PowerCAMPUS SelfService

May 15, 2009 at 9:37 PM
Edited May 15, 2009 at 9:37 PM

We are going to upgrading to SelfService, the web portal for SunGard's PowerCAMPUS.  First has anyone contacted you about trying this?  Second, I have the "Windows LiveID SSO Kit" doc and your "SunGard Luminis Integration" doc in front of me.  I am wondering why there is a discrepancy about the SQL database.  The Luminis doc walks through creating a database, but the SSO doc soesn't mention the need for a SQL database.  Can you explain this please?  Thanks, and anymore clarification you could give you be greatly appreciated.

Chris Parks

Highland Community College

May 18, 2009 at 1:51 PM

Hi Chris,

I am not personally familiar with PowerCAMPUS, but we would love to see the community share additional support as it's made available!

The SSO Toolkit does not talk about SQL Server because this is a feature specific to the Luminis solution.  The out-of-the-box SSO Toolkit does not require the use of SQL Server.  The Luminis solution adds features to the SSO Toolkit to accept authentication from a 3rd-party (Luminis Portal) through a trusted SQL connection.  If you read the overview of the Luminis solution, you will see discussion of how Luminis saves the authentication in a SQL table.  BTW, it does not have to be SQL Server, it can be any database supported by J2EE and .NET.

May 18, 2009 at 5:56 PM
Edited May 19, 2009 at 1:01 PM

Thanks for the response.  Does Luminis authenticate against AD or SQL?  I know this is an option for SelfService and we are authenticating directly with AD.  Just wondering if this was your reason for the SQL server.  I am going to try our implementation from the SSO Scenario A.  Also, did Luminis already have an ‘email’ link on it or did you need to add that?


Chris Parks

May 18, 2009 at 6:14 PM

Luminis usually authenticates with Sun LDAP.  The reason for SQL is to transfer the authenticated session over to the Windows Web Server from the Luminis server in a secure fashion.  Using a database is only available behind the firewall in the data center.  Think of it as a single-user token.

Luminis already has an email link the solution leverages.

May 19, 2009 at 3:11 PM

OK, I have completed the steps in the SSO SDK Kit.  I am getting an error pertaining to RPS.  Did you use RPS?  If so what modifications to the rpsserver.xml file did you have to make?  None of the documentation refers to this. Here is a copy of the error:

Internal error: Cookie cert is specified in rpsserver.xml file but does not exist in config\certs directory. The name specified should not include ".cer" extention. The file that could not be found:cs.rpssample.pp.test.microsoft.com.cer.

Any insight would be helpful.

May 19, 2009 at 4:47 PM

No fret, it's a common mistake.  The RPS install requires a very specific RPSServer.xml file be used during installation.  The correct RPSServer.xml file ships with the SSO Toolkit.  You will need to uninstall RPS, and then reinstall using the correct RPSServer.xml.

May 19, 2009 at 5:00 PM

If you get a chance can you elaborate on that?  I followed the instructions and installed RPS as stated in Appendix G.  I copied the rpsserver.xml file that came with the toolkit to C:\.  Do I have to create a new very specific RPSServer.xml file or do I get it from MS?  Also, where do I get the certificates for RPS?  The SSO Toolkit docs don't mention that at all.


May 19, 2009 at 5:18 PM

When you specify the path to the RPSServer.xml that came in the zip file, you will need to quality the full path such as "C:\SSOToolkit\RPSServer.xml".  You will not need any of those cer files using this xml.

May 19, 2009 at 5:58 PM

OK, that seemed to work.  Thanks, but of course I have another hang up.

The site cannot be authenticated, the certificate provided cannot be verified. The Certificate & Site ID combination for this SSO application is invalid.

  Main Exception Code: 0x80048101   The header in the soap request is invalid
  Inner Exception Code: 0x80044021   The site cannot be authenticated, the certificate provided cannot be verified.

I have installed the certificate from MS correctly, as far as I know (following the docs) and modified the permissions.  I had to call MS support for my SiteID and he said it was the 9-digit number from the MX record.  Does that sound right?  All the examples have a 6 digit #. 

Also, when I register for Live@edu I selected the option for SSO and created a test domain.  Since then I created what we are wanting our production domain to be, but there was not an option for SSO.  Do you know if that is causing any issues?

Thanks again

May 19, 2009 at 6:04 PM

I believe you would be best served by filing a support incident with the administrator support of Live@edu... http://support.microsoft.com/oas/default.aspx?&prid=12480&ln=en-us 

May 19, 2009 at 6:06 PM

I have 2 open right now.  Thanks for all your help.  Hopefully this will work.  I will let you know how far I get.

May 19, 2009 at 6:09 PM

Make sure you have an SRZ support incident prefix to ensure you are in the proper support queue for SSO.