Re: access an sso partner application through an iframe without reauthenticating

<danny.roach_at_oracle.com> schreef in bericht news:1167832603.851662.227880_at_v33g2000cwv.googlegroups.com...
>I have an application (written using apex) that is an sso partner app.
> I want to be able to embed the application within a portlet (probably a
> dynamic page portlet generating an iframe) in my portal. When a user
> access the portal page that contains the iframe they are initially
> forced to reauthenticate within the iframe.
>
> The problem lies in the sso session. I think when you access an
> application through an iframe it treats everything in the iframe as if
> it were in a separate browser session. This means that when you try to
> access the application in the iframe it still redirects you to the sso
> server even though you are already authenticated via portal.
>
> So this is the problem, has anyone got any ideas on what the solution
> might be?
>

Actually, you're IFRAME should be the partner application, not the apex program. But this is (as far as I know) impossible to achieve, for SSO will not pass-though to the apex program. I have seen discussions about this before; people writing java progams, using omni-portlets etc etc. but failing to succeed (yet).

It's all about the concept of a portal: to my opinion (but I allow others to disagree) 'portlet-embedded' applications should not be part of a portal. The portal should only give an ENTRY (hence portal....) to this application, possibly by showing some data in a portlet (e.g. APEX report, this can be done!), breaking out of portal when running the actual application (new/same browser window) using SSO still!

Iframe is a nice workaround though, but not for SSO, unfortunately. I do agree though that Oracle should have integrated Portal and APEX better, but to some extent, they are COMPETING products (or have been), both having grown from good old WebDb.

Shakespeare
(What's in an Iframe?) Received on Wed Jan 03 2007 - 09:41:34 CST