Hi,
So we've integrated our Oracle E-Business Suite R12 instance to our Oracle APEX 21.1 instance and looking at a seamless integration between the two, meaning no additional login required in the APEX.
Currently we are using the method suggested in this Oracle white paper. Basically using GWY.jsp?targetAppType=APEX&p=APPID:PAGEID. But this method requires another login for the users which is something we are trying to avoid.
I came across this blog. It shows how to authenticate via token using sentry function. Did some checking and this seems doable in EBS.
Going back to my question, is this considered safe? In the video, it seems that users can manipulate the url meaning they can try guessing the token or even worse a bot can do that faster until it probably gets a valid token or probably intercept the url containing a valid token.
Appreciate any feedback.
Regards,
Allen