E-PORTAL/SEC: Users Logged Into Development Environment Can Access Production, How To Break SSO?
(Doc ID 648990.1)
Last updated on AUGUST 05, 2024
Applies to:
PeopleSoft Enterprise PRTL Interaction Hub - Version 8.4 to 9.2 [Release 8.4 to 9]PeopleSoft Enterprise PT PeopleTools - Version 8.58 to 8.58 [Release 8.4]
PeopleSoft Enterprise PT PeopleTools - Version 8.40 to 8.57 [Release 8.4]
Information in this document applies to any platform.
Goal
Customers which have cloned their production database and refreshed it as test, development, sandbox, training, etc. now realize that when a user logs into the cloned database, and then uses a link which takes them to the real production database, that they are accessing production and shouldn't be able to. There is a large security concern, especially on applications with sensitive customer or employee data like CRM and HCM. This is because a user which has administrative privileges in dev could Single Signon (SSO) to production and access actual data.
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Goal |
Solution |
References |