7 Replies Latest reply: May 1, 2014 3:08 AM by AndyH RSS

    Calling Apex from Form - authentication problem

    tullio0106

      I need to start my apex pages from an application in Oracle Forms.

      The problem is about athentication because user do not want to authenticate again.

      I can't pass user and password in the url for security reasons.

      How can I solve that issue ?

      Tks.

       

      P.S. : I'm using Apex 4.2.4

        • 1. Re: Calling Apex from Form - authentication problem
          Suniti

          Hi,

           

          Make a package in the backend which will return true or false. Make a authenticate scheme in your application which authenticate on the basis.

           

          IF returns true then allow user to enter else don't allow.

           

          Regards

          Suniti

          • 2. Re: Calling Apex from Form - authentication problem
            tullio0106

            Tks for Your help but I still don't understand where I can get user and password without asking the user.

            Tks

            • 3. Re: Calling Apex from Form - authentication problem
              AndyH

              tullio0106 wrote:

               

              Tks for Your help but I still don't understand where I can get user and password without asking the user.

              Tks

              You don't necessarily need the user name and password.

               

              You could think of the Forms application as a form of Single Sign-On - it has already authenticated the user and it passes 'something' to your APEX application to confirm the identity. Your APEX application takes that 'thing' and confirms that its valid and sets the user to whatever the Forms application determined. For example, the URL calling the APEX application might refer to a row in an accessible table which has the user details, or contain a token doing the same thing.

               

              --

              Andy

              • 4. Re: Calling Apex from Form - authentication problem
                tullio0106

                Tks for You suggestion but, again such "thing" where should be passed ?

                Not in the DB, because I'm not authenticated nor connected to the DB.

                In the url ? but I don't want to pass passwords in URL.

                And after I got such infos how can I login the application in order to work with the given user authorizations ?

                Tks

                • 5. Re: Calling Apex from Form - authentication problem
                  tullio0106

                  No further help ?

                  Tks

                  • 6. Re: Calling Apex from Form - authentication problem
                    Joe Upshaw

                    Tullio,

                     

                    Just expanding on Suniti's response above.

                     

                    In the database, create a table with the columns  USERNAME and ACCESS_IND. When the user takes the action to launch the APEX application from the forms, merge into this table with the username and set ACCESS_IND to 'Y'

                     

                    Create a function that, if the entry for the username is found, returns TRUE otherwise returns FALSE.

                     

                    Create a function that updates the indicator to FALSE.

                     

                    In your APEX Application, under Shared Components, in the Security section, Click Authentication Schemes. Click Create. Click Custom. Under settings, pick the function that you created as the sentry function. pick the function that sets the indicator to false for the Post Logout Procedure Name.

                     

                    Here is a more expansive example by Oracle Ace Patrick Barel.

                     

                    -Joe

                    • 7. Re: Calling Apex from Form - authentication problem
                      AndyH

                      You call APEX using a URL. If you are using the same database for your Forms and APEX application you could enter the relevant details into a table and then pass a reference to that entry in your URL. APEX could then use that information as part of its authentication process.

                       

                      If you are on separate databases then your URL could pass the authenticated userid along with a 'token' encrypted in a manner than proves that this is a valid URL e.g. the encryption includes a 'shared secret' known to both applications and associated with the userid - you'd produce the token on both sides in the same way and compare them as part of the APEX authentication process.