Losen, Stephen C. (scl)
scl at virginia.edu
Fri Jul 20 07:41:46 EDT 2018
We use nelnet, but we are not using SAML (yet) for authentication to Peoplesoft. Nelnet backchannel requests are always POSTs and all requests contain the nelnet username/password in the POST data. Not sure if this nugget of info helps you at all.
We reverse proxy through a F5 bigip to Peoplesoft and we have an iRule that recognizes the nelnet host source IPs and examines the POST data for a valid nelnet username/password. The iRule also uses a pattern match to restrict which URLs nelnet can request. If all looks good to the iRule then it passes the request through to Peoplesoft, which independently checks the username/password in the POST data.
F5 supports SAML, so down the road we will likely set up SAML on the F5 and I hope that we can use an iRule or something to conditionally bypass SAML for nelnet requests, and continue to handle them as we do now.
Stephen C. Losen
ITS - Systems and Storage
University of Virginia
scl at virginia.edu<mailto:scl at virginia.edu> 434-924-0640
From: users [mailto:users-bounces at shibboleth.net] On Behalf Of Bryan Wooten
Sent: Thursday, July 19, 2018 7:50 PM
To: users at shibboleth.net
Fellow Higher Ed folks,
Today I learned we are engaging nelnet.com. They are apparently an Incommon member, so they do SAML and should understand Shib.
I spent an hour with one of our Peoplesoft system analysts trying to understand what nelnet expected.
And what I learned is that they wanted to make a call (think URL, not Restful/Webservice/SOAP) to one of our Peoplesoft content providers to get student loan/payment/parking/housing payment info. Backchannel. They provide the backend Peoplecode at the endpoint.
Via a URL protected by our CAS SSO... Which is set up to work with people to enter credentials/MFA, not system accounts or anything web service related.
So I kindly ask for any experiences with this vendor and how I should proceed to make this project successful.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users