Oracle APEX - Single Sign-On | Access Multiple Applications Using Single Log In
In this post, I will discuss how to access multiple Oracle APEX applications without re-entering the login credentials using Single Sign-On.
Single Sign-on is a user authentication service that allows an end user to enter a set of login credentials (ID and password) and be able to access multiple related, yet independent, software systems. Google, LinkedIn, Twitter and Facebook all offer popular SSO services that allow an end user to log into a third-party application with their social media authentication credentials.
The main benefit of Social SSO is that it mitigates risk for access to third party sites, because user passwords are not stored or managed externally. It also reduces fatigue to keep different username and password combinations, which consequently spares time. Besides benefits, the major disadvantage of this approach is that it can present security risks because it creates a single point of failure that can be exploited by attackers. Once attackers gain control over a user's SSO credentials, they will be able to access all other applications that use the same credentials.
Let's go through the Internal SSO process in which I am going to implement an internal single sign-on mechanism that will prevent users from having to re-enter their IDs and password to access different applications in the same workspace. If you create multiple independent apps in an APEX workspace, you are required to re-enter your credentials to access each app.
Step 1: First create two applications in the same workspace.
Here, I have created Application 1 and Application 2
Step 2: In Application 1, go to Shared Components --> Authentication schemes. Open the current Authentication scheme (which is Application Express Accounts by default). Set the session sharing property to Workspace Sharing
Step 3: Now we need a link on the menu to access Application 2 from here. Go to Navigation Bar List and add an entry for accessing Application 2. Set the Target type property to URL and provide Application 2 URL under URL Target property.
Step 4: Now we see a navigation link for accessing Application 2 on navigation bar menu of Application 1.
Step 5: We need repeat the same steps in Application 2 to access Application 1
Now if we switch from Application 1 to 2 or Application 2 to 1, it doesn't ask for userid and passwords.
Note that when we switch between the two application, the session id remains the same.
Thanks for reading my post !!