I manage dozens of Oracle APEX applications that all live on the same infrastructure. For this example, let's say that the instance URL is www.apexinstance.com. APEX only allows you to setup a single integration at the Instance level for SAML authentication. Because of this, when registering with my Identify Provider (IdP), Okta, I used www.apexinstance.com. This is allowing me to use Okta in a service provider initiated flow to authenticate into all of my applications by using this Instance URL (example www.apexinstance.com/ord/f?p=100 or www.apexinstance.com/ord/f?p=200). My problem is that I have a unique DNS for each of my applications which I would like my customers to be able to use. For example, today a customer could access application 100 via www.uniqueapplication.com and be directed to www.uniqueapplication.com/ords/f?p=100 via an iRule. This is what I would like to still occur but when trying to hit the unique DNS, www.uniqueapplication.com it makes a call to Okta, then bring me to www.apexinstance.com/ords/apex_authentication.saml_callback (which is the SAML SSO URL) with the error:
I could alter my iRule to point www.uniqueapplication.com to www.apexinstance.com/ord/f?p=100 but if I do, the customer will be able to authenticate but I am pretty sure they will ultimately be sent to www.apexinstance.com/ord/f?p=100 which is not preferred. Essentially, I would like the customer to be able to use the unique URL of any of our applications to authenticate with Okta using SAML, and return to the URL that they came from. Does anyone have experience with this or thoughts on how I can solve for this?