Can you provide a bit more detail.
In the meantime i have made a small Breakthrough.
I can seamlessly login from the Launch Portal to the Other Apps when the Applications are in the Same Workspace as the Launch Point App. for this i use APEX_CUSTOM_AUTH.LOGIN.
When i try to launch an app in another workspace i get the following error
Application ID and current security group ID are not consistent.
I had tried this, you need to modify the page 101 of the apps on the other workspace as follows:
1. Hide all the items & buttons under page 101
2. Create After Submit process as :
10 Set Username Cooking
exception when others then null;
P_UNAME => :P101_USERNAME,
P_PASSWORD => :P101_PASSWORD,
P_SESSION_ID => v('APP_SESSION'),
P_FLOW_PAGE => :APP_ID||':1'
30 Clear pages cache for page 101
All the process must be unconditional
You don't need to alter page 101 or call apex_custom_auth to be able to share a session (and thus authentication) between applications. All you have to do is to make sure that the session cookie for the applications which need to share the session has the same name in the authentication scheme of those application. Just go to "shared components > authentication schemes" and go to the "Session Cookie Attributes" section. You can set the cookie name there.
However, you can not share session over workspaces, and is a security implementation of apex. If you need a seamless login for those cases you need to look into some of the custom/unconventional solutions.
We are building a GBAC (Group Based Acces Control) and SSO Module in Apex (I know .. Reiventing the wheel) as we have budget constraints and there are some limitiations in standard Apex implementation.
Apex Version: 4.1.1.00.23
We have Multiple Workspaces and Multiple Applications within those Workspaces.
Our Users currently have a separate link for each App - Very Cumbersome.
The Current Authentication Mechanism is LDAP authentication. We have no Authorisation module in place.
This is a security Nightmare as any user with a valid LDAP account can access the Apex Reports/Forms if they get their hands on the Link.
We have built an Admin Module where we create Groups (Not Apex Groups) and then assign applications to those Groups. Apex Groups have a limited Scope (Workspace only).
Our Groups are Cross Workspace and can contain applications from Multiple Workspaces.
We finally assign LDAP users to those Groups.
All the Meta Information is stored in DB tables
We also use a lot of the Apex Dictionary tables to Get Application info
Where i am now Stuck
We now have created a Single Lauch Point (New App) to simulate a SSO Portal
Users will log into this Apex App using their LDAP Credentials.
Once the user is successfully Authenticated by LDAP, we check all the Groups the User Belongs to and Populate the Launch Page with Links for the Apps the user has access.
Now rather than Point the Link to Page 101 which is the login page we point the same to the Main Page (Page 1).
When the user Clicks on the Link, he gets shown the Login Page Again.
We do not want the user to Authenticate again as this defeats the Purpose.
Any sort of Pointers most appreciated.
Please refer following discussion:
Of the solutions mentioned in the discussion above I have used following:
which works for SSO using Session Cookie for Oracle APEX applications in ONE Workspace.
Hope it helps!