[Ext] RE: nelnet?

Bryan Wooten bryan.wooten at utah.edu
Fri Jul 20 09:10:46 EDT 2018 

Thank you,

This insight is very helpful.

Bryan

From: users <users-bounces at shibboleth.net<mailto:users-bounces at shibboleth.net>> on behalf of "Losen, Stephen C. (scl)" <scl at virginia.edu<mailto:scl at virginia.edu>>
Reply-To: "users at shibboleth.net<mailto:users at shibboleth.net>" <users at shibboleth.net<mailto:users at shibboleth.net>>
Date: Friday, July 20, 2018 at 5:41 AM
To: "users at shibboleth.net<mailto:users at shibboleth.net>" <users at shibboleth.net<mailto:users at shibboleth.net>>
Subject: [Ext] RE: nelnet?

******************************************************
WARNING: Stop. Think. Read. This is an external email.
******************************************************

Hi Bryan,

We use nelnet, but we are not using SAML (yet) for authentication to Peoplesoft.  Nelnet backchannel requests are always POSTs and all requests contain the nelnet username/password in the POST data.  Not sure if this nugget of info helps you at all.

We reverse proxy through a F5 bigip to Peoplesoft and we have an iRule that recognizes the nelnet host source IPs and examines the POST data for a valid nelnet username/password.  The iRule also uses a pattern match to restrict which URLs nelnet can request.  If all looks good to the iRule then it passes the request through to Peoplesoft, which independently checks the username/password in the POST data.

F5 supports SAML, so down the road we will likely set up SAML on the F5 and I hope that we can use an iRule or something to conditionally bypass SAML for nelnet requests, and continue to handle them as we do now.

Stephen C. Losen
ITS - Systems and Storage
University of Virginia
scl at virginia.edu<mailto:scl at virginia.edu>    434-924-0640

From: users [mailto:users-bounces at shibboleth.net] On Behalf Of Bryan Wooten
Sent: Thursday, July 19, 2018 7:50 PM
To: users at shibboleth.net<mailto:users at shibboleth.net>
Subject: nelnet?

Fellow Higher Ed folks,

Today I learned we are engaging nelnet.com. They are apparently  an Incommon member, so they do SAML and should understand Shib.

I spent an hour with one of our Peoplesoft system analysts trying to understand what nelnet expected.

And what I learned is that they wanted to make a call (think URL, not Restful/Webservice/SOAP) to one of our Peoplesoft content providers to get student loan/payment/parking/housing payment info. Backchannel. They provide the backend Peoplecode at the endpoint.

Via  a URL protected by our CAS SSO… Which is set up to work with people to enter credentials/MFA, not system accounts or anything web service related.

So I kindly ask for any experiences with this vendor and how I should proceed to make this project successful.

Best Regards,

Bryan


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20180720/a06435d4/attachment.html>

More information about the users mailing list