Skip to Main Content
Feature Request FR-4076
Product Area Security
Status OPEN

1 Voters

Ability to wrap SAML in custom authentication

steven.t.randolph.ctr Public
· Oct 23 2024

Idea Summary
Would like to be able to control the SAML authentication process to:

1. Perform custom authentication that bounces one of the SAML assertion attributes off of a database table.

2. On successful custom authentication, use a single APEX account as a proxy login to the database session.

Use Case
SAML passes back a unique person identifier (think SSN) that gets matched to a database table of identities (similar to a LDAP) and is used to set APP_USER, etc.  A single APEX account is used to log in to the database session.  No need for hundreds of APEX accounts to match ADFS/SAML accounts.

Preferred Solution (Optional)
Ability to replace or customize SAML_CALLBACK.  If the internals of SAML_CALLBACK were exposed via individual API's that could be incorporated into a custom procedure (say, SAML_AUTH), and SAML_AUTH could be used as the callback for the SAML connection.

This idea is open.