Basic vs. basic authentication scheme

Has anyone else run across this issue? Oracle IAM specifies this authentication scheme as "basic" when it should be "Basic." When connecting through a browser the browser understands this and transforms the authentication scheme. However, when connecting outside of a browser, I can't authenticate.

Hello,
I know this discussion is really old, but for documentation purposes I am updating it
This issue with the authorization popup happens on older versions of Windows, like XP and Vista (though there are workarounds on Vista). Changing the authentication schema to uidpwdlogon may solve the popup issue, but this causes Portal Drive to not work!
Regards,
Gabriel Nunes.

Similar Messages

Unable to setup Basic or Digest Authentication on Infrastructure

Hello Folks,
On my infrastructure Apache instance I tried setting up Basic and Digest authentication but neither worked. For the Basic authentication I got a segmentation fault and for the Digest authentication I got the following error message:
[OSSO] E12: Unspecified or unexpected AuthType
I have OID and SSO set up in my infrastructure.
Any help would be greatly appreciated.
Thanks!

It seems that after I made the change DAS doesn't work anymore. I tried moving the line to load the OC4J Module before the OSSO but then the infrastructure web server just wouldn't start. Any help provided would be greatly appreciated. Please let me know if you require any additional information.
Thanks!

Configuring the authentication scheme for a web application

Hi all,
We have a requirement to configure the authentication scheme for a web application where some set of users should access the application using basic LDAP (userid/password) authentication and some using digital certificate authentication.
Since the deployment descriptor (web.xml) allows only one directive for auth-method in logic-config, we want to know if there is any other way to achieve this requirement. We are thinking of a custom login module approach. But we are not able to figure out how to configure the auth-method at runtime from the login servlet.
Please let us know if there is any other approach to achieve this.
I will be thankful if any body shares any specific solution to this issue.

This forum is probably not the correct one to ask in. It's more related to the web container than Java Programming.
Kaj

Applet Authentication Scheme

Hello,
I have developed a small applet that uses:
URL url = new URL(getDocumentBase(), strURL);
AudioInputStream stream = AudioSystem.getAudioInputStream(url);to retrieve an audio clip from my webserver.
The audio clip is protected using DIGEST authentication.
The applet is embedded in an HTML page that also uses DIGEST authentication.
Firefox is okay, but after changing to Java plugin 1.6.0_1, Internet Explorer + Java is popping up a second login, with the footer: "Authentication scheme: Windows Integrated".
Firefox:
- FF loads (HTML)Page (unprotected)
- Page loads the applet (unprotected)
- Page tries to load clip index (protected)
- FF shows browser login
- FF reissues request for clip index (assuming successful login)
- Page tells applet to load a clip
- Applet loads a clip using browser creds.
IE6:
- IE loads page (unprotected)
- Page loads the applet(unprotected)
- Page tries to load the clip index(protected)
- IE shows the browser login
- IE reissues the request for clip index(assuming successful login)
- Page tells applet to load a clip
- Java shows login form
How can I tell the applet to use the browser's DIGEST authentication credentials?
I have started diving into the docs, but haven't found anything yet.
Thanks for any tips,
Jamie S.

That is properly too late.
However, I am working on a similar problem. This is my insight. If anybody know more than I do, please let me know.
Using the applet, the Authenticator may not work due to the new JRE. I believe if you have the property file within your machine, you may get around this problem. Other than that, I have not figured out a way to get pass this security issue. Anybody have any thought on that ?
To get around this issue, in your case, it is Basic Authentication; so it won't be too bad. You will need to write your own http client. which mean, you will need to be able to read the response from the server and send the proper header back to the server. At least that is how I did it.
The problem I am facing now is doing Digest Authentication. I really hate to do all kind of work to get Digest working. Only if the Authenticator work for me.
Hope that help.

Calling a function in Pre-Authentication Process in Authentication Scheme

Hello all,
I want to call a function located somewhere inside apex (not in the database) from the Pre-Authentication Process in an Authentication Scheme.
Is it possible?
Regards Pedro.

Pedro
Possibly if you could unwrap the source of the package but basically you wouldn't want to mess with APEX's API.
If this is your function then you want it somewhere in one of your own schemas (you won't potentially break APEX and you will retain it when you upgrade).
If you wish, you could create your own authentication schema and only give yourself access to it (as well as execute to the applications parsing schema user). You could also just create it as in the application parsing schema
CREATE OR REPLACE PACKAGE BODY xxxxxxx WRAPPED This makes the source unreadable in the database. (remember to keep the original source yourself though!).
Hope this helps
Cheers
Ben

Custom Authentication Scheme - How To

For anyone who is interested in implementing your own Authentication Scheme, I have published an article on my blog. It covers the basic steps needed and can be extended in any number of ways to suit your additional needs.
http://djmein.blogspot.com/2007/07/custom-authentication-authorisation.html
Duncan

Hi Duncan, 
Thanks for your article. 
Regards, 
Gonçalo

Change current authentication schema via API

Using APEX 4.1:
I've reviewed the APEX API but I don't see how I can change the current authentication schema in a production apex instance without reloading the application? I've been successful in exporting the new authentication schema but have not been able to make the new one current (really would not like to mess with the wwv_flows table in my prod instance) ...
Ricker

tread wrote:
Tony's request for the API is similar and if the api existed would most likely meet my needs but ...
All that I am requesting is the basic functionality of changing the current scheme in a prod apex instance without having to reload the entire application (wwv_flow_api.create_flow) and/or manually modify the wwv_flows table.
RickerWhy do you want to change the authentication in prod directly without being tested properly??
But only way is to release the application OR set it manually on the prod instance, if you feel that it is really helpful to have an API you can add it to the Official feature requests

Database Authentication Schema Setup

Hi, Page 13-17 in the User Guide talks about setting up DAD credentials verification. Text is copied below
About DAD Credentials Verification
DAD database authentication uses the Oracle database native authentication and user
mechanisms to authenticate users using a basic authentication scheme. To use DAD
credentials verification:
■ Each application user must have a user account in the Oracle database.
■ You must configure a PL/SQL DAD for basic authentication (without account
information).
how do i setup the dad without account information ?
- thanks
neelesh

nevermind, i just removed the PlsqlDatabaseUsername and Password and it worked.

The HTTP Request is unauthorized with client authentication scheme negotiate - MDS Excel Plugin error

Hi,
Some users in my company are experiencing a strange issue when connecting to our MDS server using the MDS Excel plugin. They receive the error message:
"The HTTP Request is unauthorized with client authentication scheme negotiate. The authentication header received from the server was "NTLM,BASIC real="DOMAIN NAME IWA"
They are receiving this error when first trying to connect. For some reason they only receive this error when connected to the work network via the VPN. They don't receive this error from within our network.
Does anyone know what might be causing this issue and how to resolve?
Many Thanks,
Phil

Try the following links and see if it helps:
https://support.microsoft.com/en-us/kb/896861/
https://social.technet.microsoft.com/Forums/projectserver/en-US/912c7179-8858-4c48-a71d-d9a21ff10a1b/the-http-request-is-unauthorized-with-client-authentication-scheme-ntlm-the-authentication?forum=project2010custprog
-Nithesh Shetty Software Engineer, C & E -> IMML -> MDS, Microsoft.

WCF - Getting the "The authentication schemes configured on the host ('Anonymous') ....." error

"The authentication schemes configured on the host ('Anonymous') do not allow those configured on the binding 'BasicHttpBinding' ('Ntlm'). "
I am brand new to WCF and services in general. I have turned on the basic, windows & digest auth modes in my iis express.
One thing I just noticed in my iis express config file, I had turned on basic auth in the "turn of windows stuff" in the task manager then rebooted, but I just opened the applicationhost.config file on my machine and saw this:
<authentication>
<anonymousAuthentication enabled="true" userName="" />
<basicAuthentication enabled="false" />
shouldn't that basicAuthentication read as true?
I was given this existing project to make some changes to, but I cant even get it to run on my machine, so I'm assuming something is up with my local iis express settings.
This project has 3 services in it. Here is a partial of the webConfig:
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_IDataMaintenanceService" maxBufferSize="2147483647" maxReceivedMessageSize ="2147483647" maxBufferPoolSize="2147483647" >
<readerQuotas maxDepth="2147483647"
maxArrayLength="2147483647" maxBytesPerRead="2147483647"
maxNameTableCharCount="2147483647" maxStringContentLength="2147483647"/>
<security mode="TransportCredentialOnly" >
<transport clientCredentialType="Ntlm"/>
</security>
</binding>
<binding name="BasicHttpBinding_IYearEndProcessingService" maxBufferSize="2147483647" maxReceivedMessageSize ="2147483647" maxBufferPoolSize="2147483647" >
<readerQuotas maxDepth="2147483647"
maxArrayLength="2147483647" maxBytesPerRead="2147483647"
maxNameTableCharCount="2147483647" maxStringContentLength="2147483647"/>
<security mode="TransportCredentialOnly" >
<transport clientCredentialType="Ntlm"/>
</security>
</binding>
Simon.

Hi battlFrog,
Well Done!
I am very glad that you have solved your problem by yourself.
If you have any others problem, welcome to post it in this forum.
Best Regards,
Amy Peng
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey.

HTMLDB as Partner Application to TWO OID instances - Authentication Schemes

For reasons I won't go into here, we have TWO Oracle OID/SSO instances running - independently.
I am interested in having HTMLDB / APEX applications capable of authenticate against either one. (one at a time, but on the same engine installation)
We have done the PARTNER APPLICATION registration which works well against one of the OID instances. Records have been entered into the WWSEC_ENABLER_CONFIG_INFO$ table and everything works as expected.
What option do I have to register the HTMLDB engine with a SECOND OID/SSO as a partner application and then allow the developers the ability to choose which authentication scheme applies?
What I have observed is that the package given (custom_auth_sso) has built in
g_partner_app_name varchar2(2000) := 'HTML_DB';
Is it possible to duplicate that type of functionality, or is there something deeper ingrained into the engine that I do not understand?
Regards,
Tim

Scott,
I am working under a model similar to your case number two.
Application 1 uses OID A
Application 2 uses OID B
I am going under the assumption that if there were two records in the config_info$ table, that I would need some type of ability to inform the WWV_FLOW_CUSTOM_AUTH_SSO package to switch between them.
I guess what I am missing is the mechanics. I am trying to avoid having to re-write the WWV_FLOW_CUSTOM_AUTH_SSO package by hand. Besides the package body being compiled, I do not know how that authentication scheme is called by HTMLDB/APEX. I have been using the Oracle Application Server Single Sign-On (HTML DB Engine as Partner App) scheme. This leaves most of the Authentication scheme pretty blank with the exception of the Session Not Valid URL ( populated with PORTAL_SSO-) and the logout URL. Magically it works though.
If I had TWO schemes registered in the config_info$, how would I indicate which scheme to use?
Do I have the capability of working with what has already been provided, or am I destined to writing a custom scheme because of the decision which needs to be made?
Many thanks
--Tim

How to create an database account authentication scheme in apex

Dear
I have an apex installation (embeded) on oracle 11g.
I want to create a database account authentication scheme in apex. I have seen the page with different tab like name,subsription,source,session not valid, login processing, logout URL,session cookie attributes and comments.
I want to know what are the things to be specifed on these tabs and the effects. I have gone thru the documentation 'Application Builder User’s Guide Release 4.1' , but the functionalities of these tabs are not mentioned.
Please help.
Dennis
Edited by: Dennis John on Feb 28, 2012 10:57 PM

Thanks to dear Jit
I am new to apex.
I have gone thru that documents but I couldn't find any detailed documentation about the database account authentication scheme configuration
The database account authentication scheme creation interface will show tabs like name,subsription,source,session not valid, login processing, logout URL,session cookie attributes and comments.
I want to know what are the things to be specifed on these tabs and how it will reflect in the login. The specified documentation is not giving any detail about the above mentioned tabs of authentication scheme creation iwizard.
And also I want to know how the applciation user will be mapped to the database account?
As per my understanding a database user (for each run time user) is required for to authenticate the apex run time login other than the applciation schema user (holds the objects of applicaiton)
run time user means - end user who uses the applcaition, not the developer.
Please help.
Dennis

Apex Custom Authentication Schema Page Sentry Error

Hi,
I am using Application Express 4.0.0. I am struggling with a strange problem while trying to implement custom authentication schema.
I declare a page sentry function 'page_sentry' which returns TRUE or FALSE based on certain conditions. My page_sentry is as follows:
FUNCTION PAGE_SENTRY RETURN BOOLEAN
IS
l_username VARCHAR2(512);
l_session_id NUMBER;
BEGIN
IF USER != 'APEX_PUBLIC_USER' THEN
RETURN false;
END IF;
l_session_id := wwv_flow_custom_auth_std.get_session_id_from_cookie;
-- check application session cookie.
IF wwv_flow_custom_auth_std.is_session_valid THEN
apex_application.g_instance := l_session_id;
l_username := wwv_flow_custom_auth_std.get_username;
wwv_flow_custom_auth.define_user_session(
p_user => l_username, p_session_id => l_session_id);
RETURN true;
ELSE
--redirect to login page using OWA_UTIL.REDIRECT_URL
END IF;
RETURN false;
END page_sentry;
And Cookie Name : _AUTH
At first, It always returned FALSE. I wasn't getting any error. However, even after forcibly returning TRUE from the page_sentry function the redirect was still not happening. I tried to look into what cookies were being set for the same and I found this:
Name: ApexLibErrorStack1
Content: page%3D1%3Cbr%20%2F%3EERR-1201%20session%20ID%20not%20set%20on%20custom%20authentication
I couldn't find any relevant help for this. Worst of it is I cannot set any cookie from the page_sentry function at all. Please help!

Hi all.
Can someone please help me out with the above issue. I am not sure if things are wrong at my end or is this an apex bug.
--Update:
The source of my problem perhaps lies in the manner in which I have configured my Oracle HTTP Server. When I disable port HTTP server on port 80 and run apex without it on default port 8080, the custom authentication schema cookie gets set.
Executing the following with Oracle HTTP Server:
OWA_UTIL.PRINT_CGI_ENV;
gives:
HTTP_COOKIE = ApexLibErrorStack1=page%3D1%3Cbr%20%2F%3EERR-1201%20session%20ID%20not%20set%20on%20custom%20authentication.; ORA_WWV_R1=%23ALL; ORA_WWV_R2=%23ALL; ORA_WWV_R3=%23ALL
And without HTTP Server:
gives:
HTTP_COOKIE = WWV_CUSTOM-F_1420403886791332_100=9625AAC49B9951D8;......
Did I miss something in my HTTP server configuration ?
Edited by: pc on Jan 2, 2012 3:15 AM

How to Use REGION_STATIC_ID in authentication scheme

Hello,
I am storing Region Static ID in Table , on bases of that table I created an Authentication scheme, I want to give specific user to access that region.
When I am passing #REGION_STATIC_ID# in authentication function it is not allowing me to do that.
I want to to use static ID as below.
-- authentication Scheme function return Boolean
AND obj.OBI_APP_STATIC_ID = #REGION_STATIC_ID#
can any one please help ?
Muhammad Rehan

Hello Muhammad,
>> I am storing Region Static ID in Table , on bases of that table I created an Authentication scheme
The “out-of-the-box” APEX approach is different from yours. You maintain a list of regions per your users. APEX allows you to maintain a list of users per your regions (or other APEX component). You should check the principles of the APEX Access Control List - http://download.oracle.com/docs/cd/E14373_01/appdev.32/e11838/app_comp.htm#sthref1263 – and see if you can use them to your needs.
Regards,
Arie.
&diams; Please remember to mark appropriate posts as correct/helpful. For the long run, it will benefit us all.
&diams; Author of Oracle Application Express 3.2 – The Essentials and More

Authentication Scheme for sample application in Oracle Express

All, I recently installed Oracle Express on linux and I was browsing the sample application and when I look up the Authentication Scheme for this app I get the message
No authentication schemes have been defined. You can create a new authentication scheme starting with the Create Scheme button above
Now when I click "Authentication Status " I see
Application: 100
Method: Authentication Scheme
Details: Uses authentication schemes to control user authentication and all other aspects of session management for your application.
Logout URL: wwv_flow_custom_auth_std.logout?p_this_flow=&APP_ID.&p_next_flow_page_se
ss=&APP_ID.:1
Public Pages: (none)
Action: Manage authentication schemes using the report above.
Yet when I run the app I know it is looking up the data in the demo_users table. What I don't see is where the function custom_auth is defined for this app as the function to call for authenticating users. Can someone point me in the right direction.
Also has anyone upgraded apex in express to 2.2. Any issues?
thanks
Scott.

I think i found it when you are in list view no schemes appear. However, when you switch to detail view then I can see the custom scheme.
scott

Basic vs. basic authentication scheme

Similar Messages

Maybe you are looking for