Question for folks that use Shibboleth for their PeopleSoft environments.

Doan, Tommy tdoan at smu.edu
Wed Jan 20 16:41:52 EST 2016 

We implemented the current version of Shibboleth SP for our production PeopleSoft environment in November, and we're running PeopleTools 8.53.24. However, at least in our configuration, PeopleSoft isn't really even aware of Shibboleth or SAML. We just integrated the Shib SP with IIS, used Oracle's IIS Proxy to proxy all traffic from IIS to WebLogic, then implemented some changes to the PeopleCode Signon configuration to read the headers.

We considered for a few days attempting Oracle's SAML implementation, but it appeared to be far more difficult to implement and support. As it stands, I don't think we care whether PeopleTools supports SAML.

From: users [mailto:users-bounces at shibboleth.net] On Behalf Of Ewing, Bill
Sent: Wednesday, January 20, 2016 3:25 PM
To: Shib Users <users at shibboleth.net>
Subject: Question for folks that use Shibboleth for their PeopleSoft environments.

We are working with a vendor to host our PeopleSoft environment and they raised the following concerns out of the blue. My question is has anyone took note of these bullet points in their setup of shibboleth with PeopleSoft and would they be something for concern or would have a good response to someone raising these? Mainly want to understand are these valid concerns or more a factor of support documents not being updated or oracle wanting to steer people to their own sso?

E-SEC: Does PeopleSoft Support Security Assertion Markup Language (SAML)? (Doc ID 623055.1)
PeopleTools 8.5x

SAML support in PeopleTools 8.5x has a very specific and narrow use case.

  *   Only SAML version 1.1 is supported.
  *   SAML support in PeopleTools 8.5x is only for Web Services and is based on node to node certificate trust.
  *   SAML support in PeopleTools 8.5x does not subscribe to or implement any form of identity federation.
  *   SAML is not supported in PT 8.5x for external single signon. There is no web access user authentication native implementation of SAML with PeopleTools at this time. SAML describes a protocol as well as a token. PeopleSoft takes advantage of aspects of the token to support SAML based authentication with web services. We strongly recommend that customers do not implement custom SSO solutions because of the many security compromises and business continuity risks.
  *   There are no plans of supporting SAML 2.0 even with development currently developing on PT 8.54.
Thanks,
Bill

William Ewing, Senior Information Security Analyst
CISSP, MCSE, MCITP-EA, CCNA/CCDA
UT System - Office of Information Security & Compliance
210 West 6th Street
Austin, Texas 78701-3035
Phone: (512)499-4575
email: bewing at utsystem.edu<mailto:bewing at utsystem.edu>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20160120/194499b2/attachment.html>

More information about the users mailing list