I have a forms application and want to start apex-session without the need to login (again). The user already has been authenticated by forms.
* We don't have SSO in place yet
Does anyone know a (secure) nice solution?
I was thinking about this:
1. storing username/token in a database table (when you press button to open Apex in forms). Token only valid for certain time.
2. Create custom authentication on Apex-application which checks the token in the table (and of course it's still valid) (using timestamp)
IF token/user is valid , return true (authenticated) else goto login screen.
USer cannot login-screen, because this apex application should only be accessed from forms.
Is this solution okay or does anyone else have a better idea?
Feel welcome/