E-PORTAL/SEC: Users Logged Into Development Environment Can Access Production, How To Break SSO?
(Doc ID 648990.1)
Last updated on JANUARY 31, 2022
Applies to:PeopleSoft Enterprise PRTL Interaction Hub - Version 8.4 to 9.2 [Release 8.4 to 9]
PeopleSoft Enterprise PT PeopleTools - Version 8.58 to 8.58 [Release 8.4]
PeopleSoft Enterprise PT PeopleTools - Version 8.40 to 8.57 [Release 8.4]
Information in this document applies to any platform.
Customers which have cloned their production database and refreshed it as test, development, sandbox, training, etc. now realize that when a user logs into the cloned database, and then uses a link which takes them to the real production database, that they are accessing production and shouldn't be able to. There is a large security concern, especially on applications with sensitive customer or employee data like CRM and HCM. This is because a user which has administrative privileges in dev could Single Signon (SSO) to production and access actual data.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document