1 Reply Latest reply: Jan 7, 2013 7:24 AM by evrm RSS

    authentication -> authorization

    gpoz
      okay, I have with forum/google/techbook help built a pretty good custom authentication app, seems to do everything I need. I am running into next step problems. I provide URLs for menu items to go to when the otions are chosen, but when I get there, the app on the other end still has its own login screen. I can disable authentication at this point in the target app, and the authorization determined just after authentication appears to work fine, but then I still need a way to

      1. convey relevant values from the custom auth app (these cannot be one app)
      2. make certain that users don't just bookmark the target app and bypass my authentication/authorization outcomes -- something here with session ID?

      I would greatly value help on understanding and proper settings to achieve this in my target app.

      thank you
        • 1. Re: authentication -> authorization
          evrm
          Hi,

          if you want 2 applications share the same session you should give them the same login cookie name in the authentication scheme.

          >
          1. convey relevant values from the custom auth app (these cannot be one app)
          >
          Setup a database context to share values between the applications.
          Or use apex_util.fetch_app_item http://docs.oracle.com/cd/E37097_01/doc/doc.42/e35127/apex_util.htm#BABIBAID

          >
          2. make certain that users don't just bookmark the target app and bypass my authentication/authorization outcomes -- something here with session ID?
          >
          Set the URL for the "session not valid" section of the authentication scheme to the login page of your custom auth app

          regards,
          Erik-jan