1. Administration Guide
  2. Oracle APEX Administration Services
  3. Configuring Security
  4. Configuring Authentication Controls for an Instance
  5. Configuring Authentication Schemes for an Instance
  6. Editing Oracle Application Server Single Sign-On

3.4.7.3.5 Editing Oracle Application Server Single Sign-On

Edit the Oracle Application Server Single Sign-On for an instance.

To have an Oracle APEX application operate as partner application with Oracle Application Server's Single Sign-On (SSO) infrastructure, you must register your application (or register the Oracle APEX engine) as the partner application by following the Oracle Application Server instructions for registering partner applications and install the OracleAS PL/SQL SSO Software Development Kit (SDK).

If you choose this approach, your application will not use an integrated login page. Instead, when a user accesses your application in a new browser session, the Oracle APEX engine redirects to the Single Sign-On login page. After the user is authenticated by SSO, the SSO components redirect back to your application, passing the user identity and other information to the Oracle APEX engine. The user can then continue to use the application until they log off, terminate their browser session, or until some other session-terminating event occurs.

To edit Oracle Application Server Single Sign-On:

  1. Sign in to Oracle APEX Administration Services.
  2. Click Manage Instance.
  3. Under Instance Settings, click Security.
  4. Under Authentication Control, scroll down to Development Environment Authentication Schemes.
    The Status column indicates if the authentication scheme designated as Current.
  5. Find Oracle Application Server Single Sign-On and click Edit.
    The Edit Scheme page appears.
  6. Click Make Current Scheme to have applications identify and verify the user using this authentication scheme.
  7. Under Edit Authentication Scheme:
    • PL/SQL Code - Enter a PL/SQL anonymous block of code that contains procedures for pre- and post-authentication entry points. To improve performance, you can also store this code in a PL/SQL package in the database.
    • Pre-Authentication Procedure Name - Specify the name of a procedure to be executed after the login page is submitted and just before credentials verification is performed. The procedure can be defined in the PL/SQL Code attribute or within the database.

      Authentication schemes where user credentials checking is done outside of Oracle APEX typically do not execute the Pre-Authentiation procedure. Examples include HTTP Header Variable, Oracle Application Server Single Sign-On and custom authentication schemes that use APEX_AUTHENTICATION.POST_LOGIN instead of APEX_AUTHENTICATION.LOGIN.

    • Post-Authentication Procedure Name - Specify the name of a procedure to be executed by the Oracle APEX LOGIN procedure after the authentication step (login credentials verification). The LOGIN procedure will execute this code after it performs its normal duties, which include setting a cookie and registering the session, but before it redirects to the desired application page. The procedure can be defined in the PL/SQL Code attribute or within the database.
  8. To save your changes, click Apply Changes.

Parent topic: Configuring Authentication Schemes for an Instance