4 Replies Latest reply on Jul 10, 2013 2:57 PM by Luis

    jsessionid - weblogic 10.3.5, saml 2.0 & adfs 2.0 with peopletools 8.5x

    Karl Weber
      We have set up SAML 2.0 to enable sso into peoplesoft (idp is adfs 2.0).
      On a simple sample web application SAML is working correctly.

      However when we tried to enable this for one of our Peoplesoft systems we ran into the issue that after the final
      redirect to the target access is denied.

      Peoplesoft is using a non-standard cookie name:

      from weblogic.xml


      According to http://download.oracle.com/docs/cd/E12840_01/wls/docs103/secmanage/saml.html

      Use of Non-default Cookie Name
      When the Assertion Consumer Service logs in the Subject contained in an assertion, an HTTP servlet session is created using the default cookie name JSESSIONID. After successfully processing the assertion, the ACS redirects the user’s request to the target web application. If the target web application uses a cookie name other than JSESSIONID, the Subject’s identity is not propagated to the target web application. As a result, the servlet container treats the user as if unauthenticated, and consequently issues an authentication request.
      To avoid this situation, do not change the default cookie name when deploying web applications in a domain that are intended to be accessed by SAML 2.0 based single sign-on.


      This is exactly the issue we encounter. SAML itself is working properly. However, on redirect to the target application access is denied.

      Now, if we disable the non-default cookie name in the peoplesoft application we get the error message 'cookies must be enabled' when trying to access i.e. \signon.html.

      What can we do to make SAML 2.0 work with Peoplesoft?
      Is there a way to change the cookie name for SAML or share the SAML session with the peoplesoft application?

      Any help in this matter is greatly appreciated.

      Thank you
      Karl Weber

      Systems Analyst
      NAIT - Department of Information Services