3 Replies Latest reply on Aug 23, 2013 3:14 PM by John_W

    Seemless intergration with the eBusiness Suite


      I'm relatively new to heavy duty  ApEx development and have developed and application that the user community wants to integrate with the eBusiness Suite.  I've implemented the authentication scheme to check credentials against FND_USER and it works like a champ.


      What the users would like to do is invoke the ApEx application so that they do not have to log in a second time (to ApEx).  I have a table internal to the ApEx app and check the credentials against that so I am not worried about a non-authorized user getting into the app - they will just get a blank menu. 


      Though I can pass USER_ID, there is no way I want to pass the unencrypted password to ApEx as this violates basic Good I/T Practices


      Any help would be appreciated (document, pdf, blog, et al)

      John W 

        • 1. Re: Seemless intergration with the eBusiness Suite

          Hmm... Seamless is better than seemless

          • 2. Re: Seemless intergration with the eBusiness Suite
            Tom Petrus

            Hi John,


            As you may be aware, Oracle has released a whitepaper on apex-ebs integration:



            Not a whole lot is covered in there, and it does not show or hint at any form of seamless integration coming from ebs but it does some basic steps.

            Before getting a crack at the seamless login or a form thereof some questions.

            - Do you already have a link set up in ebs to go to apex? (using gwy.jsp)

            - Your login function uses validate_login, that's good. Why would you want to check any other tables for access? I'd say that your ebs credentials and setup should drive things.

            - If you want to run reports based on ebs data then you might know that setting the correct context (and vpd policies if r12) is important too.


            As for seamless login: the whitepaper does not mention any such thing if you are not using SSO or OAM. It is there, somewhere, one line in the text that mentions this. However, a technique is mentioned in an earlier version of the whitepaper made by Rod West (which is also relevant if you have ebs r11):


            In this document he outlines a solution for a seamless login. In a before headers process you will check the ebs ics cookie, and use this cookie to check if a valid ebs session exists. If there is, then a hash will be made based on the username (pulled from cookie) and a time component (and another key part if you would wish so). The authentication scheme login function is called next with the ebs username and the hash as credentials.

            The login authentication function of the authentication scheme is extended to first check the password to see if it matches a hash: a hash is generated here aswell based on the provided username and a timecomponent once more. If the hashes match then the authentication is considered successful.

            I integrated it not so long ago and I have to see that it works a treat (though I had some minor quibbles with it). The paper also mentions that this system is not 100% safe, but then again, since you can not pass credentials (password) I'm not sure how exactly you'd otherwise do it. Basically someone could try and enter a random hash to get in, but hey, good luck unless you're really dedicated to cracking it (and why wouldn't you try to use the usual simple password first...) Using the icx cookie works great though, and seems secure enough, even if part of it might be obscurity (hash system).

            1 person found this helpful
            • 3. Re: Seemless intergration with the eBusiness Suite

              Thanks Tom -

              I found the Rod White paper shortly after posting this.  I will pass this whole issue to the technical team as I am not a heavy duty technical person.


              John W