Single Sign On (SSO) for Oracle APEX
Oracle APEX supports the use of Security Assertion Markup Language (SAML) for authentication with version 18.1 and above. Below version 18.1, you need to use the IAM Application Gateway.
Below is a description of how the solution works. Please contact Syntax if you have questions and/or would like assistance implementing it.
The Gateway Appliance
To configure IAM SSO for APEX lower than APEX version 18.1, you need to deploy the Gateway Application. If you are not familiar, a software appliance is an application packaged with just enough operating system code to run on industry-standard virtual machines. Appliances save you the effort of installing and then configuring the actual software application – it is all pre-built and configured for you.
Technically (see the graphic below) the IAM Application Gateway acts as a reverse proxy. This protects APEX from authorized network access by intercepting HTTP login requests. If the user requesting access is not authenticated, the Gateway Appliance redirects them to be authenticated. Once authenticated, the Gateway then propagates the user’s identity and authentication token to APEX.
?It is recommended that the base Virtual Machine (VM) into which the Gateway will be deployed use Windows Server 2016 or later. If high-availability (HA) is needed, you can deploy multiple App Gateways and use a load balancer to balance the request among the App Gateway instances.
?Once the Gateway Appliance is installed, if you run into problems during the setup and configuration pointing it to your OCI IAM Domain, try re-installing the Appliance before going too deep into debugging the pre-built configurations.
References
?
Tags
#Syntax, #OCI, #SSO, #APEX