What browsers are compatible with LionPATH?
LionPATH is supported on specific versions of Safari, Chrome, Firefox and Edge as well as mobile versions of Safari (iOS) and Chrome (Android). Generally the latest version of the browser will be supported, along with specific earlier releases.
LionPATH is a PeopleSoft application, and is therefore dependent on the browser compatibility of the tools provided by PeopleSoft for displaying web pages. Web browsers are maintained and updated by the companies that own them and each browser has unique capabilities and limitations that can affect user experience. This is the nature of the Web. The list below shows the *minimum* versions of each browser that are supported in the current version of LionPATH.
Oracle has stated that when a browser has both a Rapid Release and Extended Support version, they will support the listed versions as well as subsequent Rapid Releases. So if Firefox is supported for 24 and 30, that would mean 24 is the ESL release currently supported, and if you are on Rapid Releases you must be at version 30 or above (most home users are on Rapid Release).
Occasionally bugs and problems will be introduced by new browser releases or updates to LionPATH. When these issues would prevent a particular browser from functioning or significantly degrade the experience, we will alert the community and work with Oracle to fix the issue as quickly as possible. Some issues may be dependent on a browser update from that vendor, over which we have no control. Again, when we become aware of the issue we will communicate and work to find a solution or work-around.
Generally speaking these are *minimum* versions for compatibility, from Oracle’s Support Page for Browser Certification with PT 8.58.x (6/12/2021 release):
- Apple Safari: 12, 13, 14
- Apple Safari Mobile (iOS version): 12, 13, 14, 15
- Google Chrome: 79
- Google Chrome Mobile (Android version): 8, 9, 10, 11, 12
- Microsoft Edge: 44+, 79.0.309.71
- Mozilla Firefox: 68.*, 71
How do I register with Penn State’s Two-Factor Authentication (2FA) service with Duo Security?
Please visit our blog post on how to obtain your security access for LionPATH.
Why do I have to log in with Duo twice for LionPATH?
LionPATH does not enforce Duo twice. We enforce it once, when a user attempts to access a module or function that is protected. Duo is enforced for some users in WebAccess. This protects WebAccess authentication, which is used by hundreds of web sites around the University.
We needed to implement 2FA before the WebAccess 2FA support was ready, so that’s why we implemented separately. We then realized that WebAccess sessions last for a very long time (as long as you don’t close your browser), while LionPATH sessions must expire after a short period of inactivity. So we needed to be able to assert 2FA independently of the WebAccess implementation.
Flexibility in what we protect, support for much shorter timeout windows, and integration of 2FA with PeopleSoft security roles and permissions are the main reasons we implemented Duo separately. We’re simply applying a higher security standard in LionPATH than the general WebAccess service can or should. We realize this means some people will see the Duo prompt twice in a row, but it protects us from situations where a user might authenticate to UCS or some other service, leave their system and not realize their session is still active.
This model also keeps us isolated from any changes that might occur to WebAccess in future.
How do I log out of LionPATH?
LionPATH uses Shibboleth and WebAccess to authenticate users and manage sessions. Therefore, the only way to be logged out of LionPATH is to log out of Shibboleth and WebAccess. Clicking the “Sign Out” link in LionPATH will take you to a page that will attempt to end your session, but you still must completely quit your web browser application in order to terminate the session. You can also browse to webaccess.psu.edu and log out of WebAccess, but to be sure your session is terminated you must completely quit the web browser application. This is not unique to LionPATH, it is the way Shibboleth and WebAccess work.
While Shibboleth/WebAccess sessions last for several hours, LionPATH sessions timeout after 45 minutes of inactivity and will enforce a Duo authentication again.