We configured Peoplesoft behind an Apache Proxy w/ Shib for SSO. Peoplesoft is simply trusting the REMOTE_USER header. I configured Apache/Shib but I'm unfamiliar with Peoplesoft. We have a problem where a Service Provider is trying to hit a REST endpoint
and of course they are being redirected to the IdP, ie:
You don't say what the expected/desired haviour for accessing REST
endpoints would be. But assuming you want to exclude those from
protection by the web server you'd do just that.
A web search for excluding locations from authentification should
provide you with plenty of examples.