3 Replies Latest reply: Sep 20, 2013 1:27 PM by 7f132364-fe60-4d84-b551-660a10052185 RSS

    SSO enabled app and authorization scheme failing

      I'm using APEX and have an SSO enabled application - using Oracle Access Manager. A user brings up 2 instances of the app and both have a different session id. Just a bit more background. The App has 5 tabs of which 2 are controlled by Authorization schemes using application variables. ie
      <div class="jive-quote">
      Authorization scheme: is_abc_dept
      Authentication: Page is public
      Page Access Protection: Unrestricted
      Form Auto Complete: On
      Browser Cache: Application Default

      The problem happens when a user navigates to a DEPT tab in the one instance and then goes to
      an ADMIN tab in the second instance. This brings up the following warning/error:

      <div class="jive-quote">
      Access denied by Page security check
      Technical Info (only visible for developers)

      is_internal_error: true
      component.id: 214836727466266386
      component.name: is_abc_dept

      ----- PL/SQL Call Stack -----
      object line object
      handle number name
      0x8a6b7328 676 package body APEX_040100.WWV_FLOW_ERROR
      0x8a6b7328 1008 package body APEX_040100.WWV_FLOW_ERROR
      0x94386648 455 package body APEX_040100.WWV_FLOW_AUTHORIZATION
      0x92df96b0 7228 package body APEX_040100.WWV_FLOW
      0x7c990650 247 procedure APEX_040100.F
      0x827c18e0 33 anonymous block

      Page not found.

      Return to application.
      The warning/error happens because my authorization scheme uses application items. An examiniation
      of the session variables at this warning/error, show that my application
      items are null. In the first browser instance the application items were set, but going to the
      second instance and then back to the first, the values of the application items were wiped
      out. Is this intended behaviour? Is there anything I can do to keep the items set between
      browser instances?