E-PORTAL/SEC: Users Logged Into Development Environment Can Access Production, How To Break SSO?
Last updated on APRIL 16, 2018
Applies to:PeopleSoft Enterprise PT PeopleTools - Version 8.40 to 8.54 [Release 8.4]
PeopleSoft Enterprise PRTL Interaction Hub - Version 8.4 and later
PeopleSoft Enterprise PT PeopleTools - Version 8.55 to 8.55 [Release 8.4]
Information in this document applies to any platform.
***Checked for Relevance 24-12-2012***
Customers which have cloned their production database and refreshed it as test, development, sandbox, training, etc. now realize that when a user logs into the cloned database, and then uses a link which takes them to the real production database, that they are accessing production and shouldn't be able to. There is a large security concern, especially on applications with sensitive customer or employee data like CRM and HCM. This is because a user which has administrative privileges in dev could Single Signon (SSO) to production and access actual data.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms