If you have a bunch of APEX applications which are authenticated in similar fashion say using EBS login credentials, this article shows you how to maintain authentication while navigating between those applications without going through login process again.
For example, I have a central application which has links to HR and Payables apex applications. I login to central application and navigate to HR application without re-login. Also if I logout from HR application, I will redirected to login page of central application. It is similar to eBusiness Suite security model where upon successful login, I've responsibilities to choose a particular module. This approach makes sense if these apex applications are authenticated in the same way.
Objective: Build a central application called "Apps2Fusion - Main" which provides navigation to Person Details Demo and other applications. The user is authenticated by central application and authentication is shared between these applications. After the implementation, the application can be accessed using the url http://apex.oracle.com/pls/apex/f?p=a2fmain
The page flow is as follows:
The user logs in to main application and views different applications available. If user chooses Person Details demo application, APEX engine retains user session. The user can switch to different application by navigating back to home page of main application. I will term these applications as child applications. If user logs out from any child application, APEX engine redirects to log in screen of main application.
I added Home, Switch Application and Logout navigation links to each child application. Home link directs to home page of child application, while switch application link directs to home page of main application. Logout link log outs current user session and redirects to login page of main application.
Gotoo hhtp://apex.oracle.com/pls/otn/f?p=a2fmain:1
Login with username and password.
Home page main app displays available applications.
1.Person details
2.Ramdom Examples.
Implementation:
I created a new application 'Apps2Fusion - Main' with alias a2fmain. I copied custom authentiation scheme and login page from Person Details demo to main application. I will detail how authentication is shared between main application and Person Details application. This process applies for other child applications as well.
- Set application aliases to each APEX application. Alias is entered in Shared Components > Definition. This is useful to navigate to application by alias rather than application id.
- Identify a home page for each APEX application and assign page alias 'home' for that page.
- Set cookie attributes in Authentication scheme. Enter cookie name as 'a2fcookie' ( any name of your choice) and leave cookie path and cookie domain blank. Cookie name is set to same name for all the applications sharing the authentication. This is the most important step for sharing authentication.
- Edit the Log out URL in authentication scheme of Person Details demo or child application to change "p_next_flow_page_sess" from &APP_ID. to a2fmain which is alias of amin application. This parameter takes care of redirecting to login page of main application upon clicking log out in Person details application.
- While navigating to child application using navigation links, column links, tabs, buttons etc., use &SESSION_ID. substitution string to retain user session authenticated by main application.
- In login page i.e. page 101 of Person Details application, create On Load - Before Header process to redirect to main application. If the user tries to access Person Details application directly, APEX engine redirects to main application. The process is a PL/SQL block with below code.
DECLARE
l_redirect_url VARCHAR2(1000) := 'f?p=a2fmain:101';
BEGIN
htp.init();
owa_util.redirect_url(l_redirect_url); --- Redirect
apex_application.g_unrecoverable_error := true; --- stops all further page processing
END;
owa_util.redirect_url() method does redirection.
Detailed to implement above objective:
- Assuming child applications are already created. Create an application group with name 'A2F' stands for Apps2Fusion. Application groups enable you to organize your applications. Assign A2F application group to child applications. This is used in the later part of the article to to identify which application are shown under Home page of main application.
Create Application group. Navigation: Application Builder > Application Groups (Under Tasks bin on right side). Click on Create to create application group.
Assign application group to Person Details Application and other child applications. Navigation: Application Builder > Choose Person Details Demo application > Shared Components > Definition (Under Application section). Assign application group as 'A2F' and also give alias as 'A2FPERSON'. So if I enter browser URL as http://apex.oracle.com/pls/otn/f?p=a2person, APEX engine replaces alias with application id and redirects to the Person Details application. Using aliases is recommended way to reference application rather than using application id.
- Create a new application 'Apps2Fusion - Main'. Assign alias as 'a2fmain' .
- For each application, designate a page as a home page by assigning page alias as "home". For Person Details demo, I chose 'Search Person Page' for home page.
- Edit current Authentication scheme of main and child applications. Enter cookie name as 'a2fcookie' under cookie attributes.
Authentication scheme of Main application. Navigation: Shared Components > Authenication Scheme.
Authentication scheme of Person Details Demo or any child application. Navigation: Shared Components > Authenication Scheme. Enter same cookie name under cookie attributes and change logout URL's parameter p_next_flow_page_sess from &APP_ID. to a2fmain which is alias of main application. The new log out URL looks like
wwv_flow_custom_auth_std.logout?p_this_flow=&APP_ID.&p_next_flow_page_sess=a2fmain:101:&SESSION.:LOGOUT
p_next_flow_page_sess parameter determines to which application and page, user is redirected after log out. By default it is set to &APP_ID. which is substitution string for current application.
- For navigating to child applications from main application, I created a navigator page similar to responsbility page in Oracle EBS. This page has a report with column links to child applications. The child applications are applications which are under application group 'A2F'.
"apex_applications" is Oracle APEX table which stores data of all applications. The sql query used for the report is
select application_name, alias from apex_applications where application_group = 'A2F'
Create a column link on application name column. Column link field values are given below.
I used xx_resp_icon.gif image to show folder icon before application name. This image is included in packaged application at the end of the article.
Link Text: #APPLICATION_NAME#
Target: URL
URL: f?p=#ALIAS#:home:&SESSION.::&DEBUG.:home
#ALIAS# is substituted with alias column value. For example, #ALIAS# is a2fperson for Person Details Demo application. home is page alias i.e. column link redirects to home page of selected child application. &SESSION. is substitution string for current user session.
- Next step will address how to restrict a savvy user from accessing child application directly from its login page. Suppose an user enters http://apex.oracle.com/pls/otn/f?p=a2fperson in browser URL, APEX engine takes him/her to login page of Person Details demo. He/she can enter login credentials and access the application. This is violation of my objective where I want all users to be authenticated from main application.
To prevent this pass over main application, create On Load - Before header process to redirect the page flow to main application login page. Below code is provided in the process.
DECLARE
l_redirect_url VARCHAR2(1000) := 'f?p=a2fmain:101';
BEGIN
htp.init();
owa_util.redirect_url(l_redirect_url); --- Redirect
apex_application.g_unrecoverable_error := true; --- stops all further page processing
END;
Home>Application Builder>Application62577>Page 101-->Click on Redirect Main Page
The changes till this point take care of sharing authentication, redirecting to main application on log out from child application and preventing users to login directly to child application.
The rest of the article shows complementary steps for navigating back and forth main and child applications.
- I created navigation links 'Home', 'Switch application' for child applications. Home link redirects to home page of current child application. Switch application link redirects to hom e page of main application.
Create Navigation Link. Navigation: Choose a application > Shared Components > Navigation Bar Entries (Under Navigation section).
This completes the implementation of main application and sharing authentication with the child applications.
Packaged Application:
My Packaged applications are created using APEX 3.2 version, you can only import them into APEX with same version. This packaged application has supporting objects i.e. table and sample data, along with apex application. You can import and run it without going through the above steps.
The zip file has sql files for Main and child applications with images.
Comments
I do however get an error, when I logout from one of the child applications (not from the main application)...
"Error 4323- Request for help did not provide a numeric page ID to show help for."
I've changed each application (incl the main) - Globalization - no NLS (application not translated). I've ensured each page has the default 'No help available for this page' in the 'help text' section of the page. still geting the error. I removed the help text from the main app page 101 but that didn't help...
however the error shows up in the same place on the 101 page as the help text...
Can you help me identify what is causing the error?
Thanks,
Rich
I performed the same logic as you described.
Everything worked fine. But one week ago while user performs logout operations, web page starts to run long time, after that they getting timeout exception,
In apache logs I found next error: mod_plsql: Long running URL [/pls/apex/wwv_ flow_custom_aut h_std.logout] timed out
Did you face such problems, in your implementation?
In Apex 4.0 I do not have a good run.
I have enter cookie name as 'MY_APPUSER_SES SION' under cookie attributes of main and child applications, but the child application daes not detect the client session and redirect on login page.
What else should i check?
I run apex 4.0 on oracle linux - browser firfox 3.6.9
Thank you very much in advance!
However, I now am facing a scenario where we want to allow a user to directly connect to a page say "manager report" in application "mgrreps". What happens is that the user gets redirected to our "launchpad" authentication application, and then loses the original URL/Page request.
Has anyone been able to retain the users page call and then send them back to that page after authentication rather than leaving the user at the entry point/front door and not knowing where to go next ?
hi that's good .
how can switch between two application in two workspace?
tha nks Bagher.
Thanks for this article. It helped me a great deal. But after implementation am facing an issue in logout. After logging out of application, it is still going back to previous page when clicked on BACK Button of browser :(
Please suggest how to overcome this problem.
Regar ds,
Praveen
When i download your application and tried to run it , i got an error:
Invalid Credentials.
I created table demo_user and inserted a2f_user/ welcome2 . Even after that i could not login to the application.
Ki ndly help me.
Thanks - Siva.
RSS feed for comments to this post