SSL encryption for Apex 4.1

Hi Guys,
I am trying to set up SSL encryption for my local install.
I am running APEX 4.1 in Windows 7 (32 bit) , Oracle XE 11G with embedded plsql gateway setup.
The APEX documentation I looked at that deals with SSL:
http://docs.oracle.com/cd/E23903_01/doc/doc.41/e21678/adm_mg_service_set.htm#AEADM297
instructs to turn HTTPS on in APEX_ADMIN (Internal schema) under security.
It didn't work as APEX was visible still under http://localhost:8080/apex and using HTTPS gave page not found error. On top of that It locked out my Admin account for INTERNAL workspace. So I had to switch it back via SQL query in SQL plus.
From limited experience in doing something similar in Tomcat, I believe one needs certificates etc before proceeding with this.
Anyone who has done this before, can you please point to a any documenation/blog post, tutorial etc that shows how its done? Many thanks.

Hi,
http://docs.oracle.com/cd/E17781_01/install.112/e18802/toc.htm#BABGCDJJ
>
HTTPS is not supported natively with the HTTP listener built into Oracle Database XE. If you want HTTPS support, use an alternative Web listener, such as Apache, that does provide HTTPS support, and provide proxies for the URLs provided by Oracle Database XE.
>
Regards,
Jari
http://dbswh.webhop.net/dbswh/f?p=BLOG:HOME:0
Edited by: jarola on Jan 25, 2012 9:42 AM
That APEX instance admin parameter you have change do not enable HTTPS. It require that you use HTTPS on your web listener.
Here is how reverse HTTPS Requirement for APEX instance admin
http://docs.oracle.com/cd/E23903_01/doc/doc.41/e21678/adm_mg_service_set.htm#autoId17

Similar Messages

  • SSL for Apex 4.0 with PL/SQL Embedded Gateway

    Hello
    I'm trying to implement ssl to already installed apex 4.0. Os version: Red Hat Enterprise Linux Server release 5.5 (Tikanga)
    Oracle Database 11.2.0.3
    I used the following note to configure ssl for apex:
    http://wiki.shellprompt.net/bin/view/Apex/SSLandAPEXxdbHttp?TWIKISID=9ad53fc01edafaa65304ca32191cf00a
    1. used function dbms_xdb.setlistenerendpoint (2,'TESTHOST',2484,2) to configure xdbconfig.xml.
    2. listener.ora:
    SID_LIST_ORCL =
    (SID_LIST =
    (SID_DESC =
    (SID_NAME = ORCL)
    (ORACLE_HOME = /opt/oracle/db/11.2.0.3)
    SSL_CLIENT_AUTHENTICATION = FALSE
    WALLET_LOCATION =
    (SOURCE =
    (METHOD = FILE)
    (METHOD_DATA =
    (DIRECTORY = /opt/oracle/db/11.2.0.3/own/wallet/oracle)
    ORCL =
    (DESCRIPTION_LIST =
    (DESCRIPTION =
    (ADDRESS = (PROTOCOL = TCP)(HOST = testhost.testdomain.com)(PORT = 1521))
    ORCL_SSL =
    (DESCRIPTION_LIST =
    (DESCRIPTION =
    (ADDRESS = (PROTOCOL = TCPS)(HOST = testhost.testdomain.com)(PORT = 2484))
    ADR_BASE_ORCL_SSL = /opt/oracle/db
    3. sqlnet.ora:
    NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
    WALLET_LOCATION =
    (SOURCE =
    (METHOD = FILE)
    (METHOD_DATA =
    (DIRECTORY = /opt/oracle/db/11.2.0.3/own/wallet/oracle)
    ADR_BASE = /opt/oracle/db
    SET_CLIENT_AUTHENTICATION = FALSE
    # lsnrctl status orcl
    Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=testhost.testdomain.com)(PORT=1521)))
    STATUS of the LISTENER
    Alias orcl
    Version TNSLSNR for Linux: Version 11.2.0.3.0 - Production
    Start Date 03-FEB-2013 12:53:03
    Uptime 0 days 0 hr. 26 min. 56 sec
    Trace Level off
    Security ON: Local OS Authentication
    SNMP OFF
    Listener Parameter File /opt/oracle/db/11.2.0.3/network/admin/listener.ora
    Listener Log File /opt/oracle/db/11.2.0.3/log/diag/tnslsnr/testhost/orcl/alert/log.xml
    Listening Endpoints Summary...
    (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=testhost.testdomain.com)(PORT=1521)))
    (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=testhost.testdomain.com)(PORT=8080))(Presentation=HTTP)(Session=RAW))
    (DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=testhost.testdomain.com)(PORT=2484))(Presentation=HTTP)(Session=RAW))
    Services Summary...
    Service "ORCL" has 1 instance(s).
    Instance "ORCL", status UNKNOWN, has 1 handler(s) for this service...
    Service "orcl.testdomain.com" has 1 instance(s).
    Instance "orcl", status READY, has 1 handler(s) for this service...
    Service "orclXDB.testdomain.com" has 1 instance(s).
    Instance "orcl", status READY, has 1 handler(s) for this service...
    The command completed successfully
    # cat /etc/hosts
    127.0.0.1 testhost.testdomain.com testhost localhost
    Common usage of Apex via http://testhost:8080/apex is available but
    https://testhost:2484/apex shows
    "Firefox can't establish a connection to the server at testhost.testdomain.com:2484." error
    Please any ideas.
    Edited by: 985770 on Feb 3, 2013 2:33 AM

    This should help you find them:
    http://daust.blogspot.com/2006/03/where-are-images-of-application.html

  • Oracle 11g R2 HTTP server for APEX

    I am in the process of configuring new apex enviornment to run Oracle HTTP Server instead of the embedded server which we are currently using on another instance. I have configured 11g r2 along with companion version of Oraclle HTTP server entitled Oracle Fusion Middleware Web Tier Utilities.
    Currently all is working fine with this configuraiton using SSL.
    We have a couple of third party applications that are supplied in a EAR file for deployment. Does this version of Oracle HTTP support such deployments? There seems to be no gui interface to managing the http server and web cache. Do we need to move to the full Fusion app server to support EAR deployments, etc. If so, I am assuming we would then have to purchase Fusion product unlike http product for APEX.
    Any feedback is appreciated.
    Bob

    For a number of reasons scrapped http server and installed and configured GlassFish community edition with Apex Listener. With caching enabled all is working great. Weblogic is overkill.
    Bob

  • How I can use my domain name for APEX Application at Oracle Cloud?

    Hello,
    1. I have for example my-custom-domain.com and want that my customers use this domain to login at APEX Application at Oracle Cloud.
    I don't want that my customers see https://blablabla.db.us1.oraclecloudapps.com/apex/ and see instead of my-custom-domain.com :)
    How I can do it? Don't find any technical information about it...
    2. Can I use my ssl certificates for my domain for Oracle Cloud Instance?

    may be I don't understand you right...
    I have trial instance and test application here at https://database-trialajnn.db.us1.oraclecloudapps.com/apex/f?p=1500304
    database-trialajnn.db.us1.oraclecloudapps.com - it's 216.131.136.193 IP
    I write to my domain this IP = login.ds24.ru
    But when I test https://login.ds24.ru/apex/f?p=1500304
    It is not work and write that url is wrong for this ssl sertificate
    If I understand you correct now it's impossible use simple URL to login at application for example login.ds24.ru

  • Understanding SSL Encrypted Connections

    Good morning,
    I'm currently struggling a bit understanding what's happening when testing out encrypting connections using SSL.
    Can anybody tell me why/what's happening.
    Using wireshark, you can “sniff” the network traffic.  So, I created a SQL Server and a client server, setup everything as the default (using port 1502 on the SQL Server).
    I then tried to connect to my database server using the “sa” password.  I performed a couple of queries and it was possible to find unencrypted packets containing important information, including the actual resultset from the queries.
    So, in order to test, I created a self-signed SSL certificate and applied it to the SQL Server Service, enabled "Enforce Encryption" and restarted the SQL Server Services.
    I then closed and opened SSMS on my client computer and connected back to my database server.  I did NOT tick "Encrypt Connection" under the connection options.
    When I performed the same tests I did initially, I was unable to retrieve the query or resultset from the WireShark trace.
    So, here's where I'm a bit confused.  If we can, lets ignore the fact that the SSL is a self created one for now...
    1) Is my connection ACTUALLY encrypted securely?  I have not imported my certificate into the client's certificate store, so why does my connection trust this certificate as there's no trust chain that I can see?
    2) I did not click "Encrypt Connection" so how come my connection was encrypted and didn't just error out saying "Sorry, force encryption is enabled, and this connection is not encrypted"?  It appears to have accepted that all connections
    NEED to be encrypted and automatically forced the encryption on the connection.
    Is what I've described how it is meant to behave?  I was expecting the certificate to be required by both server and client and also I was expecting to have to change my connection string to say "ENCRYPT=YES" or something and not
    simply automatically encrypt.
    Any advise or thoughts would be appreciated.  I actually documented "what I did" as I went along, but didn't want to spam the blog with a host of images, but if more information is required, I can provide this.
    Regards,

    Hi AndyB1978,
    When the Force Encryption option for the Database Engine is set to YES, all communications between client and server is encrypted no matter whether the “Encrypt connection” option (such as from SSMS) is checked or not. You
    can check that whether connections are encrypted between server and clients using the following DMV statement.
    USE master
    GO
    SELECT encrypt_option FROM sys.dm_exec_connections
    GO
    For more information about SSL encryption in SQL Server, please review the following article.
    Encrypting Connections to SQL Server
    For more details about client side setting and connection property options, please review the following blog.
    Selectively using secure connection to SQL Server
    Thanks,
    Lydia Zhang
    Lydia Zhang
    TechNet Community Support

  • SSL encrypted webmail won't run

    I am having a problem getting a SSL encrypted GroupWise WebAccess to load the Login page in Safari on Vista (it works in Safari on XP). GW WebAccess works just fine in Firefox if I turn off TLS, and works in IE 7 if I turn ON SSL 2.0. In Safari there is no granular control over Web encryption. Does anyone have any idea how to get it to work? I really am trying to make Safari my primary browser, but GW WebAccess is very important for me to use it... It times out and I get, "Safari could not open the page “https://groupwise.bronsonhg.org/gw/webacc” because the server is not responding." What's interesting, is that I actually use http://groupwise.bronsonhg.org but it does resolve to the above SSL address - its then that it sits there and times out. Also, I tried it on Safari on a MacBook, and it works fine. Vista is the only OS this website doesn't work on Safari. Any idea's?

    Sounds like Safari is an unsupported browser for this web application.
    Try this: click Develop -> User Agent -> Internet Explorer 7.0

  • HT4865 Does iCloud email use 1024 bit or 2048 SSL encryption?

    In Security Now! Podcast #441, http://twit.tv/show/security-now/411 they discuss the need for SSL encryption to move to 2048 bit to be more secure. What level of encryption is iCloud email using?

    Sorry I didn't make my question specific enough. I'm referring to the encryption used in the browser while using the mail app on iCloud. I believe gmail currently uses 1024 SSL but will be changing to 2048 in several months. The reason being that a 1024 bit key can theoretically be broken my dedicated hardware (costing millions of dollars, I might add) in around one year. Listen to the link above for more details. This takes an extreme effort to crack, but given that it is possible I wanted to know what Apple does.

  • Why is firefox using the (presumably broken) RC4 128bit SSL encryption as highest priority default encryption?

    128 bit encryption is no longer a real security deal. There are known attacks on RC4 and there is a warning from NIST to do not longer use it in a new product.
    Firefox uses an internal list on prefered cipher suites. Why does firefox do not request for 256 bit encryption as default (AES and Camellia) and in a second step, if negotiation with an outdated server fails, fall back to 128 bit encryption? I know the user can block 128bit from about:config, but why is such an insecure and outdated SSL encryption option the default behaviour?

    You can disable the 128 bit RC4 ciphers by setting the related security.ssl3.* prefs to false.<br />
    If you need to visit a server that only works with an 128 cipher suite then you can enable one or two 128 SSL ciphers.<br />
    Note that some servers host CSS files on such servers with older server software.
    *security.ssl3.rsa_rc4_128_md5
    *security.ssl3.rsa_rc4_128_sha
    *http://kb.mozillazine.org/about:config

  • How we can get SSL certificate for any site?

    i want to know how can get SSL certificate for any website and what is the main benefit for particular website with the help of this certificate.

    Hi,
    Would you please let me know edition information of the SBS server? Was it SBS 2008 or SBS 2011?
    Based on your description, I’m a little confused with your question. Did you mean that want to know why need
    SSL certificate for website?
    Certificate Services and SSL protect sensitive information by encrypting the data sent between client browsers
    and your server.
    An SSL Certificate is used for two reasons (1) to validate the remote server to the client before the client sends any data to that server (2) to encrypt the data between the client and server over an un-secure network (ie. the Internet). You can use
    a self-issued certificate or a third-party trusted certificate. For more details, please refer to following articles and check if can help you.
    Managing Certificates
    SSL and Certificates
    Understanding Self-Issued
    Certificates in SBS 2003 & SBS 2008
    Installing a GoDaddy Standard
    SSL Certificate on SBS 2008
    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft
    does not guarantee the accuracy of this information.
    If anything I misunderstand or any update, please don’t hesitate to let me know.
    Hope this helps.
    Best regards,
    Justin Gu

  • Installing Valid SSL Certificate for Agent Reskilling Tool

    Has anyone done this?  I'm looking for documentation and can't find anything.  There's documentation for UCM/CUIC, but nothing for agent reskilling.  The Cisco Security Best Practices seems to just gloss over this subject and not really provide any good data.
    david

    Hi David, I recently tried to do this and I think I figured out a solution. This is on ICM 8.5(4). Let me know if this works for you.
    Open SSL Encryption Utility. Select All Instances. Click Certificate Administration tab. Click Uninstall. Close SSL Encryption Utility.
    Create Certificate request in IIS Manager.
    Complete Certificate request in IIS Manager.
    Export Certificate in IIS to c:\icm\ssl\[yourfile.pfx]. Remember password you use.
    Open command prompt
    Cd c:\icm\ssl\bin
    Openssl.exe
    pkcs12 -in c:\icm\ssl\[yourfile.pfx] -nocerts -out keyfile-encrypted.key
    pkcs12 -in c:\icm\ssl\[yourfile.pfx] -clcerts -nokeys -out [host.crt]
    Exit
    Copy c:\icm\ssl\bin\host.crt   to   c:\icm\ssl (overwrite if necessary)
    Copy c:\icm\ssl\bin\keyfile-encrypted.key   to   c:\icm\ssl (overwrite if necessary)
    Open SSL Encryption Utility. Select All Instances. Click Certificate Administration tab. Click Install. Click no when it asks to create a new certificate. Close SSL Encryption Utility. I got one error but certificate imported successfully.
    Verify by going to https:///reskill
    Openssl commands taken from http://www.markbrilman.nl/2011/08/howto-convert-a-pfx-to-a-seperate-key-crt-file/

  • Custom pagination for APEX 4.2 interactive report using Page Zero

    Hi,
    I want to implement an «Custom pagination for APEX 4.2 interactive report» using a «page zero».
    I recently migrate from Apex 3.1 to Apex 4.2 and my «Custom pagination for APEX 3.1 interactive report» using a «page zero»  is not working any more.
    So now I try to adapt an excellent example of Jari Laine for 4.0 but using a page zero.
    I put the code JavaScript to Page zero but I must create an dynamic action to fire only for an interactive report region.
    It’s a good idea?
    Thank you

    Thought I would try once more with my DatePicker question.
    On the Apex.Oracle.Com website I have created a 1 page application that has an Interactive Report.
    [url http://apex.oracle.com/pls/apex/f?p=15655:1]
    user = 'test'
    password = 'test'
    I have 2 questions :
    (1) In IE7, press 'Actions', 'Filter'. On the Column dropdown list, select 'Order Timestamp'.
    Notice the prompt icon to the right of the 'expression'. This should change to the Datepicker, but in IE7 it does not. Try the samething in Firefox or Chrome and the Datepicker will appear.
    Is this a BUG, or does Apex 4.02 not support IE7 ?
    (2) In Firefox or Chrome, where you can now see the Datepicker, you will notice that it is the new style picker, not the old style ( called 'classic' ). I want to change it so that it shows the 'classic' datepicker not the new, but cannot see how to do it, if indeed you actually can.
    I would really appreciate it if someone could take a look and let me know if I am going mad, or if we need to get all our users onto IE8. We have now gone live with Apex 4.02 and need to resolve these issues.
    Thanks in advance.
    Edited by: DooRon on 10-Mar-2011 05:13

  • Where is the Oracle Application Server for Apex 3.2.1?

    Hi, I feel ashamed asking this, but I want to know where to download the Application Server for Apex 3.2.1. Apex is installed in a DataBase 10gR1 and the O.S. where I will install the Application Server is RedHat
    I think it is here
    http://www.oracle.com/technetwork/middleware/ias/downloads/index.html
    But there is a lot of links and things to download and I don't even know if it will work because it is Release 3 and the DataBase is Release 1, but I tried downloading the "Oracle 10gR3 Companion (10.1.3.x) CD", but after running the installer in the disk1, I found that the Oracle HTTP Server that it would install does not include mod_plsql and I know I need it.
    So, which one should I download, or where can I find it?
    Thanks.

    Hi,
    Hi, I feel ashamed asking this, but I want to know where to download the Application Server for Apex 3.2.1. Apex is installed in a DataBase 10gR1 and the O.S. where I will install the Application Server is RedHatI think it is here
    http://www.oracle.com/technetwork/middleware/ias/downloads/index.html
    But there is a lot of links and things to download and I don't even know if it will work because it is Release 3 and the DataBase is Release 1, but I tried downloading the "Oracle 10gR3 Companion (10.1.3.x) CD", but after running the installer in the disk1, I found that the Oracle HTTP Server that it would install does not include mod_plsql and I know I need it.
    So, which one should I download, or where can I find it?>
    Strictly speaking you do not need Application Server or OHS for running Apex, you have an option in ApexListener. If it is a small installation then stick to EPG that comes built-in.
    Try downloading the Oracle HTTP Server from here . You will need to check the commercial aspects yourself as OHS is not a free software for Production environment, AFAIK.
    Cheers,

  • Is it possible to use single ssl certificate for multiple server farm with different FQDN?

    Hi
    We generated the CSR request for versign secure site pro certificate
    /* Style Definitions */
    table.MsoNormalTable
    {mso-style-name:"Table Normal";
    mso-tstyle-rowband-size:0;
    mso-tstyle-colband-size:0;
    mso-style-noshow:yes;
    mso-style-priority:99;
    mso-style-qformat:yes;
    mso-style-parent:"";
    mso-padding-alt:0in 5.4pt 0in 5.4pt;
    mso-para-margin:0in;
    mso-para-margin-bottom:.0001pt;
    mso-pagination:widow-orphan;
    font-size:11.0pt;
    font-family:"Calibri","sans-serif";
    mso-ascii-font-family:Calibri;
    mso-ascii-theme-font:minor-latin;
    mso-fareast-font-family:"Times New Roman";
    mso-fareast-theme-font:minor-fareast;
    mso-hansi-font-family:Calibri;
    mso-hansi-theme-font:minor-latin;}
    SSL Certificate for cn=abc.com   considering abc.com as our major domain. now we have servers in this domain like    www.abc.com,   a.abc.com , b.abc.com etc. we installed the verisign certificate and configured ACE-20 accordingly for ssl-proxy and we will use same certificate gerated for abc.com for all servers like www.abc.com , a.abc.com , b.abc.com etc. Now when we are trying to access https//www..abc.com or https://a.abc.com through mozilla , we are able to access the service but we are getting this message in certfucate status " you are connected to abc.com which is run by unknown "
    And the same message when trying to access https://www.abc.com from Google Chrome.
    "This is probably not the site you are looking for! You attempted to reach www.abc.com, but instead you actually reached a server identifying itself as abc.com. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of adgate.kfu.edu.sa. You should not proceed"
    so i know as this certficate is for cn=abc.com that is why we are getting such errors/status in ssl certficate.
    Now my question is
    1. Is is possible to  remove above errors doing some ssl configuration on ACE?
    2. OR we have to go for VerisgnWildcard Secure Site Pro Certificate  for CSR generated uisng cn =abc.com to be installed on ACE  and will be used  for all servers like  www.abc.com , a.abc.com etc..
    Thanks
    Waliullah

    If you want to use the same VIP and port number for multiple FQDNs, then you will need to get a wildcard certificate.  Currently, if you enter www.abc.com in your browser, that is what the browser expects to see in the certificate.  And right now it won't beause your certificate is for abc.com.  You need a wildcard cert that will be for something like *.abc.com.
    Hope this helps,
    Sean

  • Open Directory: After enabling of SSL encryption the Open Directory server is not reachable anymore! What's wrong?

    After enabling of SSL encrypton on LDAP I can't connect anymore to the LDAB. I think the Lions Server supports now the SSL encrypton for Open Directory.

    .....

  • Updating Page Sentry for APEX 4.0

    Hi there,
    I've found this forum and the regular posters and mods to be extremely helpful, so this post is more of a give-back, I hope. We recently upgraded a dev system of apex 3.0.x to 4.0.2 and ran into some issues where our use of some Page Sentry auth code that's been floating around a long time became a problem for us in terms of properly managing session state, URL forwarding, and acceptance of URL parameters for setting the value of page items in session.
    I've posted [an article on our blog|http://zetetic.net/blog/2010/12/10/updating-page-sentry-for-apex-4-0-upgrade/] explaining the whole thing in what is probably very boring detail over here, and if you're so inclined, we'd love your feedback. But just so there's no need to go anywhere, here's the page sentry we ended up implementing, which makes some pretty significant mods to the old page sentry to account for what we perceived as changes in APEX's behavior somewhere in our move from 3.0 all the way up to 4.0.2.
    You can view the following function nicely formatted [at this gist|https://gist.github.com/736369] :
    <pre><code>
    CREATE OR REPLACE function PASSPORT.oamPageSentry ( p_apex_user in varchar2 default 'APEX_PUBLIC_USER' )
    return boolean
    as
    l_cgi_var_name varchar2(100) := 'REMOTE_USER';
    l_authenticated_username varchar2(256) := upper(owa_util.get_cgi_env(l_cgi_var_name));
    l_current_sid number;
    l_url_sid varchar2(4000);
    l_url varchar2(4000);
    l_app_page varchar2(4000);
    begin
    -- check to ensure that we are running as the correct database user
    if user != upper(p_apex_user) then
    return false;
    end if;
    if l_authenticated_username is null then
    return false;
    end if;
    l_current_sid := apex_custom_auth.get_session_id_from_cookie;
    l_url := wwv_flow_utilities.url_decode2(owa_util.get_cgi_env('QUERY_STRING'));
    wwv_flow.debug('oamPageSentry: request from ' || l_authenticated_username || ' (sid=' || l_current_sid || ') for ' || l_url);
    -- split on zero or more non-colon characters, and extract the URL session ID if it is present
    l_url_sid := REGEXP_SUBSTR(l_url, '[^:]*', 1, 5);
    wwv_flow.debug('oamPageSentry: extracted current sid from url as ' || l_url_sid);
    -- the post_login call at the end of this function will blindly append the session ID to the URL, even if it is
    -- a deep link. Detect this condition, strip the duplicate session identifier, and redirect.
    if REGEXP_SUBSTR(l_url, '^.*:' || l_current_sid || ':.+:' || l_current_sid || '$') IS NOT NULL then
    l_url := REGEXP_REPLACE(l_url, ':' || l_current_sid || '$', '');
    wwv_flow.debug('oamPageSentry: identified duplicate session id on URL, stripping and redirecting to ' || l_url);
    owa_util.redirect_url('f?'|| l_url);
    return false;
    end if;
    -- apex 4.0 appears to have problems setting session variables (possibly due to new session validation)
    -- if the Session identifier present in the URL does not agree with the session identifier in the cookie
    -- detect this condition, and replace the invalid URL session identifier in the URL with the valid
    -- ID in from the cookie and redirect to the fixed URL
    if owa_util.get_cgi_env('REQUEST_METHOD') = 'GET' AND l_current_sid <> TO_NUMBER(l_url_sid) then
    l_url := REGEXP_REPLACE(l_url, '^(p=.+?:.+?):\d*(.*)$', '\1:' || l_current_sid || '\2');
    wwv_flow.debug('oamPageSentry: current sid ' ||l_current_sid || ' is diferent from url sid ' || l_url_sid || ', redirecting to url' || l_url);
    owa_util.redirect_url('f?'|| l_url);
    return false;
    end if;
    -- 1. If the session is valid and the usernames match then allow the request
    -- 2. If the session is valide but the usernames do not match, there may be session tampering going on. log the session out
    -- 3. If the session id is not valid, generate a new session, and register it with apex
    if apex_custom_auth.is_session_valid then
    apex_application.g_instance := l_current_sid;
    wwv_flow.debug('oamPageSentry: current sid ' || l_current_sid || ' with username ' || apex_custom_auth.get_username || ' is valid');
    if l_authenticated_username = apex_custom_auth.get_username then
    wwv_flow.debug('oamPageSentry: current session username ' || apex_custom_auth.get_username || ' equal to header username ' || l_authenticated_username);
    apex_custom_auth.define_user_session(
    p_user=>l_authenticated_username,
    p_session_id=>l_current_sid);
    return true;
    else
    wwv_flow.debug('oamPageSentry: username ' || apex_custom_auth.get_username || ' mismatch with ' || l_authenticated_username || ' loggout');
    apex_custom_auth.logout(
    p_this_app=>v('APP_ID'),
    p_next_app_page_sess=>v('APP_ID')||':'||nvl(v('APP_PAGE_ID'),0)||':'||l_current_sid);
    apex_application.g_unrecoverable_error := true; -- tell apex engine to quit
    return false;
    end if;
    else -- application session cookie not valid; we need a new apex session
    wwv_flow.debug('oamPageSentry: current session ' || l_current_sid || ' is not valid');
    l_current_sid := apex_custom_auth.get_next_session_id;
    wwv_flow.debug('oamPageSentry: generated new session id ' || l_current_sid);
    apex_custom_auth.define_user_session(
    p_user=>l_authenticated_username,
    p_session_id=> l_current_sid );
    apex_application.g_unrecoverable_error := true; -- tell apex engine to quit
    if owa_util.get_cgi_env('REQUEST_METHOD') = 'GET' then
    wwv_flow.debug('oamPageSentry: GET request, remembering deep link ' || l_url);
    wwv_flow_custom_auth.remember_deep_link(p_url => 'f?'|| l_url );
    else
    l_url := 'f?p='||
    to_char(apex_application.g_flow_id)||':'||
    to_char(nvl(apex_application.g_flow_step_id,0))||':'||
    to_char(apex_application.g_instance);
    wwv_flow.debug('oamPageSentry: POST request, remembering deep link ' || l_url);
    wwv_flow_custom_auth.remember_deep_link(p_url=> l_url );
    end if;
    -- in previous versions of apex the remember_deep_link call would actually work and cause
    -- post_login to redirect to the target URL. This doesnt work any more in 4.0. Instead,
    -- we'll pass the target page in to the post_login call directly. Post login will blindly
    -- append the session ID to the end of p_app_page when it redirects, but we
    -- clean that up with the first cleanup redirect at the beginning of the function
    l_app_page := SUBSTR(l_url, 3, LENGTH(l_url) - 2);
    wwv_flow.debug('oamPageSentry: post_login for ' || l_authenticated_username || ' app_page ' || l_app_page );
    apex_custom_auth.post_login(
    p_uname => l_authenticated_username,
    p_session_id => nv('APP_SESSION'),
    p_app_page => l_app_page
    return false;
    end if;
    end oamPageSentry;
    </code></pre>

    Billy,
    Thanks a lot for this great info. It seems to have solved the problem I have been having with an NTLM page sentry function for the last 2 or 3 days. Very difficult stuff to debug what is going on inside these functions when they (obviously) behave differently once you have logged in etc.
    As I said, your solution seems to solve my problem - but I have a couple of questions :
    1. Is this related to 10347091 which is mentioned on http://www.oracle.com/technetwork/developer-tools/apex/downloads/apex402knownissues-189793.html ?
    If yes, did you try the patch?
    2. Have you logged a bug or had any feedback (externally or within the forum) from Oracle people on this issue?
    I was about to log a bug regarding the deep linking and FSP_AFTER_LOGIN_URL not behaving correctly when I noticed the known issues and now your valuable work. I was going to try the patch, but I'd rather not apply it unless I know it will solve my problem.
    Please let me know.
    Thanks
    Glen

Maybe you are looking for

  • UDF of type "Lookup" - doesn't accept "space/Empty" value in lookup defn

    Hello there, I have created a Combo Box UDF field - but I don't want to put any value in it. If I give only "space" in Encode and Decode - it gives error of providing some value to it. I want to give a default blank value over there along with other

  • Error In MDX query

    Statement: SELECT{ CROSSJOIN({ [Product].[Product] }, { [Measures].[Shipping Units] })} ON ROWS FROM [Shipment] com.interlacesystems.iquery.QueryException: COLUMNS axis specification missing      Statement: SELECT{ CROSSJOIN({ [Product].[Product] },

  • Screen 910 getting saved in Local object - not even asking for Package

    Hi ABAPers, I am using Enhancement CONFPP07 and for this created Z project in CMOD. When I am creating the screen 910 for the screen exit SAPLCORU_S of that Z Project, that 910 is getting created in Local object not even asking for the Package and th

  • Ati HD5770 - catalyst 10.x - no mouse pointer at all :|

    hallo. i (was) using the old_xorg repo with the catalyst drivers. My hd5770 used to work pretty fine. Yesterday i did a pacman -Syu. Since then, my mouse pointer disappeared (in Xorg.N.log there are no evidence of this). I tryed to start X without an

  • GR nonvaluated flagged automatically

    Hi Experts, when we use multiple costcenter for a line item in PO.System automatically flags GR nonvaluated in delivery tab on its own. can anyone let me know how to avoid it and what is the reason behind this. regards subbu