E-PORTAL/SEC: Users Logged Into Development Environment Can Access Production, How To Break SSO?
(Doc ID 648990.1)
Last updated on MARCH 12, 2021
Applies to:PeopleSoft Enterprise PRTL Interaction Hub - Version 8.4 to 9.2 [Release 8.4 to 9]
PeopleSoft Enterprise PT PeopleTools - Version 8.55 to 8.57 [Release 8.4]
Information in this document applies to any platform.
***Checked for Relevance 24-12-2012***
Customers which have cloned their production database and refreshed it as test, development, sandbox, training, etc. now realize that when a user logs into the cloned database, and then uses a link which takes them to the real production database, that they are accessing production and shouldn't be able to. There is a large security concern, especially on applications with sensitive customer or employee data like CRM and HCM. This is because a user which has administrative privileges in dev could Single Signon (SSO) to production and access actual data.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document