1. App Builder User's Guide
  2. Managing Application Security
  3. Establishing User Identity Through Authentication
  4. Understanding Preconfigured Authentication Schemes
  5. Oracle Application Server Single Sign-On Server

20.4.3.8 Oracle Application Server Single Sign-On Server

Delegates authentication to the Oracle AS Single Sign-On (SSO) Server. To use this authentication scheme, your site must have been registered as a partner application with the SSO server.

Note:

This authentication scheme only appears if Oracle 9iAS SSO Software Developer Kit (SDK) is installed in your database. Oracle recommends using a modern Single Sign-On authentication scheme such as SAML Sign-In or Social Sign-In.

Parent topic: Understanding Preconfigured Authentication Schemes

20.4.3.8.1 About Application Server Single Sign-On Server

Learn about Application Server Single Sign-On Server authentication.

Oracle APEX applications can operate as partner applications with Oracle Application Server's Single Sign-On (SSO) infrastructure. You must register your application (or register the APEX engine) as the partner application by following the Oracle Application Server instructions for registering partner applications and install the Oracle 9iAS SSO Software Developer Kit (SDK).

If you choose this approach, your application will not use an integrated login page. Instead, when a user accesses your application in a new browser session, the APEX engine redirects to the Single Sign-On login page. After the user is authenticated by SSO, the SSO components redirect back to your application, passing the user identity and other information to the APEX engine. The user can then continue to use the application until they log off, terminate their browser session, or until some other session-terminating event occurs.

Parent topic: Oracle Application Server Single Sign-On Server

20.4.3.8.2 Setting Up Oracle Application Server Single Sign-On

Learn how to set up Single Sign-On authentication.

To set up Oracle Application Server Single Sign-On:

  1. On the Workspace home page, click the App Builder icon.
  2. Select an application.
  3. On the Application home page, click Shared Components.

    The Shared Components page appears.

  4. Under Security, select Authentication Schemes.
  5. On the Authentication Schemes page, click Create.
  6. Select Based on a pre-configured scheme from the gallery and click Next.
  7. Under Name:
    1. Name - Enter the name used to reference the authentication scheme by other application developers.
    2. Scheme Type - Select Oracle Application Server Single Sign-On.
  8. Under Settings:
    1. Partner Application Name - If you authenticate with Oracle Application Server Single Sign-On and your application is a registered partner application with SSO, then enter exactly the same name you used when registering the partner application with SSO.

      If you are relying on APEX to be the registered partner application, leave this field blank.

    2. Logout URL of SSO Server - Enter the logout path of the Single Sign-On Server (for example https://login.example.com/sso/logout). On logout of your application, APEX will use this value, concatenate '?p_done_url=' and the application's login url, and use the resulting URL to log out of Single Sign-On before redirecting back to your application.
  9. Click Create Authentication Scheme.

Parent topic: Oracle Application Server Single Sign-On Server