nelnet?

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

nelnet?

Bryan Wooten
Fellow Higher Ed folks,

Today I learned we are engaging nelnet.com. They are apparently  an Incommon member, so they do SAML and should understand Shib.

I spent an hour with one of our Peoplesoft system analysts trying to understand what nelnet expected.

And what I learned is that they wanted to make a call (think URL, not Restful/Webservice/SOAP) to one of our Peoplesoft content providers to get student loan/payment/parking/housing payment info. Backchannel. They provide the backend Peoplecode at the endpoint.

Via  a URL protected by our CAS SSO‚Ķ Which is set up to work with people to enter credentials/MFA, not system accounts or anything web service related.

So I kindly ask for any experiences with this vendor and how I should proceed to make this project successful.

Best Regards,

Bryan



--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: nelnet?

Losen, Stephen C. (scl)-2

Hi Bryan,

 

We use nelnet, but we are not using SAML (yet) for authentication to Peoplesoft.  Nelnet backchannel requests are always POSTs and all requests contain the nelnet username/password in the POST data.  Not sure if this nugget of info helps you at all.

 

We reverse proxy through a F5 bigip to Peoplesoft and we have an iRule that recognizes the nelnet host source IPs and examines the POST data for a valid nelnet username/password.  The iRule also uses a pattern match to restrict which URLs nelnet can request.  If all looks good to the iRule then it passes the request through to Peoplesoft, which independently checks the username/password in the POST data.

 

F5 supports SAML, so down the road we will likely set up SAML on the F5 and I hope that we can use an iRule or something to conditionally bypass SAML for nelnet requests, and continue to handle them as we do now.

 

Stephen C. Losen

ITS - Systems and Storage

University of Virginia

[hidden email]    434-924-0640

 

From: users [mailto:[hidden email]] On Behalf Of Bryan Wooten
Sent: Thursday, July 19, 2018 7:50 PM
To: [hidden email]
Subject: nelnet?

 

Fellow Higher Ed folks,

 

Today I learned we are engaging nelnet.com. They are apparently  an Incommon member, so they do SAML and should understand Shib.

 

I spent an hour with one of our Peoplesoft system analysts trying to understand what nelnet expected.

 

And what I learned is that they wanted to make a call (think URL, not Restful/Webservice/SOAP) to one of our Peoplesoft content providers to get student loan/payment/parking/housing payment info. Backchannel. They provide the backend Peoplecode at the endpoint.

 

Via  a URL protected by our CAS SSO… Which is set up to work with people to enter credentials/MFA, not system accounts or anything web service related.

 

So I kindly ask for any experiences with this vendor and how I should proceed to make this project successful.

 

Best Regards,

 

Bryan

 

 


--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: nelnet?

Olson, Eric Reinhold
In reply to this post by Bryan Wooten

We’re using Nelnet, but not doing anything with a call into Peoplesoft as you describe. 

 

We send them a nightly batch feed of the student data, and then are using Shib for login, passing the student ID to match up with the feed. 

 

They required IDP-initiated SSO, so we just have that login link posted in Peoplesoft.

 

Regards,

 

Eric Olson

Learning and Technology Services

University of Wisconsin-Eau Claire

 

 

From: users <[hidden email]> On Behalf Of Bryan Wooten
Sent: Thursday, July 19, 2018 6:50 PM
To: [hidden email]
Subject: nelnet?

 

Fellow Higher Ed folks,

 

Today I learned we are engaging nelnet.com. They are apparently  an Incommon member, so they do SAML and should understand Shib.

 

I spent an hour with one of our Peoplesoft system analysts trying to understand what nelnet expected.

 

And what I learned is that they wanted to make a call (think URL, not Restful/Webservice/SOAP) to one of our Peoplesoft content providers to get student loan/payment/parking/housing payment info. Backchannel. They provide the backend Peoplecode at the endpoint.

 

Via  a URL protected by our CAS SSO… Which is set up to work with people to enter credentials/MFA, not system accounts or anything web service related.

 

So I kindly ask for any experiences with this vendor and how I should proceed to make this project successful.

 

Best Regards,

 

Bryan

 

 


--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]