bind password and getting error ORA-29283
Try one of the following:
Double-check the permissions on the enckey file and make sure it is readable by
Oracle.
Recreate the KEY_DIR and enckey file.
LDAP SSB Luminis numeric password issue Page Not Found gokcsso.p_call_banner ORA-988
Change the Luminis and Banner passwords to something that starts with a letter and
does not require double quotes to issue create or alter user commands. For example,
password abc1 instead of 1abc.
If that is not feasible, take the following staps
1. Edit BANNER_HOME\general\dbrpocs\gokcss1.sql
2. Find this line:
execute immediate 'alter user '||sso_user||' identified by
'||sso_pswd;

3. Change it to:
execute immediate 'alter user '||sso_user||' identified by '|| '"' ||
sso_pswd || '"';

4. Save changes and rebuild package.

214

Banner General 8.3

Middle Tier Implementation Guide
Troubleshooting

October 2010

Invalid login information. Please try again.

Try one of the following:
Confirm the LDAP userid and password are correct.
If the WebTailor Administration -- LDAP Administration Search Indicator is
checked, try unchecking it and testing again.

Luminis Channels for Banner

A SQL exception has occurred. ORA-12154: TNS:could not resolve service
name
1. Edit banportals.config and change default.tnsName=rocoram1_ban7 to
default.tnsName=rocoram1_ban7.sct.com.

2. Rebuild the bannerCommon.car and banportals.ear

java -jar banportalsadmin.jar banportals.config

3. Redeploy the banportals.ear and recopy the bannerCommon.car to Luminis.

A SQL exception has occurred.ORA-01017: invalid username/password;

logon denied
1. Edit banportals.config and change default.password=banproxy to
default.password=u_pick_it

2. Rebuild the bannerCommon.car and banportals.ear

java -jar banportalsadmin.jar banportals.config

3. Redeploy the banportals.ear and recopy the bannerCommon.car to Luminis.

HTTP 404 web page errors related to gokcsso.p_call_banner ORA-20007

Disable Oracle Profiles for LDAP/SSO accounts, or take the following steps:
1. Set PASSWORD_REUSE_TIME UNLIMITED in profile.
2. Alter profile TEST2_PROFILE LIMIT PASSWORD_REUSE_TIME UNLIMITED.

October 2010

Banner General 8.3

Middle Tier Implementation Guide
Troubleshooting

215

216

Banner General 8.3

Middle Tier Implementation Guide
Troubleshooting

October 2010

Index

Address Role Privileges Form (GOAADRL)

79
Address Type Code Validation Form
(STVATYP) 79, 80
alumni directory
setting up 88
AnonmsSearch LDAP server entry 101, 109,
118, 121
assigning PINs
for individual users 85
assigning web user roles 73
Authentication key parameters
BIND_PASSWORD 103
BIND_USER 103
DN 103
SERVER 103
USERMAP_OPT 104
USERMAP_PRFX 104

campus directories 87
and address hierarchies 88
creating 87
creating profiles 88
certificate wallet 104
changing an e-mail address online 90
Common Name (CN) 107, 120
configuring your INB server 110
CPAuth LDAP server entry 101, 107, 118,
120
CPDeAuth LDAP server entry 101, 107, 118,
120
CPLastAct LDAP server entry 101, 107, 118,
120
creating an alumni directory 87
creating an alumni directory profile 88
creating an employee directory 87
creating an employee directory profile 88
creating an encryption key 99
creating campus directories 87
creating campus directory profiles 88
creating DADs for running SSO 110
credit card processing 76
CSSURL LDAP server entry 101, 109, 118,
120
Current PIN Table (GOBTPAC) 84
customizing graphic elements 70
customizing graphics and icons 70
customizing Info Text 75
customizing web rules 68

B
bannersso.jar file 110
banportals application 131
BANSSO user 110
BASELINE and Local records
Self-Service web menus and web
procedures 70
BASELINE values
Copying BASELINE values to users 29
Using the Propagate field 29
BIND_PASSWORD parameter 103
BIND_USER parameter 103
bottom-of-the-page link
definition 73
bottom-of-the-page links
adding 74

October 2010

D
DADNormal LDAP server entry 101, 106,
118, 119
dadnormal.txt 110
DADSpecial LDAP server entry 101, 107
dadspecial.txt 110

Banner General 8.3

Middle Tier Implementation Guide
Index

217

Data Extract
Choosing default output 29
Configuring environment variable 30
Enabling Data Extract for a form 28
Setting up Data Extract 28
WebUtil 30
data synchronization with SunGard Higher
Education partner systems 87
DBA_DIRECTORIES view 99
DBMS_OBFUSCATION_TOOLKIT Oracle
package 99
DBMS_OBFUSCATION_TOOLKIT Oracle
utility 96
DBMS_PIPE 96
defining graphic elements 70
defining graphics and icons 70
defining web rules 68
DES encryption 99
DES3 algorithm 100
directories 87
Directory Address Table (GORDADD) 195
Directory Item Validation Form (GTVDIRO)
88
Directory Item Validation Table (GTVDIRO)
193
Directory Options Rule Form (GOADIRO) 88
Directory Options Rule Table (GOBDIRO)
193
Directory Profile Table (GORDPRF) 88, 195
disabling a menu item temporarily 75
DN parameter 103
documentation
related 9

E
E-mail Address Form (GOAEMAL) 90
E-mail Address Type Validation Form
(GTVEMAL) 90, 91
e-mail addresses
changing online 90
preferred 91
employee directory
setting up 88
enckey file 99
encryption key
creating 99
Environment variables

218

Banner General 8.3

Middle Tier Implementation Guide
Index

Banner ID images environment variables

27
Data Extract environment variable 30
establishing third party history information 80
establishing web user parameters 80
external system sctinb 96

F
Forms
GUAUPRF General User Preferences
Maintenance Form 102
forms
GOAADRL Address Role Privileges
Form 79
GOADIRO Directory Options Rule Form
88
GOAEMAL E-mail Address Form 90
GOATPAC Third Party Access Form 80,
81, 83, 191, 192
GOATPAD Third Party Access Audit
Form 80, 81, 85, 87, 191, 192
GTVDIRO Directory Item Validation Form
88
GTVEMAL E-mail Address Type
Validation Form 90, 91
GUASRVY Survey Definition Form 92
GUAUPRF General User Preferences
Maintenance Form 29
STVATYP Address Type Code Validation
Form 79, 80

G
General User Preferences Maintenance
Form (GUAUPRF) 29, 102
GLBDATA Population Selection Extract
Process 93
global menu bottom link
definition 73
global menu bottom links
adding 75
GOAADRL Address Role Privileges Form 79
GOADIRO Directory Options Rule Form 88
GOAEMAL E-mail Address Form 90
GOATPAC Third Party Access Form 80, 81,
83, 191, 192
GOATPAD Third Party Access Audit Form
80, 81, 85, 87, 191, 192

October 2010

GOBDIRO Directory Options Rule Table 193

GOBTPAC Current PIN Table 84
GOKCSSO package 96
GOKKSSO package 96, 99, 100
goksso.p_cp_lastact 107, 120
goksso.p_cp_login 107, 120
goksso.p_cp_logout 107, 120
gokssso.p_login 97
GORDADD Directory Address Table 195
GORDPRF Directory Profile Table 88, 195
GORPAUD PIN Audit Trail History Table 192
GORPAUD PIN History Table 84, 87
GTVDIRO Directory Item Validation Form 88
GTVDIRO Directory Item Validation Table
193
GTVEMAL E-mail Address Type Validation
Form 90, 91
GUASRVY Survey Definition Form 92
GUAUPRF General User Preferences
Maintenance Form 29, 102
GURUPRF Personal Preference Table 96

H
Home Directory for Luminis Channels for
Banner 134
home page
customizing the contents of 61, 76
customizing the look-and-feel 71
file location 61
homepage.htm 61
HTTPPrefixClient LDAP server entry 101,
109, 118, 120
HTTPPrefixServer LDAP server entry 101,
109, 118, 120

I
INBServerName LDAP server entry 101, 106
INBServletPath LDAP server entry 101, 109
Info Text
changing the order of paragraphs
displayed 75
creating 75
customizing 75
graphics 75
modifying 75

October 2010

K
KEY_DIR Oracle directory 99

L
LDAP 69, 77, 78, 79, 80, 84, 87, 121, 191,
192
LDAP Lightweight Directory Access Protocol
95
LDAP server entries
AnonmsSearch 101, 109, 118, 121
CPAuth 101, 107, 118, 120
CPDeAuth 101, 107, 118, 120
CPLastAct 101, 107, 118, 120
CSSURL 101, 109, 118, 120
DADNormal 101, 106, 118, 119
DADSpecial 101, 107
HTTPPrefixClient 101, 109, 118, 120
HTTPPrefixServer 101, 109, 118, 120
INBServerName 101, 106
INBServletPath 101, 109
PswdChangeMessage 101, 109, 118,
120
SearchBase 101, 107, 118, 120
SSBServerName 118, 119
UserMapDN 101, 107, 118, 120
UserPrefix 101, 107, 118, 120
ldapmodify 101, 118
LDAPS 103
LDIF files 100, 117
sso_oclass_oid.ldif 100
sso_oclass_sunone.ldif 101
sso_parms.ldif 101
sso_parms_sserv.ldif 118
sso_root_sunone.ldif 101
sso_root_sunone2.ldif 101
Lightweight Directory Access Protocol
(LDAP) 69, 77, 78, 79, 80, 84, 87, 95,
121, 191, 192
LOCATION parameter 104
Luminis to Banner SSO with ADMIN Access
110, 125

M
menu item
criteria for display 74

Banner General 8.3

Middle Tier Implementation Guide
Index

219

definition 73
disabling temporarily 75
menu items
adding 74
changing the order of 74
modifying 74
MODE parameter 104

NDS 101, 118

Novell Directory Server (NDS) 101, 118

generating automatically 81
historic information 80
pre-expiring 82, 84, 86
resetting 83, 84, 85
Population Selection Extract Process
(GLBDATA) 93
preferred e-mail addresses 91
Propagate field on GUAUPRF 29
ProviderChannel 131
PswdChangeMessage LDAP server entry
101, 109, 118, 120
Publishing a channel 142

online surveys
creating 92
defining questions for 93
defining the Web products where one can
appear 94
defining who receives it 92
OpenLDAP 101, 118
Oracle Apache HTTP Listener 61, 63
Oracle Apache PL/SQL Agent 71
Oracle Wallet Manager 104

resetting PINs 85
root directory 60

P
package.procedure combinations 71
Packages
GOKCSSO 96
GOKKSSO 96, 99, 100
PASSWORD parameter 104
Personal Preference Table (GURUPRF) 96
PIN administration 80
PIN Audit Trail History Table (GORPAUD)
192
PIN Hint Question 87
PIN Hint Response 87
PIN History Table (GORPAUD) 84, 87
PINs
assigning for individual users 81, 85
assigning via batch processing 81
assigning via database triggers 81
changing 85
disabling 83, 85
expiration 84, 86

220

Banner General 8.3

Middle Tier Implementation Guide
Index

S
sample DADs
dadnormal.txt 110
dadspecial.txt 110
screen reader 70
sctinb 96
SCTSSOConfig 107, 120
SCTSSOConfig object class 101
SCTSSOConfigString attribute 101, 107, 120
SearchBase LDAP server entry 101, 107,
118, 120
SERVER parameter 103
setting up campus directories 87
setting up campus directory profiles 88
Setting up Data Extract 28
Choosing the default output 29
Configuring environment variable 30
Copying BASELINE values to users 29
Enabling Data Extract for a form 28
Single Sign-On (SSO)
Overview 96
SSBServerName LDAP server entry 118, 119
SSL (Secured Socket Layer) key parameters
104
SSL authentication mode 104
SSL key parameters
LOCATION 104
MODE 104

October 2010

PASSWORD 104
SSO Single Sign-On
Overview 96
sso_oclass_oid.ldif file 100
sso_oclass_sunone.ldif file 101
sso_parms.ldif file 101
sso_parms_sserv.ldif file 118
sso_root_sunone.ldif file 101
sso_root_sunone2.ldif file 101
STVATYP Address Type Code Validation
Form 79, 80
Survey Definition Form (GUASRVY) 92
surveys
creating 92
defining questions for 93
defining the Web products where one can
appear 94
defining who receives it 92
synchronization with SunGard Higher
Education partner systems 87
System Functions/Administration forms
General User Preferences Maintenance
Form (GUAUPRF) 29

T
Tables
GURUPRF Personal Preference Table
96
tables
GOBDIRO Directory Options Rule Table
193
GOBTPAC Current PIN Table 84
GORDADD Directory Address Table 195
GORDPRF Directory Profile Table 88,
195
GORPAUD PIN Audit Trail History Table
192
GORPAUD PIN History Table 84, 87
GTVDIRO Directory Item Validation Table
193
TWGBWSES WebTailor Web Session
Table 86
Terms of Usage
displaying 83, 86
redisplaying 83, 86
Terms of Usage page 69
Third Party Access Audit Form (GOATPAD)
80, 81, 85, 87, 191, 192

October 2010

Third Party Access Form (GOATPAC) 80, 81,

83, 191, 192
third party history information
establishing 80
viewing 85
third party ID 87
third party information
changing 85
timing out 68
TWADMINU.SQL 56
TWGBWSES WebTailor Web Session Table
86

U
USERMAP_OPT parameter 104
USERMAP_PRFX parameter 104
UserMapDN LDAP server entry 101, 107,
118, 120
UserPrefix LDAP server entry 101, 107, 118,
120

V
validation forms
E-mail Address Type Validation Form
(GTVEMAL) 91

W
web rules 68
web user parameters
establishing 80
web user roles
adding the WebTailor Administrator role
to an existing Banner ID 56
assigning 73
assigning address view privileges 79
definition 72
WebTailor Web Session Table
(TWGBWSES) 86
WebUtil
About 30
Changing Data Extract output type to
WebUtil 29

Banner General 8.3

Middle Tier Implementation Guide
Index

221

Krithi Talk Impact
No ratings yet
Krithi Talk Impact
169 pages
Student 80500 U
No ratings yet
Student 80500 U
2,602 pages
OpenText Media Management CE 22.2 - Web Desktop Client User Guide English (MEDMGTMOD220200-UCW-EN-01)
No ratings yet
OpenText Media Management CE 22.2 - Web Desktop Client User Guide English (MEDMGTMOD220200-UCW-EN-01)
268 pages
Banner Tables Views Forms
No ratings yet
Banner Tables Views Forms
844 pages
SAP BusinessObjects BI Customization Guide
No ratings yet
SAP BusinessObjects BI Customization Guide
138 pages
IntroQADEA UG v2016EE PDF
No ratings yet
IntroQADEA UG v2016EE PDF
210 pages
SERVICEDESKSERVER031
No ratings yet
SERVICEDESKSERVER031
222 pages
TIB Bwce 2.6.2 Migration
0% (1)
TIB Bwce 2.6.2 Migration
96 pages
En - Security Center Administrator Guide 5.2
100% (1)
En - Security Center Administrator Guide 5.2
892 pages
Oracle General Ledger Technical Foundation: Presented At: Atlanta Oracle Application User Group Meeting August 20, 1999
100% (1)
Oracle General Ledger Technical Foundation: Presented At: Atlanta Oracle Application User Group Meeting August 20, 1999
41 pages
WhatSNewAndChanged en
No ratings yet
WhatSNewAndChanged en
402 pages
GL Wand User Guide
100% (2)
GL Wand User Guide
149 pages
Redmine Configuration Ebook
No ratings yet
Redmine Configuration Ebook
94 pages
OTBI
No ratings yet
OTBI
33 pages
Technical Overview 04 - BRM Data Model
0% (1)
Technical Overview 04 - BRM Data Model
40 pages
Drupal 8-Overview
No ratings yet
Drupal 8-Overview
26 pages
23 Aug 2021050611 PM
No ratings yet
23 Aug 2021050611 PM
187 pages
Banner Student Technical Reference Manual Supplement 8.6
0% (1)
Banner Student Technical Reference Manual Supplement 8.6
164 pages
En GCXI 9.0.0 User Book
No ratings yet
En GCXI 9.0.0 User Book
613 pages
Hyperion® System™ 9: Administrator'S Guide
No ratings yet
Hyperion® System™ 9: Administrator'S Guide
422 pages
Data Entry Standards (Smith - Edu) PDF
No ratings yet
Data Entry Standards (Smith - Edu) PDF
28 pages
Windows 7 Deployment Procedures in 802 1X Wired Networks
No ratings yet
Windows 7 Deployment Procedures in 802 1X Wired Networks
20 pages
Introduction To Flexnet Manager Suite: © Flexera / Company Confidential
No ratings yet
Introduction To Flexnet Manager Suite: © Flexera / Company Confidential
42 pages
ITSM Config Guide 700
100% (2)
ITSM Config Guide 700
442 pages
ProgressProg10 TG 2015 04
No ratings yet
ProgressProg10 TG 2015 04
320 pages
ITIL Notes
No ratings yet
ITIL Notes
14 pages
Banner AR Guide 7.3 Arsys70300rg
No ratings yet
Banner AR Guide 7.3 Arsys70300rg
94 pages
Tivoli Workloud Scheduler Guide
No ratings yet
Tivoli Workloud Scheduler Guide
420 pages
Siebel Configuration Questions and Answers
No ratings yet
Siebel Configuration Questions and Answers
24 pages
ARS 7.1 Integrating Plug-Ins & Third-Party Products 69394
No ratings yet
ARS 7.1 Integrating Plug-Ins & Third-Party Products 69394
408 pages
Hyperion - Hyperion Planning Interview Questions - II
No ratings yet
Hyperion - Hyperion Planning Interview Questions - II
9 pages
BMC Remedy Knowledge Management 7.2 - Planning and Configuration Guide
No ratings yet
BMC Remedy Knowledge Management 7.2 - Planning and Configuration Guide
154 pages
Ebs Diagnostics Troubleshooting 483730
No ratings yet
Ebs Diagnostics Troubleshooting 483730
104 pages
QueryTrainingGuide 1
No ratings yet
QueryTrainingGuide 1
79 pages
Iam Guide
No ratings yet
Iam Guide
13 pages
Banner Form Desc
No ratings yet
Banner Form Desc
62 pages
Swipe To Unlock The Primer On Technology and Business Strategy by Parth Detroja Neel Mehta Aditya Agashe
No ratings yet
Swipe To Unlock The Primer On Technology and Business Strategy by Parth Detroja Neel Mehta Aditya Agashe
347 pages
Delphix Admin For Oracle Lab Guide 5.3.5
No ratings yet
Delphix Admin For Oracle Lab Guide 5.3.5
61 pages
Informatica Installation Guide
No ratings yet
Informatica Installation Guide
26 pages
General 80300 TRM
No ratings yet
General 80300 TRM
312 pages
Administer Qlik Sense Enterprise On Windows
No ratings yet
Administer Qlik Sense Enterprise On Windows
734 pages
Java Version History - Wikipedia
No ratings yet
Java Version History - Wikipedia
38 pages
DauHoang WebSecurity Chapter 3 Web Security Measures PDF
No ratings yet
DauHoang WebSecurity Chapter 3 Web Security Measures PDF
134 pages
Informatica Big Data Management Course Agenda
100% (2)
Informatica Big Data Management Course Agenda
4 pages
Forrester Digital Process Automation Q3 2017
No ratings yet
Forrester Digital Process Automation Q3 2017
18 pages
Infor OS Portal Migration Tool Instructions
No ratings yet
Infor OS Portal Migration Tool Instructions
5 pages
NetDocuments Whitepaper DMS Best Practices
No ratings yet
NetDocuments Whitepaper DMS Best Practices
18 pages
Vsphere Esxi Vcenter Server 551 Security Guide
0% (1)
Vsphere Esxi Vcenter Server 551 Security Guide
182 pages
Aim Documents
100% (1)
Aim Documents
2 pages
SE 521 VGDB Use Case Specification: Create Account
No ratings yet
SE 521 VGDB Use Case Specification: Create Account
8 pages
FSO For Oracle CX RightNow 002
No ratings yet
FSO For Oracle CX RightNow 002
25 pages
UMC WinCCUnified en V10
No ratings yet
UMC WinCCUnified en V10
47 pages
CE0505 4.0v1 An Introduction To Sophos Central
100% (1)
CE0505 4.0v1 An Introduction To Sophos Central
14 pages
MDS2 Worksheet
No ratings yet
MDS2 Worksheet
12 pages
Metadata Assistant Quick Start Guide
0% (1)
Metadata Assistant Quick Start Guide
7 pages
CheatSheets - Google - Professional Architect
No ratings yet
CheatSheets - Google - Professional Architect
48 pages
Soporte Guia PDF
No ratings yet
Soporte Guia PDF
103 pages
Apps Integration Cookbook
No ratings yet
Apps Integration Cookbook
139 pages
Release 11i Documentation Titles (11.5.8) Part Number PDF
No ratings yet
Release 11i Documentation Titles (11.5.8) Part Number PDF
6 pages
NetBackup10 - Security and EncryptionGuide
No ratings yet
NetBackup10 - Security and EncryptionGuide
579 pages
Wipro 7b1630 User Manuel English
No ratings yet
Wipro 7b1630 User Manuel English
70 pages
Identity and Access Management Overview
No ratings yet
Identity and Access Management Overview
37 pages
MasterControl - Cloud FAQ
No ratings yet
MasterControl - Cloud FAQ
18 pages
Pan Os New Features
No ratings yet
Pan Os New Features
204 pages
RFP - Umbrella Solution Fault and Performance Management PDF
100% (1)
RFP - Umbrella Solution Fault and Performance Management PDF
32 pages
Avaya Control Manager Administering Avaya One-X Agent Issue 1.1
No ratings yet
Avaya Control Manager Administering Avaya One-X Agent Issue 1.1
133 pages
Asdm 71 VPN Config
No ratings yet
Asdm 71 VPN Config
460 pages
CISO Cyber
No ratings yet
CISO Cyber
11 pages
Navision Development Guidelines
No ratings yet
Navision Development Guidelines
16 pages
Interview Question
100% (1)
Interview Question
31 pages
AZW Azure AD Connect
No ratings yet
AZW Azure AD Connect
32 pages
Allan's Current Resume
No ratings yet
Allan's Current Resume
24 pages
Gaining Expertise With Azure AD B2C
No ratings yet
Gaining Expertise With Azure AD B2C
55 pages
Visio-Example Service Topology Diagrams v100 2
No ratings yet
Visio-Example Service Topology Diagrams v100 2
4 pages
Installation Powerplay Instant: For Tenants
No ratings yet
Installation Powerplay Instant: For Tenants
22 pages
BizTalk Server 2010 Database Infrastructure Poster
No ratings yet
BizTalk Server 2010 Database Infrastructure Poster
1 page
Apps Log in Flow
No ratings yet
Apps Log in Flow
4 pages
Ariba Cloud Services - Data Privacy and Data Protection Whitepaper
No ratings yet
Ariba Cloud Services - Data Privacy and Data Protection Whitepaper
12 pages
Data Analysis with LLMs
From Everand
Data Analysis with LLMs
Immanuel Trummer
No ratings yet
Microsoft Azure Fundamentals Certification and Beyond: A complete AZ-900 exam guide with online mock exams, flashcards, and hands-on activities
From Everand
Microsoft Azure Fundamentals Certification and Beyond: A complete AZ-900 exam guide with online mock exams, flashcards, and hands-on activities
Steve Miles
No ratings yet
Content Delivery Networks: Fundamentals, Design, and Evolution
From Everand
Content Delivery Networks: Fundamentals, Design, and Evolution
Dom Robinson
No ratings yet
Mastering The Spritekit Framework: Develop Professional Games With This New Ios 7 Framework
From Everand
Mastering The Spritekit Framework: Develop Professional Games With This New Ios 7 Framework
Peter van de Put
No ratings yet
Exchange Server 2010 Administration: Real World Skills for MCITP Certification and Beyond (Exams 70-662 and 70-663)
From Everand
Exchange Server 2010 Administration: Real World Skills for MCITP Certification and Beyond (Exams 70-662 and 70-663)
Joel Stidley
4/5 (1)
Microsoft Dynamics GP 2013 Implementation
From Everand
Microsoft Dynamics GP 2013 Implementation
Victoria Yudin
No ratings yet
Optimizing Hadoop for MapReduce
From Everand
Optimizing Hadoop for MapReduce
Khaled Tannir
No ratings yet
ColdFusion Interview Questions, Answers, and Explanations: ColdFusion Certification Review
From Everand
ColdFusion Interview Questions, Answers, and Explanations: ColdFusion Certification Review
equitypress
No ratings yet
Google Cloud Dataproc The Ultimate Step-By-Step Guide
From Everand
Google Cloud Dataproc The Ultimate Step-By-Step Guide
Gerardus Blokdyk
No ratings yet
IBM Integration Bus Third Edition
From Everand
IBM Integration Bus Third Edition
Gerardus Blokdyk
No ratings yet
ISO 80000-3 A Complete Guide
From Everand
ISO 80000-3 A Complete Guide
Gerardus Blokdyk
No ratings yet
SnapLogic Second Edition
From Everand
SnapLogic Second Edition
Gerardus Blokdyk
No ratings yet