Wednesday 30 April 2014

Shared authentication across multiple APEX applications

Quite a few times I see a questions regarding how to share authentication between Oracle APEX applications so the user does not need to log in a second time.

As long as your link between the applications share the session ID, the solution is simple - set the cookie name the same across your applications.
Shared components -> Authentication Schemes -> Edit current scheme -> Session cookie attributes -> Cookie Name
Set same cookie name across applications
This can help release management as you can modularise your applications. You could have a simple login/menu application that links to all your other applications.
Possible application map
If you wanted you could provide access to your application suite using different authenication mechanisms.
ie - if you log into application B using DB accounts, you can still hop across to application A.

The drawback I've found is that post-authentication will only fire during your initial login (in the relevant application). This means you need to be aware how to handle and share your authorisation mechanisms.

Divide and conquer!

Edits: 

If you're on 18.1 (5.2), you may be interested in the Social Login feature. Dimitri has a detailed post.

If you're on 18.2, you'll need to set Type to 'Custom', or (carefully) consider the Workspace sharing option.


APEX 18.2 options

(Oct18) I'm currently writing a presentation on this topic, stay tuned.

3 comments:

aOlsen said...

Thanks for the tip!

Do you have a good workaround for this:
"The drawback I've found is that post-authentication will only fire during your initial login (in the relevant application). This means you need to be aware how to handle and share your authorisation mechanisms."

Best regards,

A. Olsen

aOlsen said...
This comment has been removed by a blog administrator.
Scott Wesley said...

Yes, but.

I invoke a common 'on new instance' procedure that handles the initial login, and it also invoked via an 'on new instance' application process for each application.

But, there is a new application process that runs 'after authentication'. I am yet to test if this would be a suitable replacement, but I don't think so.

More on the former here
http://www.grassroots-oracle.com/2014/09/using-post-authentication-to-run-process-after-APEX-login.html