Apr 22, 2020 | nielsdebruijn |
For APEX apps, you normally use a URL like <hostname>/apex/f?p=xxx after which by default you have to authenticate yourself using username/password credentials. However, most end users of APEX applications already have authenticated themselves by logging on to the Windows domain, so why authenticate a second time to use the first APEX application? Wouldn’t it be nice if you could point your browser to an APEX app and you are instantly authenticated? A secure method to achieve this is to use the Kerberos protocol, which is the same protocol that Windows uses for authentication. In this document we will first describe how to install and setup the Apache module mod_auth_kerb in a Linux environment that performs the authentication against a Windows domain controller (chapter 3). For those of you who favor a Windows environment, chapter 4 describes how to setup IIS, that is used instead of Apache on Windows.