ELM 9.X: SCORM Content Not Authenticate from Peoplesoft PIA to Launch Content URL (Doc ID 2013850.1)

Last updated on NOVEMBER 29, 2016

Applies to:

PeopleSoft Enterprise ELM Enterprise Learning Management - Version 9.1 and later
Information in this document applies to any platform.

Symptoms

ELM 9.2 Content URL Security Issue.
A user from going to the web server that the content is on and opening up a browser and pointing to the content without going through the ELM system.
A content is on a web server xyz and the content is in a folder called content/AICC/123.

When a SCORM content is launched, a new window is opened and the URL to launch the course is displayed in the address bar. 

There is no ID and password asked when such a URL is used. There is not a way to control someone going to http://xyz/content/AICC/123/.html and launch the content.

If the content on a client web server is not protected with a firewall or intranet security, it is possible that a user can gain access to the SCORM class outside of PIA.

Expected to have a content authentication by login as PeopleSoft user to launch the content.

The issue can be reproduced at will with the following steps:

  1. Click on URL
  2. Course will begin bypassing PeopleSoft ELM sign on page.

Due to this issue, this causes security concerns for company because it will allow non employees to access proprietary information.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms