Custom Authentication in Apex 4.2

Similar Messages

• How to create a custom authentication in APEX?

  Hello
  I have little experience in APEX and i'm trying to create a custom authentication for a new application i'm developing. I've tried to follow other posts replies but no success...
  I already have a table for usernames and passwords - let's call it table_users - having the following fields: ent_id, ent_username, ent_password and ent_type. I don't need a form in my application to insert new users; only give users access to change their own password.
  How can i create a custom authentication?
  I thank in advance all the replies.

  Hi,
  I used the authentication described in this page, not sure how it weighs up to others but does the job here
  http://djmein.blogspot.com/2007/07/custom-authentication-authorisation.html

• Strange problem when using custom authentication schema

  Hello,
  I'm building a custom authentication system for the application. Basically, I followed the blog post from Martin: http://www.talkapex.com/2009/03/custom-authentication-status.html
  However, the authentication seems working fine at the beginning when running the page 101 from Application Builder and log in, but when I log out from the application (redirect back to page 101) and try to log in with the same credentials, it gives error message "Invalid Login Credentials ". Also, when the application is accessed from public (open page 101 directly using another computer), the authentication doesn't work at all.
  Furthermore, I checked the table apex_workspace_access_log and found out that it has "AUTH_SUCCESS" even if using the fake credentials and the login failed (I use "apex_util.set_authentication_result (p_code => 3);" when auth function return false).
  I couldn't find the cause of the problem, then I created the same custom authentication in apex.oracle.com. The problem doesn't appear anymore. To make sure they are same, I have double checked the custom authentication in both the development environment and the apex.oracle.com.
  This is very strange to me and I don't know where to looking for the problem. Could you give me some advice of what may cause this problem. Thanks in advance!

  I found the problem myself. The cause is the VPD, the account table has VPD policy applied, which prevented public access.

• Apex Custom Authentication Schema Page Sentry Error

  Hi,
  I am using Application Express 4.0.0. I am struggling with a strange problem while trying to implement custom authentication schema.
  I declare a page sentry function 'page_sentry' which returns TRUE or FALSE based on certain conditions. My page_sentry is as follows:
  FUNCTION PAGE_SENTRY RETURN BOOLEAN
  IS
  l_username VARCHAR2(512);
  l_session_id NUMBER;
  BEGIN
  IF USER != 'APEX_PUBLIC_USER' THEN
  RETURN false;
  END IF;
  l_session_id := wwv_flow_custom_auth_std.get_session_id_from_cookie;
  -- check application session cookie.
  IF wwv_flow_custom_auth_std.is_session_valid THEN
  apex_application.g_instance := l_session_id;
  l_username := wwv_flow_custom_auth_std.get_username;
  wwv_flow_custom_auth.define_user_session(
  p_user => l_username, p_session_id => l_session_id);
  RETURN true;
  ELSE
  --redirect to login page using OWA_UTIL.REDIRECT_URL
  END IF;
  RETURN false;
  END page_sentry;
  And Cookie Name : _AUTH
  At first, It always returned FALSE. I wasn't getting any error. However, even after forcibly returning TRUE from the page_sentry function the redirect was still not happening. I tried to look into what cookies were being set for the same and I found this:
  Name:     ApexLibErrorStack1
  Content:     page%3D1%3Cbr%20%2F%3EERR-1201%20session%20ID%20not%20set%20on%20custom%20authentication
  I couldn't find any relevant help for this. Worst of it is I cannot set any cookie from the page_sentry function at all. Please help!

  Hi all.
  Can someone please help me out with the above issue. I am not sure if things are wrong at my end or is this an apex bug.
  --Update:
  The source of my problem perhaps lies in the manner in which I have configured my Oracle HTTP Server. When I disable port HTTP server on port 80 and run apex without it on default port 8080, the custom authentication schema cookie gets set.
  Executing the following with Oracle HTTP Server:
  OWA_UTIL.PRINT_CGI_ENV;
  gives:
  HTTP_COOKIE = ApexLibErrorStack1=page%3D1%3Cbr%20%2F%3EERR-1201%20session%20ID%20not%20set%20on%20custom%20authentication.; ORA_WWV_R1=%23ALL; ORA_WWV_R2=%23ALL; ORA_WWV_R3=%23ALL
  And without HTTP Server:
  gives:
  HTTP_COOKIE = WWV_CUSTOM-F_1420403886791332_100=9625AAC49B9951D8;......
  Did I miss something in my HTTP server configuration ?
  Edited by: pc on Jan 2, 2012 3:15 AM

• Interactive Report - search does not work when using custom authentication

  Apex 3.2.x
  I can authenticate fine with my custom authentication and all of my pages work okay except for one page that uses the Interactive Report feature. When I click 'Filter' then enter the column name, operation (contains, =, like, etc.) and the expression, then click the 'Apply' button, the page just re-displays and my filter information is missing?
  If I first login to Apex, select and run my application, the Interactive Report features work just fine. What's missing?

  More information:
  After login into my Apex workspace (development environment), when I display the Interactive Report and click debug I see this debug message:
  "using existing session report settings"
  When I login using my application's custom authentication and click debug I see this debug message:
  "creating session report settings as copy of public saved report"
  Based on this, it appears that my session info in not set correctly when using custom authentication... but I'm not sure what needs to be set.
  Edited by: user9108091 on Oct 22, 2010 6:44 AM

• Custom Authentication using WebService

  Hi,
  I am trying to create a way to Authenticate my users after calling a Webservice using Custom Authentication so that they don't have to Log on twice (SSO).
  Here is a brief description of what I'm trying to do:
  - End Users Login and get Authenticated in an iPlanet Portal.
  - Once in - they hit a link which calls my APEX Application in a new window.
  - I call the Web Service that return a response telling me if they have a valid Portal session along with username etc.
  - If they are logged in to our Portal - I authenticate them in APEX using Custom Authentication and allow them to continue.
  I have done this so far:
  - Created an After Footer Process in the Login Page(101) that calls the Web Service.
  - Created an automatic Page submit on page 101 with Javascript.
  - Changed the After Submit Process 'Set Username Cookie' to use the Login returned in the Web Service.
  - Changed the After Submit Process 'Login' to use the Login returned in the Web Service.
  - Custom Authentication is run after Page is submitted.
  - The user can then run the Application.
  Everything was working fine when I was already logged in to APEX as a Developer, but when I tried to run the application as a non-developer I get the Error:
  ORA-01400: cannot insert NULL into ("FLOWS_030100"."WWV_FLOW_COLLECTIONS$"."USER_ID")
  I now realize that my Webservice Process is trying to store the result of the Web Service call before the Login has occured - so there is no APEX User at this point.
  Does anyone have a way to accomplish what I'm trying to do?
  Thanks,
  Bill

  You should create a page sentry function based on the often-cited ntlm page sentry function discussed in this forum. That has the framework you need. Here is an example, although it's kind of old:
  function modntlm_page_sentry return boolean as
      l_current_sid            number;
      l_authenticated_username varchar2(256) := OWA_UTIL.GET_CGI_ENV('REMOTE_USER');
  begin
      if l_authenticated_username is null then
          return false;
      end if;    
      l_current_sid := wwv_flow_custom_auth_std.get_session_id_from_cookie;
      if wwv_flow_custom_auth_std.is_session_valid then
          htmldb_application.g_instance := l_current_sid;
          if l_authenticated_username = wwv_flow_custom_auth_std.get_username then
              wwv_flow_custom_auth.define_user_session(
                  p_user=>l_authenticated_username,
                  p_session_id=>l_current_sid);     
              return true;
          else -- username mismatch. Unset the session cookie and redirect back here to take other branch
              wwv_flow_custom_auth_std.logout(
                  p_this_flow=>v('FLOW_ID'),
                  p_next_flow_page_sess=>v('FLOW_ID')||':'||nvl(v('FLOW_PAGE_ID'),0)||':'||l_current_sid);
              htmldb_application.g_unrecoverable_error := true; -- tell htmldb engine to quit           
              return false;
          end if;
      else -- application session cookie not valid; we need a new htmldb session
          wwv_flow_custom_auth.define_user_session(
              p_user=>l_authenticated_username,
              p_session_id=>wwv_flow_custom_auth.get_next_session_id);
          htmldb_application.g_unrecoverable_error := true; -- tell htmldb engine to quit
          if owa_util.get_cgi_env('REQUEST_METHOD') = 'GET' then
              wwv_flow_custom_auth.remember_deep_link(p_url=>'f?'||wwv_flow_utilities.get_cgi_query_string_decoded);
          else
              wwv_flow_custom_auth.remember_deep_link(p_url=>'f?p='||
                  to_char(htmldb_application.g_flow_id)||':'||
                  to_char(nvl(htmldb_application.g_flow_step_id,0))||':'||
                  to_char(htmldb_application.g_instance));
          end if;
          wwv_flow_custom_auth_std.post_login( -- register session in htmldb sessions table,set cookie,redirect back
              p_uname     => l_authenticated_username,
              p_flow_page => htmldb_application.g_flow_id||':'||nvl(htmldb_application.g_flow_step_id,0));
          return false;       
      end if;   
  end modntlm_page_sentry;You would replace this:
  l_authenticated_username varchar2(256) := OWA_UTIL.GET_CGI_ENV('REMOTE_USER');
  ...with whatever statement will allow you to get the authentication status and authenticated user name from the environment, from HTTP headers, or from some other external source.
  Then you would put this into the page sentry function attribute of the authentication scheme for your application:
  return modntlm_page_sentry;
  Of course you can name it anything you like but it should be compiled in your applicaiton's parsing schema.
  Scott

• Clearing Interactive Report, custom authentication problem

  I have written my own custom authentication for my apex app. It calls a custom function in the db that looks in a table for user/password. It works fine. Login works and when I save sort order for standard reports, they are saved between sessions.
  However, for my interactive report the sort orders on my Interactive reports are being reset each time the user gets a new session id.
  I'm not sure why this is happening. Any suggestions or ideas on why this happens when I don't use 'user cookies' (standard apex login)?
  -Thanks,
  -Ben Goodwin
  Edited by: r0ckflite on Jan 26, 2012 4:19 PM

  Hi r0ckflite,
  are you sure you press on action (at report) --> save report --> change save "as named report" to "as default report settings" primary should be already marked the press Apply
  this should work iam pretty sure...
  regards,
  blacksev

• Custom authentication issue

  Good Afternoon,
  I am trying to add some code to a custom authentication routine to allow for tracking in the APEX supplied logs. Currently the authentication code processes the Login attempt and either allows access or returns the user back to the login page with a error message in case they entered an invalid username/password.
  I had added in each case the required two lines of code:
  APEX_UTIL.SET_CUSTOM_AUTH_STATUS('Test Message.. Ignore Me')
  APEX_UTIL.SET_AUTHENTICATION_RESULT(1) (Just as a test, will use more accurate values later)
  Now when I login with a non-existent user it logs it as a successful login, with NO custom text loaded...
  Can anyone suggest an idea here, other than using a custom logging table?
  Thank you,
  Tony Miller
  Webster, TX

  Hi,
  I did test set item session state , and it works OK for me.
  First I did forgot create that item when there was errors in my test.
  Do you have some computations, validations in login page ? Any application process that might run ?
  Or do you have any Page Sentry Function, Session Verify Function or Pre-Authentication Process in authentication scheme ?
  What is you session not valid in authentication scheme ?
  Have you tested your code on apex.oracle.com ?
  Br,Jari
  Edited by: jarola on Apr 16, 2010 9:25 AM
  I did more test.
  If you try login with some user name and password
  http://apex.oracle.com/pls/otn/f?p=12444
  Then you can try login with user EXPIRED and passwd test.
  To see access log login with user ACTIVE and passwd test.
  Then go page 10 you can see access log
  http://apex.oracle.com/pls/otn/f?p=12444:10
  My auth function is
  create or replace
  function                            custom_auth_2 (p_username in VARCHAR2, p_password in VARCHAR2)
  return BOOLEAN
  is
    l_password varchar2(4000);
    l_stored_password varchar2(4000);
    l_expires_on date;
    l_count number;
  begin
  -- First, check to see if the user is in the user table
  select count(*) into l_count from demo_users where user_name = p_username;
  if l_count > 0 then
    -- First, we fetch the stored hashed password & expire date
    select password, expires_on into l_stored_password, l_expires_on
     from demo_users where user_name = p_username;
    -- Next, we check to see if the user's account is expired
    -- If it is, return FALSE
    if l_expires_on > sysdate or l_expires_on is null then
      -- If the account is not expired, we have to apply the custom hash
      -- function to the password
      l_password := custom_hash(p_username, p_password);
      -- Finally, we compare them to see if they are the same and return
      -- either TRUE or FALSE
      0, 'AUTH_SUCCESS',
      1, 'AUTH_UNKNOWN_USER',
      2, 'AUTH_ACCOUNT_LOCKED',
      3, 'AUTH_ACCOUNT_EXPIRED',
      4, 'AUTH_PASSWORD_INCORRECT',
      5, 'AUTH_PASSWORD_FIRST_USE',
      6, 'AUTH_ATTEMPTS_EXCEEDED',
      7, 'AUTH_INTERNAL_ERROR',
      if l_password = l_stored_password then
        APEX_UTIL.SET_CUSTOM_AUTH_STATUS('SUCCEEDED');
        APEX_UTIL.SET_AUTHENTICATION_RESULT(0);   
        return true;
      else
        APEX_UTIL.SET_CUSTOM_AUTH_STATUS('WRONG_PASSWORD');
        APEX_UTIL.SET_AUTHENTICATION_RESULT(4);
         APEX_UTIL.SET_SESSION_STATE('LOGIN_MESSAGE','You have entered invalid Username or Password');
        return false;
      end if;
    else
      APEX_UTIL.SET_CUSTOM_AUTH_STATUS('ACCOUNT_EXPIRED');
      APEX_UTIL.SET_AUTHENTICATION_RESULT(3);
       APEX_UTIL.SET_SESSION_STATE('LOGIN_MESSAGE','Your account has been locked');     
      return false;
    end if;
  else
    -- The username provided is not in the DEMO_USERS table
    APEX_UTIL.SET_CUSTOM_AUTH_STATUS('USER_NOT_FOUND');
    APEX_UTIL.SET_AUTHENTICATION_RESULT(1); 
    APEX_UTIL.SET_SESSION_STATE('LOGIN_MESSAGE','You have entered invalid Username or Password');
    return false;
  end if;
  end;I have application item LOGIN_MESSAGE and in login page I did also create before header process.
  APEX_APPLICATION.G_NOTIFICATION := :LOGIN_MESSAGE;
  :LOGIN_MESSAGE := NULL;To show that item message in notification. It do not affect how auth work.
  It seems work ok

• Can Actions Menu of Interactive Reports work with Custom Authentication?

  My testing is leading my to believe that Actions Menu do not work with Custom Authentication (but only work with APEX Authentication) in APEX 3.1.2? If that's true then is there a work around to this?
  Just to clarify, I've posted/asked this question twice before:
  1) Re: Actions Menu in Interactive Reports does not sort, filter, select cols etc
  2) Interactive Report actions don't work for users (i.e. for non-developers)
  But I've come to believe this is the main problem. I just don't know how to resolve/work around this?
  Thanks for any help.

  I haven't setup a sample because my custom authentication is using LDAP authentication. I'm not sure how I can replicate that on the samples server?
  I'm using LDAP authentication with a Page Sentry function. My further testing reveals that the Page Sentry function is setting the APEX variable user to NULL (ie blank) whenever there's any code in the Page Sentry function box. PL/SQL code as simple as
  BEGIN return TRUE; END;
  in the Page Sentry function box sets the "user" is set to <null>. When the Page sentry function box is left empty (no code specified) it sets the "user" properly after authentication against the specified LDAP directory.
  What all this has to do with Interactive Reports...
  It seems like when the user is NULL it messes-up Interactive Reports that are stored in the flows database. Although it shows the default report properly, but no runtime interactive actions (filtering, sorting, column break, etc.) work.
  Can someone please correct or confirm this?
  Thanks.

• Custom authentication - different user - no edit links

  Hi
  In my apex 3 application I use a custom authentication scheme, in which I validate users against our backoffice tables. However, I don’t have in those tables the database user that I use to develop apex applications.
  When I run my application for the first time in the session (from the application builder tool) I am redirected to the login page and need to login. As I have to login using a different user, I don’t see at the bottom of the pages the edit links and I need to go back a number of times to get back to the app builder page.
  What is the best practice in this case? Is it possible to tell apex not to use the login page if the app is being run from the app builder tool? (or something like that)
  Thanks
  Luis

  Hi Scott
  Thanks for the reply. I understand why this happens, but I was wondering if there was a way to circumvent this limitation, as I can't login as the database user I am using to build the application (because I don't have that user in my custom authentication scheme).
  Of course I could add that user, but as it is maintained by another department (it is a live system and I would have to justify well why I need a new user just for development purposes), I was looking for another quicker, simpler solution.
  Thanks
  Luis

• Restful Web Services - First Party Authentication with custom authentication schemes

  Hi
  I've successfully enabled security using first party authentication on our Restful web services however these only work with the built in Apex accounts and not other authentication schemes.
  Ideally I'd like to authenticate against LDAP, however when I enable this authentication scheme the restful services don't work as they only support the Apex accounts. 
  Has anyone implemented LDAP authentication for Apex restful web services, either directly or using Glassfish ? Does anyone know if support for custom authentication schemes on the feature roadmap for a future Listener release ?
  I attempted to configure the glassfish application against LDAP but am still working on it.. glassfish never challenged the client to authenticate (it's only to be for the web service endpoints and nothing else), so any pointers on how to set that up for Apex would be appreciated.
  Thanks
  Kes

  Hi Gemma,
  unfortunately at the moment you are caught between a rock and a hard place:
  - As you point out there is no way in APEX for a user to self-register themselves, short of developing your own table to store users and configuring APEX custom auth to authenticate against that table
  - Listener can only authenticate against the the APEX user repository, it cannot integrate with custom APEX authentication.
  There may be other options though, by leveraging the authentication capabilities in the JRE and/or WebLogic/GlassFish application servers. We're interested in addressing this use case, so if you wish to investigate further please send me an email ( colm <dot> divilly <at> oracle <dot> com).
  Thanks,
  Colm Divilly

• Problems with custom authentication when migrating from 3.2 to 4.1.1

  Hi,
  we’re about to upgrade our APEX instances to 4.1.1 and to migrate our applications. I encountered some problems with our custom authentication schema.
  1.     Recognize already authenticated sessions: in 3.2 the sentry function could return false as long as the user was not authenticated. Public pages could still be displayed (including the login page). The result of the function apex_custom_auth.is_session_valid returned false until once the sentry function returned true. How can I recognize non authenticated sessions in 4.1.1? I looked for the test the Condition “User is the public user (user has not authenticated)” computes on a page but didn’t found the right one. It’s not what docu states here (comparison with the public user): http://docs.oracle.com/cd/E23903_01/doc/doc.41/e21674/condition001.htm#HTMDB25943. I replaced the test with p_authentication.username = ‘nobody’. It works. But that doesn’t seem to me to be the right way …
  2.     Post_logout lacks session context: the Post Logout Procedure does not receive a session_id and username. Neither the V(‘APP_SESSION’) nor p_authentication.session_id are set. This applies to both plugin authentication schemes and non-plugin custom authentication schemes. Is there another way to obtain the logged-out sessions infos or is this a bug?
  See apex.oracle.com for a demo, workspace WS_MW, gast/gast. Can someone please guide me the way?
  Michael

  Hello again,
  there are no replies until now .... I reviewed some posts regarding custom authentication again and did not find any solution for the issues. Found some that worked with APEX 3.2.1 but not with 4.1.1. I can only work around
  1.) in an insecure way, because the non documented (?) user "nobody" can change and all new sessions will be considered authenticated
  2.) in a way, that ends up in implementing the logout from the non apex environment outside the authentication schema or authentication plugin.
  May be I should contact support for at least the second issue because this doesn't work as documented or am I doing something wrong?
  Michael

• Custom Authentication Scheme - call SSO or Local Process based on User Name

  Hi,
  We are looking at building a new application that allows employee and public user access.
  For staff we want to use Single Sign On as we have for all our other ApEx applications.
  For public users (who will register to create an account) we want to use our own Custom Authentication Function.
  What I would like to do is to have an Authentication Function along the lines of:
  If username like '%@%'
  then call Custom Function
  else call SSO Funcion.
  How do I call the SSO Authentication Function progamatically?
  Thanks,
  Martin

  Probably I don't explain myself clearly....sorry for that!
  Anyway you are right, the role of the user can change after the user is initially provisioned.
  I'll try to summarize to be sure to have understood your answer and to explain my scenario more in details:
  1. After user identity creation, I'll assign the role "Project Manager". Before role assignment the user has not any role. So using a pre-populate adapter I can retrieve the assigned role and compose the right userid.
  2. After step 1, I need to assign another role to the user, the new role should be "External Reseller" for example. In this case the user has a role already. What I would is: basing on the role that I'm assigning (External Reseller), the pre-populate should compose the right userid. Obviously this second userid will be different from the first one and this means a new account will be created for the user. At the moment I don't care to deprovisioning the first userid.
  Is it possible with pre-populate adapter?
  Sorry again for my not very clear explanations.
  Daniele
  Edited by: 886636 on Jan 24, 2012 4:10 AM

• Custom Authentication in 4.2 will not save Authentication Function Name

  Upgrade from 4.0 to 4.2.
  When creating a new Custom Authentication the Authentication Function Name will not save in the Apex Create\Edit screen. After the Apply Changes button is clicked and the authentication scheme reopened - the Authentication Function Name will be cleared. If PL/SQL code was populated in the source field - it will still be present.
  Looking in the WWV_FLOW_AUTHENTICATIONS table - a new record is created but attribute_03 (this seems be where the Function Name is stored) attribute_05 and attribute_15 are null. The PL/SQL entered in Apex is there in the PLSQL_CODE field.
  All preexisting Custom Authentications that existed - there fields are populated and still work correctly. However, if you edit the Authentication Scheme in Apex it nulls out those fields in the WWV_FLOW_AUTHENTICATIONS table and the scheme no longer works.
  I can manually set attribute_03 to my function name, and attribute_05 to 'N' in the WWV_FLOW_AUTHENTICATIONS table and the Authentication scheme will work as long as you never try to edit it and save inside APEX( these fields are nulled out if you do this).
  Also - Authorizations schemes are behaving similarly.
  Checking the WWV_FLOW_SECURITY_SCHEMES table - attribute_01 is always NULL.
  No error is ever given inside the Apex designer.
  Any ideas how I can debug this?
  10.2.0.4.0 DB.
  Edited by: Bill14 on Nov 27, 2012 7:32 AM

  That's what happens when you don't pay attention to what you are typing (me that is). Edited original post.
  DB version is 10.2.0.4.0 (11.5.10 is our ebiz version)
  The PL_SQL column in WWV_FLOW_AUTHENTICATIONS is a CLOB. Looking at a a data view in Toad it abbreviates the field to say(HUGECLOB).
  This does not occur on apex.oracle.com and all of our 4.0 installs still behave as expected. The DBA said that he checked the install logs and did not see anyting out of order. I've never done an APEX install, is there a specific log file (or naming convention for a logfile) that I can tell him to look in or look for?

• Customized authentication scheme unauthorized when using help

  I am receiving an unauthorized message when clicking on help on a label. The message was not being received until the customized authentication scheme was enabled.

  If you still need help with this, please provide all the usual information: a complete description of the situation, an example on apex.oracle.com if possible, your version of apex and database, all custom code, all authentication scheme details, etc.
  Also, please tell us your first name and put it into your handle and/or profile to help us.
  Scott