E-PORTAL/SEC: Users Logged Into Development Environment Can Access Production, How To Break SSO? (Doc ID 648990.1)

Last updated on OCTOBER 05, 2016

Applies to:

PeopleSoft Enterprise PRTL Interaction Hub - Version 8.4 and later
PeopleSoft Enterprise PT PeopleTools - Version 8.40 to 8.54 [Release 8.4]
Information in this document applies to any platform.
***Checked for Relevance 24-12-2012***

Goal


Customers which have cloned their production database and refreshed it as test, development, sandbox, training, etc. now realize that when a user logs into the cloned database, and then uses a link which takes them to the real production database, that they are accessing production and shouldn't be able to.  There is a large security concern, especially on applications with sensitive customer or employee data like CRM and HCM.  This is because a user which has administrative privileges in dev could Single Signon (SSO) to production and access actual data.

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms