Objective:
Recently client asked me to implement multiple authentication schemes in the same APEX Application. We are using SSO and as an alternative authentications like (LDAP, APEX, CUSTOM). The problem is, you can only define one authentication scheme being "CURRENT" for an application. So how can we solve this issue?
Solution:
We need to create two URL to access the same application. One URL will redirect to SSO integrated application (Only AD users and people who are accessing office Network can able to access), another one URL is public (Can access the system anywhere).
http://xxx.yyy.home:####/spm/f?p=spm:home - Public
Note: Both the URLs are pointing to the same application (SPM).
We need to create two URL to access the same application. One URL will redirect to SSO integrated application (Only AD users and people who are accessing office Network can able to access), another one URL is public (Can access the system anywhere).
http://xxx.yyy.home:####/ords/f?p=spm:home - Can't access the system from outside office
http://xxx.yyy.home:####/spm/f?p=spm:home - Public
Note: Both the URLs are pointing to the same application (SPM).
Working Modal:
Fig 1: Flow Diagram
Step 1: Create customized login pages (as you like).
Step 2: Go to User Interface Details and paste Valid Login URL.
To call the different authentication schemes on our login page we need different buttons.
Step 4: Authentication Scheme
We need to create the different authentication schemes. The SSO authentication is to authenticate directly by passing HTTP Header Variable, next we have APEX (Application Express Authentication which is there by default), CUSTOM (Authenticate with username, password which is there in db table) and LDAP (Authenticate with windows credentials)
Fig 2: Home Login
Fig 3: Login
Fig 4: User Interface Attributes
Step 3: Login ButtonsTo call the different authentication schemes on our login page we need different buttons.
Fig 5: Login Buttons
We need to create the different authentication schemes. The SSO authentication is to authenticate directly by passing HTTP Header Variable, next we have APEX (Application Express Authentication which is there by default), CUSTOM (Authenticate with username, password which is there in db table) and LDAP (Authenticate with windows credentials)
Fig 6: Authentication Schemes
Fig 7: APEX Account
Fig 8: Custom
Fig 9: SSO - Single Sign On
Fig 10: LDAP - Active Directory
Step 5: Authentication Call
The "I am in OFFICE" [LOGIN SSO] button will redirect to http://xxx.yyy.home:####/ords/f?p=spm:home (It will do SSO authentication as that is the default authentication). (Check - Current authentication in Shared Components => Authentication Schemes).
The "Connect with WINDOWS Credentials" [LOGIN LDAP] button has a request defined in the link: APEX_AUTHENTICATION = LDAP, this is the way that APEX let you switch authentication schemes on the fly.
Fig 11: APEX Authentication Request
The "Connect as EXTERNAL USER" [LOGIN CUSTOM] button has a request defined in the link: APEX_AUTHENTICATION = CUSTOM.
The "Connect with APEX Account" [LOGIN APEX] button has a request defined in the link: APEX_AUTHENTICATION = APEX.
Fig 12: URL
Note: The name after the equal sign needs to be the same as your authentication scheme)
Step 6: Switch in session & Session Sharing
The non-current scheme must have the following property, switch in session = Enabled.
Fig 13: Switch in Session
Fig 14: Session Sharing
Step 7: Sign Out
When the application not authenticated through SSO, sign out is required not otherwise.
Fig 15: APP SIGNOUT
Fig 16: Sign Out URL
Fig 17: Sign Out Condition
Step 8: Click Application Alais to make user friendly APEX URL.
Very nice. Useful.
ReplyDeleteVery informative and useful, thanks
ReplyDelete