My Oracle Support Banner

E-PORTAL/SEC: Users Logged Into Development Environment Can Access Production, How To Break SSO? (Doc ID 648990.1)

Last updated on AUGUST 05, 2024

Applies to:

PeopleSoft Enterprise PRTL Interaction Hub - Version 8.4 to 9.2 [Release 8.4 to 9]
PeopleSoft Enterprise PT PeopleTools - Version 8.58 to 8.58 [Release 8.4]
PeopleSoft Enterprise PT PeopleTools - Version 8.40 to 8.57 [Release 8.4]
Information in this document applies to any platform.






Goal


Customers which have cloned their production database and refreshed it as test, development, sandbox, training, etc. now realize that when a user logs into the cloned database, and then uses a link which takes them to the real production database, that they are accessing production and shouldn't be able to.  There is a large security concern, especially on applications with sensitive customer or employee data like CRM and HCM.  This is because a user which has administrative privileges in dev could Single Signon (SSO) to production and access actual data.

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.