Authentication Scheme Report "Bug"

Hi -
Since htmldb.oracle.com is down, I am working locally on my XE. Version 2.1.0.0.0.39. Stumbled across a strange bug I've never seen before - just wanted to report it if you dont all know about it before. Couldnt find it referenced in the search.
I imported an application successfully, but when I go to Shared Components => Authentication Themes, the report says there are not any. The default display type is Icons. However switching over to Details lists all of them. Its page 801 if you are keeping track at home.
I also tried creating a theme from scratch in a brand new application. Same behavior - I can only see them when selecting details instead of icons. I did not notice this problem on the hosted site, but its possible there are different versions of the software.
Any one else run across this?

We are aware of that bug in the XE version but thanks for the details.
Scott

Similar Messages

Authentication scheme affecting report formatting

Hi all,
I'm new to HTMLDB, and using 1.5.0.00.33. Super product. All was going splendidly until...
I created an authentication scheme ('ANIX') from scratch. Its function checks agains database users, and performs correctly. It uses login page 101. All other parameters defining the scheme I left at defaults.
I have some multi-column sql reports which include a text column (call it FRED) with typical contents of say 500 to 2000 characters.
With HTML_DB as the current authentication scheme, column FRED wraps as expected, and reports render correctly.
With ANIX as the current authentication scheme, column FRED doesn't wrap, so report tables no longer size to the width of the browser window - they extend way to the right in an unacceptable manner.
I can toggle between correct and incorrect report displays by switching which auth scheme is current. This happens whatever report template I use.
Anyone shed light on this please?
Thanks,
John D

Hi Scott,
Thanks for prompt reply.
Auto-sizing of columns and wrapping of cell contents to fit (e.g. in columns of a <table width="100%">) is default HTML behaviour, no? - as with the paragraph you're reading right now.
Clearly authentication shouldn't have any thing to do with it. But that's what's happening...
I'd like to install on oracle.com, but the dependencies of the app on objects and data in other schemas (users, tables etc. in the 'main' transactional database) make this a prohibitively complex task at this stage.
Perhaps I could sort out some access for you to the app in situ? (First I'll have to find out how - it's all behing firewalls etc at the moment).
If it helps, the authenticate function is below.
John
create or replace function authenticate_u_p
( p_username in varchar2,
p_password in varchar2
return boolean
-- Called from the htmldb login procedure
as
l_account_status varchar2(32);
l_old_expiry_date date;
l_old_encrypted varchar2(30);
l_new_encrypted varchar2(30);
l_stmt varchar2(255);
begin
if p_username is null
or p_password is null then
return false;
end if;
begin
select account_status
into l_account_status
from sys.dba_users
where username = upper(p_username)
and account_status <> 'LOCKED';
exception
when no_data_found then
-- The user doesn't exist or account is locked...
return false;
end;
-- Get the user's current password...
begin
select password,
expiry_date
into l_old_encrypted,
l_old_expiry_date
from sys.dba_users
where username = upper(p_username);
exception
when no_data_found then
-- The user doesn't exist...
return false;
end;
-- We have the encrypted value of the current password, but only the plain value of the supplied password.
-- To compare the current and supplied passwords, we have to:
-- - 1. change the user's password to the supplied parameter (which encrypts the value)
-- - 2. obtain the encrypted value of this new password
-- - 3. compare the two encrypted values
-- 1. change the user's password to the supplied parameter (which encrypts the value)...
l_stmt := 'alter user '||p_username||' identified by '||p_password;
execute immediate l_stmt;
-- 2. obtain the encrypted value of this new password...
begin
select password
into l_new_encrypted
from sys.dba_users
where username = upper(p_username);
exception
when no_data_found then
-- This should never occur, but let's be safe...
return false;
end;
-- 3. compare the two encrypted values...
if l_old_encrypted <> l_new_encrypted then
-- Change the password back to its old value...
l_stmt := 'alter user '||p_username||' identified by values '||chr(39)||l_old_encrypted||chr(39);
execute immediate l_stmt;
end if;
if l_old_expiry_date < sysdate then
l_stmt := 'alter user '||p_username||' password expire';
execute immediate l_stmt;
end if;
return l_old_encrypted = l_new_encrypted;
end authenticate_u_p;

Apex Custom Authentication Schema Page Sentry Error

Hi,
I am using Application Express 4.0.0. I am struggling with a strange problem while trying to implement custom authentication schema.
I declare a page sentry function 'page_sentry' which returns TRUE or FALSE based on certain conditions. My page_sentry is as follows:
FUNCTION PAGE_SENTRY RETURN BOOLEAN
IS
l_username VARCHAR2(512);
l_session_id NUMBER;
BEGIN
IF USER != 'APEX_PUBLIC_USER' THEN
RETURN false;
END IF;
l_session_id := wwv_flow_custom_auth_std.get_session_id_from_cookie;
-- check application session cookie.
IF wwv_flow_custom_auth_std.is_session_valid THEN
apex_application.g_instance := l_session_id;
l_username := wwv_flow_custom_auth_std.get_username;
wwv_flow_custom_auth.define_user_session(
p_user => l_username, p_session_id => l_session_id);
RETURN true;
ELSE
--redirect to login page using OWA_UTIL.REDIRECT_URL
END IF;
RETURN false;
END page_sentry;
And Cookie Name : _AUTH
At first, It always returned FALSE. I wasn't getting any error. However, even after forcibly returning TRUE from the page_sentry function the redirect was still not happening. I tried to look into what cookies were being set for the same and I found this:
Name: ApexLibErrorStack1
Content: page%3D1%3Cbr%20%2F%3EERR-1201%20session%20ID%20not%20set%20on%20custom%20authentication
I couldn't find any relevant help for this. Worst of it is I cannot set any cookie from the page_sentry function at all. Please help!

Hi all.
Can someone please help me out with the above issue. I am not sure if things are wrong at my end or is this an apex bug.
--Update:
The source of my problem perhaps lies in the manner in which I have configured my Oracle HTTP Server. When I disable port HTTP server on port 80 and run apex without it on default port 8080, the custom authentication schema cookie gets set.
Executing the following with Oracle HTTP Server:
OWA_UTIL.PRINT_CGI_ENV;
gives:
HTTP_COOKIE = ApexLibErrorStack1=page%3D1%3Cbr%20%2F%3EERR-1201%20session%20ID%20not%20set%20on%20custom%20authentication.; ORA_WWV_R1=%23ALL; ORA_WWV_R2=%23ALL; ORA_WWV_R3=%23ALL
And without HTTP Server:
gives:
HTTP_COOKIE = WWV_CUSTOM-F_1420403886791332_100=9625AAC49B9951D8;......
Did I miss something in my HTTP server configuration ?
Edited by: pc on Jan 2, 2012 3:15 AM

Authentication Scheme for sample application in Oracle Express

All, I recently installed Oracle Express on linux and I was browsing the sample application and when I look up the Authentication Scheme for this app I get the message
No authentication schemes have been defined. You can create a new authentication scheme starting with the Create Scheme button above
Now when I click "Authentication Status " I see
Application: 100
Method: Authentication Scheme
Details: Uses authentication schemes to control user authentication and all other aspects of session management for your application.
Logout URL: wwv_flow_custom_auth_std.logout?p_this_flow=&APP_ID.&p_next_flow_page_se
ss=&APP_ID.:1
Public Pages: (none)
Action: Manage authentication schemes using the report above.
Yet when I run the app I know it is looking up the data in the demo_users table. What I don't see is where the function custom_auth is defined for this app as the function to call for authenticating users. Can someone point me in the right direction.
Also has anyone upgraded apex in express to 2.2. Any issues?
thanks
Scott.

I think i found it when you are in list view no schemes appear. However, when you switch to detail view then I can see the custom scheme.
scott

Different behavior of Apex (authentication schema) in 64 bits instance

Hello
First time poster after reading many, and not sure if this is Apex related or that I should create a SR on metalink on monday
We have Apex 3.0 installed in a development 10.2.0.1 instance on Win2003 Server (32 bits), the application uses an authentication schema which queries our ldap server (MS Active directory), which works fine.
Our production environment is Apex 3.0 in 10.2.0.1 (x64) on Win2003 (64 bits) 4GB of memory. The authentication (same as in development) takes a very long time (minutes). On the server we see (task manager) a huge increase of vm size usage when we press the login button. When idle it uses around 900MB of vm size, and increases with 5GB. This results in a non responsive db server for minutes. After authentication is done, vm size decreases to normal size.
In the enterprise manager (Active sessions waiting: Other) we see DBMS_LDAP: LDAP operation in the graph
steps taken
- Installed a fresh 10.2.0.1 instance (x64) on a Win2003 x64 vmware
- Installed the PL/SQL Web Toolkit 10.1.2.0.6
- Installed Apex 3.0
- Created authentication schema in the sample application based on ldap (tried DOMAIN_NAME\%LDAP_USER% and cn=%LDAP_USER%,ou=Users,dc=domain,dc=nl notation for the dn entry)
- log on to application authentication is slow, (ldap test tool shows same behavior)
- tried different domain controllers
- upgrade instance to 10.2.0.3
After the upgrade the behavior is as described above (slow, huge increase vm size, non responsive system).
Any help or ideas on this on.
Thank in advance
Roeland

Hello
Did some more testing this morning, on the 64bits test instance. Created a function with pl/sql developer (found on the forum)
create or replace function authenticate_aduser(
     p_username          in          varchar2,
     p_password          in          varchar2)
return boolean
is
     l_user               varchar2(256);
     l_ldap_server     varchar2(256)     := 'ldap_server';
     l_domain          varchar2(256)     := 'domain_name';
     l_ldap_port          number      := 389;
     l_retval          pls_integer;
     l_session          dbms_ldap.session;
     l_cnt               number;
begin
     l_user               := l_domain || '\' || p_username;
     l_session          := dbms_ldap.init( l_ldap_server, l_ldap_port ); -- start session
     l_retval          := dbms_ldap.simple_bind_s( l_session, l_user, p_password ); -- auth as user
     l_retval          := dbms_ldap.unbind_s( l_session ); -- unbind
     return true;
exception when others then
     l_retval := dbms_ldap.unbind_s( l_session );
     return false;
end;
- First time execution took 90 secondes, and showed the increase in vmsize in the task manager
- Second execution in 0,015 seconds
- Logged off
- Started a new session
- Again the first time execution took around 90 seconds and second execution was 0,017 seconds
Maybe I mis configured something or it's a bug. but it seems not Apex related, anyway going to create a SR
Regards Roeland

HTTP request was forbidden with client authentication scheme 'anonymous'

Hi,
We have updated our support Package for version BPC NW 10.0 release 801 from 0002 to 0005.
After the update we are not being to access the server folders in EPM Add-in.
We have the following error "HTTP request was forbidden with client authentication scheme 'anonymous'". Nevertheless we only can't access to the content of folders that are not public or local.
In SLG1 log, we have the error " Access not granted, You are not the member of team: BUSINESS ADMIN". This is not true because the user has SAP_ALL in BW and is a primary administrator in BPC. The data access profile associated is the administrator member access profile.
Has anybody seen this error?
Best regards,
JA

Hi Nilanjan,
We are able to log in into EPM Add-in.
We have the error when we try to open input forms or reports from server, but only from some folders.
When we select the folder we have the error.
For example we can see the content from:
WEBEXCEL\REPORTLIBRARY\
ADMIN\WEBEXCEL\TEAMREPORTLIBRARY\
But we can't see the content from:
BUSINESS ADMIN\WEBEXCEL\TEAMREPORTLIBRARY\
TEAM FI\WEBEXCEL\TEAMREPORTLIBRARY\
The user has administrator member access profile ans is included in all teams (ADMIN, BUSINESS ADMIN and TEAM FI)
We really can't see what could be the problem
Hope you can help us.
regards,
JA

Password reset every 30 days (APEX authentication scheme)

Hello,
one of my application uses APEX authentication scheme. I would like to force end users to change their passwords every 30 days.
Account Expiration and Locking is enabled. Is it enough to set "30 days" in End User Account Lifetime (days) option that I've found in Home>Administration>Manage Services>Set Workspace Preferences, or should I do something else?
Regards,
Przemek

for developers who login into workspace - yes, it opens 'change password' page
for end users - who knows?
for example, take a look at one BUG-or-FEATURE here:
Locked user IS ALLOWED to login in Application Express 3.2.1.00.12
Locked user IS ALLOWED to login in Application Express 3.2.1.00.12

I'm trying to create an LDAP authentication scheme on XE APEX

Hi --
I hope I did not do something or not do something really dumb. I followed the instructions on http://www.oracle.com/technology/products/database/application_express/howtos/how_to_ldap_authenticate.html to create an LDAP authentication scheme from the gallery. After the final 'Create Scheme' button has been hit, I get the green check mark and a statement "Authentication Scheme Created". However, below that, on the content section, I get "No authentication schemes have been defined. You can create a new authentication scheme starting with the Create Scheme button above.".
It seems like nothing happened because I don't see the new scheme I just created.
I am running an APEX on an XE oracle.
Thanks
Betty

Betty,
Sorry about that. That's one of those bugs that was identified after XE went out the door.
Joel

Help on Authentication Schema and public page

Hi
i'm developing a app using an authentication schema basede on OID.
The problem is that the first page to be load (page 1), doesn't require any permission...it's public....
the only way to aceed directly to this page witouth login is type "?p=2011:1"
there are some way to pass over the authentication schema, just calling the app "?p=2011"
the home link on aplication security is .....f?p=&APP_ID.:1
thanks

José,
This seems to be the same bug discussed here: Re: Difference between using Application Alias and Application Number You may need to use an Apache rewrite directive of some kind until we fix it.
Scott

Custom authentication scheme: Invalid Session Target

Yesterday I spent a lot of time figuring out what was happening and I'm not sure if this is a bug or a feature...
Create an application with some public pages (1,2,101) and some non-public pages (3,4).
Created a list on page 0 listing all pages but only listing page 3 and 4 when user is logged in.
Created a custom authentication scheme.
Running the application showed me the page 1 and the list containing 1,2,101.
I could navigate to 101 and then log in after which I was taken to page 1 showing only 1,2,101.
I changed page 101 so that it would take me to page 3 after logging in and it did. The list showed me 1,2,101,3,4 and the username was also visible.
I could visit all pages correctly except page 1. Whenever I navigated to page 1 I effectively got logged out.
Finally I discovered that I had set "Invalid Session Target" to page 1 in my authentication scheme.
Is this the intended effect ?

Rene,
When a page is selected in the authentication scheme's Invalid Session Page LOV, it gets designated as "the login page". Whenever this page is rendered, APP_USER is null and APP_SESSION is a new session ID. This accounts for what you saw. It's sort of a quirk more than a bug or feature and we ought to properly document this behavior. If, for some reason, you needed a login page that you could navigate back to (after login) in the current session and using the current APP_USER value, you can deselect the page from the Invalid Session Page LOV in the authentication scheme and instead code this in the Invalid Session URL:
f?p=&APP_ID.:101:&APP_SESSION.
...using 101 as the login page, but it can be any page ID as long as it's a public page.
Scott

HTMLDB as Partner Application to TWO OID instances - Authentication Schemes

For reasons I won't go into here, we have TWO Oracle OID/SSO instances running - independently.
I am interested in having HTMLDB / APEX applications capable of authenticate against either one. (one at a time, but on the same engine installation)
We have done the PARTNER APPLICATION registration which works well against one of the OID instances. Records have been entered into the WWSEC_ENABLER_CONFIG_INFO$ table and everything works as expected.
What option do I have to register the HTMLDB engine with a SECOND OID/SSO as a partner application and then allow the developers the ability to choose which authentication scheme applies?
What I have observed is that the package given (custom_auth_sso) has built in
g_partner_app_name varchar2(2000) := 'HTML_DB';
Is it possible to duplicate that type of functionality, or is there something deeper ingrained into the engine that I do not understand?
Regards,
Tim

Scott,
I am working under a model similar to your case number two.
Application 1 uses OID A
Application 2 uses OID B
I am going under the assumption that if there were two records in the config_info$ table, that I would need some type of ability to inform the WWV_FLOW_CUSTOM_AUTH_SSO package to switch between them.
I guess what I am missing is the mechanics. I am trying to avoid having to re-write the WWV_FLOW_CUSTOM_AUTH_SSO package by hand. Besides the package body being compiled, I do not know how that authentication scheme is called by HTMLDB/APEX. I have been using the Oracle Application Server Single Sign-On (HTML DB Engine as Partner App) scheme. This leaves most of the Authentication scheme pretty blank with the exception of the Session Not Valid URL ( populated with PORTAL_SSO-) and the logout URL. Magically it works though.
If I had TWO schemes registered in the config_info$, how would I indicate which scheme to use?
Do I have the capability of working with what has already been provided, or am I destined to writing a custom scheme because of the decision which needs to be made?
Many thanks
--Tim

Configuring the authentication scheme for a web application

Hi all,
We have a requirement to configure the authentication scheme for a web application where some set of users should access the application using basic LDAP (userid/password) authentication and some using digital certificate authentication.
Since the deployment descriptor (web.xml) allows only one directive for auth-method in logic-config, we want to know if there is any other way to achieve this requirement. We are thinking of a custom login module approach. But we are not able to figure out how to configure the auth-method at runtime from the login servlet.
Please let us know if there is any other approach to achieve this.
I will be thankful if any body shares any specific solution to this issue.

This forum is probably not the correct one to ask in. It's more related to the web container than Java Programming.
Kaj

How to create an database account authentication scheme in apex

Dear
I have an apex installation (embeded) on oracle 11g.
I want to create a database account authentication scheme in apex. I have seen the page with different tab like name,subsription,source,session not valid, login processing, logout URL,session cookie attributes and comments.
I want to know what are the things to be specifed on these tabs and the effects. I have gone thru the documentation 'Application Builder User’s Guide Release 4.1' , but the functionalities of these tabs are not mentioned.
Please help.
Dennis
Edited by: Dennis John on Feb 28, 2012 10:57 PM

Thanks to dear Jit
I am new to apex.
I have gone thru that documents but I couldn't find any detailed documentation about the database account authentication scheme configuration
The database account authentication scheme creation interface will show tabs like name,subsription,source,session not valid, login processing, logout URL,session cookie attributes and comments.
I want to know what are the things to be specifed on these tabs and how it will reflect in the login. The specified documentation is not giving any detail about the above mentioned tabs of authentication scheme creation iwizard.
And also I want to know how the applciation user will be mapped to the database account?
As per my understanding a database user (for each run time user) is required for to authenticate the apex run time login other than the applciation schema user (holds the objects of applicaiton)
run time user means - end user who uses the applcaition, not the developer.
Please help.
Dennis

Is this Oracle Reports bug – "break order property" in "group above" report

Is this Oracle Reports bug – “break order property” in "group above" report
Could anybody confirm that in "group above" report, we could only order the brake column's values with ""none" or "ascending" or "descending" provided by "break order property"?
In the following example, “Dept” is brake column. Oracle Reports allows us to order values in “Dept” with “descending” provided by “break order property”:
Dept 30
job ename salary
xxx xxx xxx
xxx xxx xxx
Dept 20
job ename salary
xxx xxx xxx
xxx xxx xxx
Dept 10
job ename salary
xxx xxx xxx
xxx xxx xxx
or “ascending” provided by “break order property”:
Dept 10
job ename salary
xxx xxx xxx
xxx xxx xxx
Dept 20
job ename salary
xxx xxx xxx
xxx xxx xxx
Dept 30
job ename salary
xxx xxx xxx
xxx xxx xxx
I need to do:
Dept 20
job ename salary
xxx xxx xxx
xxx xxx xxx
Dept 10
job ename salary
xxx xxx xxx
xxx xxx xxx
Dept 30
job ename salary
xxx xxx xxx
xxx xxx xxx
Could I do this? Could anybody confirm that we could never ever do this, or If yes, how?
Millions of thanks for advice.
M.Z.
Edited by: jielan on Sep 18, 2010 8:23 AM

Why should that be a bug? You have a custom requirement and have to find a way to fulfill it. But, what is your actual sorting order? Do you have only this three departments? If so, you could add an addtional column in your query like
DECODE(DEPT, 20, 1, 10, 2, 30, 3, 4) SORTINGput that column in the same group as dept and sort after that new column.

How to Use REGION_STATIC_ID in authentication scheme

Hello,
I am storing Region Static ID in Table , on bases of that table I created an Authentication scheme, I want to give specific user to access that region.
When I am passing #REGION_STATIC_ID# in authentication function it is not allowing me to do that.
I want to to use static ID as below.
-- authentication Scheme function return Boolean
AND obj.OBI_APP_STATIC_ID = #REGION_STATIC_ID#
can any one please help ?
Muhammad Rehan

Hello Muhammad,
>> I am storing Region Static ID in Table , on bases of that table I created an Authentication scheme
The “out-of-the-box” APEX approach is different from yours. You maintain a list of regions per your users. APEX allows you to maintain a list of users per your regions (or other APEX component). You should check the principles of the APEX Access Control List - http://download.oracle.com/docs/cd/E14373_01/appdev.32/e11838/app_comp.htm#sthref1263 – and see if you can use them to your needs.
Regards,
Arie.
&diams; Please remember to mark appropriate posts as correct/helpful. For the long run, it will benefit us all.
&diams; Author of Oracle Application Express 3.2 – The Essentials and More

Authentication Scheme Report "Bug"

Similar Messages

Maybe you are looking for