This content has been marked as final. Show 2 replies
from your other post I assume you plan to use the APEX Listener in standalone mode, so you are limited to the features provided by the embedded Grizzly. If you consider using a "full-blown" JEE container, you could use means provided by that container. Of course you could add functionality, e.g. by adding a filter for Basic Authentication.
Hi Udo and Tullio,
I am testing the listener against APEX 4.1. I would like to integrate the APEX applications in our SSO system. We are using SAML2, so I have configured a Weblogic Server for working as a Service Provider. In this server I have deployed the apex.war and I have registered the /apex/* pattern in my Identity Provider (Active Directory Federation Services). In this way, when I make a request of any of my APEX applications (apex/f?p=123:...), if I have not a valid session I am redirected to the Identity Provider Login page. This is working fine, more or less, I have to do more testing...
My question is, do you think that is this the best approach for securing the APEX applications? In order to everything works ok, I have to declare a security constraint in the web.xml...
<web-resource-name>APEX Application Calls</web-resource-name>
...and in the weblogic.xml I just map the FederatedUsers against a principal:
Also I have declared a filter for injecting some info in the headers request (needed for the APEX applications), but this is another story...
Thanks in advance,