institutions using Shibboleth to authenticate Peoplesoft

Cantor, Scott cantor.2 at
Tue Jul 28 18:57:12 UTC 2020

On 7/28/20, 2:50 PM, "users on behalf of Liam Hoekenga" <users-bounces at on behalf of liamr at> wrote:

>    The vendor did adjust the SameSite cookies in their app, and if accessed directly, it seems to work.

What did they adjust them to? If it's a POST handoff from Peoplesoft to the app, then Lax ain't gonna work.

>    The issue occurs when the app is launched from "peoplesoft direct connect", during which the checkout procedure
> only works during that magic 2 minute interval.  Afterwards, it breaks.

Then they did not in fact change the cookies, or they changed them to the wrong value.

>    Our PS people opened a support case with Oracle, and Oracle of course says that it's the Shibboleth SP that is breaking
> the functionality. 

It is literally impossible for software on site A to have any influence over the cookie behavior on site B. Web servers don't experience quantum entanglement.

-- Scott

More information about the users mailing list