This discussion is archived
4 Replies Latest reply: Jul 10, 2013 7:57 AM by Luis RSS

jsessionid - weblogic 10.3.5, saml 2.0 & adfs 2.0 with peopletools 8.5x

887973 Newbie
Currently Being Moderated
We have set up SAML 2.0 to enable sso into peoplesoft (idp is adfs 2.0).
On a simple sample web application SAML is working correctly.

However when we tried to enable this for one of our Peoplesoft systems we ran into the issue that after the final
redirect to the target access is denied.

Peoplesoft is using a non-standard cookie name:

from weblogic.xml

<session-param>
<param-name>CookieName</param-name>
<param-value>PSDev2-0-PORTAL-PSJSESSIONID</param-value>
</session-param>

According to http://download.oracle.com/docs/cd/E12840_01/wls/docs103/secmanage/saml.html
\quote

Use of Non-default Cookie Name
When the Assertion Consumer Service logs in the Subject contained in an assertion, an HTTP servlet session is created using the default cookie name JSESSIONID. After successfully processing the assertion, the ACS redirects the user’s request to the target web application. If the target web application uses a cookie name other than JSESSIONID, the Subject’s identity is not propagated to the target web application. As a result, the servlet container treats the user as if unauthenticated, and consequently issues an authentication request.
To avoid this situation, do not change the default cookie name when deploying web applications in a domain that are intended to be accessed by SAML 2.0 based single sign-on.

\endquote

This is exactly the issue we encounter. SAML itself is working properly. However, on redirect to the target application access is denied.

Now, if we disable the non-default cookie name in the peoplesoft application we get the error message 'cookies must be enabled' when trying to access i.e. \signon.html.

What can we do to make SAML 2.0 work with Peoplesoft?
Is there a way to change the cookie name for SAML or share the SAML session with the peoplesoft application?

Any help in this matter is greatly appreciated.

Thank you
Karl Weber

Systems Analyst
NAIT - Department of Information Services

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points