Database Authentication Schema Setup
Hi, Page 13-17 in the User Guide talks about setting up DAD credentials verification. Text is copied below
About DAD Credentials Verification
DAD database authentication uses the Oracle database native authentication and user
mechanisms to authenticate users using a basic authentication scheme. To use DAD
credentials verification:
■ Each application user must have a user account in the Oracle database.
■ You must configure a PL/SQL DAD for basic authentication (without account
information).
how do i setup the dad without account information ?
- thanks
neelesh
nevermind, i just removed the PlsqlDatabaseUsername and Password and it worked.
Similar Messages
-
We have 1000's of users in an Oracle Database 10g. I would like to use their Id/Password to login to an ApEX application (Version 1.6). When I use the DAD scheme, the authentication works fine but the user is identified as HTMLDB_PUBLIC_USER. I need the actual ID of the DB user in the session. Any suggestions? Thanks!
I not sure this is the same case. I just want to use the Oracle UserID/Pwd to authenticate. However, I need to get a login screen. Is there an easy way to do this? If I have already chosen the Database authentication scheme, why isn't there a simple way to connect the application to the Oracle users? The docs indicate the need to configure the dad file and I am not sure I have priviledges to do this. Is there a problem with modifying this file?
-
How to create an database account authentication scheme in apex
Dear
I have an apex installation (embeded) on oracle 11g.
I want to create a database account authentication scheme in apex. I have seen the page with different tab like name,subsription,source,session not valid, login processing, logout URL,session cookie attributes and comments.
I want to know what are the things to be specifed on these tabs and the effects. I have gone thru the documentation 'Application Builder User’s Guide Release 4.1' , but the functionalities of these tabs are not mentioned.
Please help.
Dennis
Edited by: Dennis John on Feb 28, 2012 10:57 PMThanks to dear Jit
I am new to apex.
I have gone thru that documents but I couldn't find any detailed documentation about the database account authentication scheme configuration
The database account authentication scheme creation interface will show tabs like name,subsription,source,session not valid, login processing, logout URL,session cookie attributes and comments.
I want to know what are the things to be specifed on these tabs and how it will reflect in the login. The specified documentation is not giving any detail about the above mentioned tabs of authentication scheme creation iwizard.
And also I want to know how the applciation user will be mapped to the database account?
As per my understanding a database user (for each run time user) is required for to authenticate the apex run time login other than the applciation schema user (holds the objects of applicaiton)
run time user means - end user who uses the applcaition, not the developer.
Please help.
Dennis -
Authentication Scheme - Database Account with login user exists in table
Hi all,
I m new to APEX. Could anyone tell me how can i modify the authentication scheme to validate the user by Database Account DB user & password, also the username must exist in a table
As the DB is not only designed for one application, so DB account may incl. DB users more than the users who can access the APEX application. So I must check the user name exists in a table also.
Thx.Scott,
I try to save the msg in application item and set the message by application item in process before header, it works perfect. The message display as what i want :)
One more question is i would like to give this link to user will go let the user go to the target page and can edit the page without doing any searching b4.
http://XXX/apex/f?p=115:3::NO:::P3_ID:82
If the user hvnt login, system will prompt login page, after the user login it, it will direct go to the target page. I have try if the user type in a wrong username / password it still work after i retype a correct one. The page can redirect to the target page.
However, if i type in a user name & password is correct but not exist in my define table like what i stated b4. Then i type in a correct one I can just go to page 1 instead of the target one.
How can i do the same thing?
Sorry for non-stop questioning, but pls help. Thanks a lot. -
What's required to use the built-in LDAP authentication scheme
In order to use the built-in LDAP authentication scheme in my ApEx application, do I have to have anything more installed in my oracle environment or available to us than accessible LDAP addressing? Our environment is a 10.2 database instance (Enterprise Edition) with ApEx and Microsoft Active Directory that has LDAP setup. It looks like all the DBMS.LDAP packages are in place in my database.
I'm using something similar to the below for built-in prompts but all LDAP tests fail:
host=ourdc1.ourdc2.ourdc3.edu
Port=389
cn=%LDAP_USER%,OU=Users, OU=Department,DC=ourdc1,DC=ourdc2,DC=ourdc3,DC=eduHello,
What is your name?
I know this sounds funny but when I was starting with AD LDAP authentication I seem to remember the user name being the key. Instead of "username" I had to use "[email protected]".
Ultimately, I created a custom package built on DBMS_LDAP as the ApEx package is really targeted for OID.
Regards,
Dan -
Calling a function in Pre-Authentication Process in Authentication Scheme
Hello all,
I want to call a function located somewhere inside apex (not in the database) from the Pre-Authentication Process in an Authentication Scheme.
Is it possible?
Regards Pedro.Pedro
Possibly if you could unwrap the source of the package but basically you wouldn't want to mess with APEX's API.
If this is your function then you want it somewhere in one of your own schemas (you won't potentially break APEX and you will retain it when you upgrade).
If you wish, you could create your own authentication schema and only give yourself access to it (as well as execute to the applications parsing schema user). You could also just create it as in the application parsing schema
CREATE OR REPLACE PACKAGE BODY xxxxxxx WRAPPED This makes the source unreadable in the database. (remember to keep the original source yourself though!).
Hope this helps
Cheers
Ben -
Authentication Scheme with Username / Password stored in App Table
Hi all,
Up to now all of our applications have used SSO authentication, but I now need to step away from this to allow users from outside our organisation (and therefore not in our OID system) to use one specific application.
I therefore have a table in my application that stores username and password. I have a function that compares the entered username and password to this table and returns a boolean result. This function is then registered in my Authentication Scheme as the Authentication function.
All this works well and is causing no problems. The problem is that the password is stored and checked in plain text - obviuosly not very good.
How do I go about changing the password column in my table, the pages that allow this password to be set and updated and the authentication function that checks the username / password to use some form of encryption?
Also, do I need to be worrying about all the other fields (Page Sentry Function,Session Verify Function, Pre-Authentication Process etc) that the Authentication Scheme offers me - or can I just leave these blank as they are now.
If someone can give me a complete 'out-of-the-box' solution that would be wonderful - otherwise a good hard pusj int he right direction would be much appreciated.
Many thanks,
MartinHello Martin,
If you check out the Discussion Forum application here, you should find the information you need. This app stores an encrypted version of the user's password in the table.
http://www.oracle.com/technology/products/database/application_express/packaged_apps/packaged_apps.html#FORUM
Good luck,
Don.
You can reward this reply by marking it as either Helpful or Correct :) -
Identification of OS user with DAD authentication scheme
I have following situation:
Authentication scheme : no authentication (I'm using dads.conf which has PlsqlDatabaseUsername APEX_PUBLIC_USER)
APEX/database is on a Unix server
Apex application is run from Windows desktop browsers.
I want to capture desktop's OS user in CREATED BY column of the tables when I create a record. With the current settings (using APP_USER), CREATED BY column is populated with "APEX_PUBLIC_USER" because APP_USER value is populated by whatever is in dads.conf.
Is there a way to populate CREATED BY column with OS user of the desktop using any built-in substitution strings or system variables?
using OS_USER is not an option because it carries UNIX server's OS user (which is "oracle").
Thanks for any insight!
Shiv.If I use Database account Authentication, then there would not be any issue, because APP_USER or USER will also work.
We don't want user to login again into APEX application since they have already logged onto their desktop using their network/Windows login. We want to carry their network/Windows username and populate CREATED_BY. -
Database authentication DAD and Logout
Hi All,
I am confused as to how to use the database account credentials as a n authentication method for the applications. Should I select a "No Authentication Schema" or "Database Account" from the authentication schemas. Also should I create another DAD with null plsqlusername/password. Any advice appreciated.
Thanks
Raje.hi scott,
Thanks for correcting and pointing me in the right direction. But I am still not clear. Here is what I did.
I selected the "Show Login Page and Use Database Account Credentials" as my authentication scheme. When I ran the Application the Login page accepted the User Id "test" and password and ran the app fine.
when I looked at the Sessions tab in the "Oracle Enterprise Manager Console" I could see only "APEX_PUBLIC_USER" and not "test" user's session. I thought this might be because of the hardcoded plsqlusername and password in the DAD (APEX_PUBLIC_USER). So I created another DAD with null plsqlusername an d password.
when I called my app with this new DAD, I got challenged for the username twice (once by the Browser's pop up window and the other by the built in Login Page). My session in the "Oracle Enterprise Manager Console" used the "test" user Id instead of the "APEX_PUBLIC_USER" which is what I want. But I don't want to challenge my users twice. How can I get rid of one of the uername/password challenges?
Thanks again for helping me out :-) -
Authentication scheme affecting report formatting
Hi all,
I'm new to HTMLDB, and using 1.5.0.00.33. Super product. All was going splendidly until...
I created an authentication scheme ('ANIX') from scratch. Its function checks agains database users, and performs correctly. It uses login page 101. All other parameters defining the scheme I left at defaults.
I have some multi-column sql reports which include a text column (call it FRED) with typical contents of say 500 to 2000 characters.
With HTML_DB as the current authentication scheme, column FRED wraps as expected, and reports render correctly.
With ANIX as the current authentication scheme, column FRED doesn't wrap, so report tables no longer size to the width of the browser window - they extend way to the right in an unacceptable manner.
I can toggle between correct and incorrect report displays by switching which auth scheme is current. This happens whatever report template I use.
Anyone shed light on this please?
Thanks,
John DHi Scott,
Thanks for prompt reply.
Auto-sizing of columns and wrapping of cell contents to fit (e.g. in columns of a <table width="100%">) is default HTML behaviour, no? - as with the paragraph you're reading right now.
Clearly authentication shouldn't have any thing to do with it. But that's what's happening...
I'd like to install on oracle.com, but the dependencies of the app on objects and data in other schemas (users, tables etc. in the 'main' transactional database) make this a prohibitively complex task at this stage.
Perhaps I could sort out some access for you to the app in situ? (First I'll have to find out how - it's all behing firewalls etc at the moment).
If it helps, the authenticate function is below.
John
create or replace function authenticate_u_p
( p_username in varchar2,
p_password in varchar2
return boolean
-- Called from the htmldb login procedure
as
l_account_status varchar2(32);
l_old_expiry_date date;
l_old_encrypted varchar2(30);
l_new_encrypted varchar2(30);
l_stmt varchar2(255);
begin
if p_username is null
or p_password is null then
return false;
end if;
begin
select account_status
into l_account_status
from sys.dba_users
where username = upper(p_username)
and account_status <> 'LOCKED';
exception
when no_data_found then
-- The user doesn't exist or account is locked...
return false;
end;
-- Get the user's current password...
begin
select password,
expiry_date
into l_old_encrypted,
l_old_expiry_date
from sys.dba_users
where username = upper(p_username);
exception
when no_data_found then
-- The user doesn't exist...
return false;
end;
-- We have the encrypted value of the current password, but only the plain value of the supplied password.
-- To compare the current and supplied passwords, we have to:
-- - 1. change the user's password to the supplied parameter (which encrypts the value)
-- - 2. obtain the encrypted value of this new password
-- - 3. compare the two encrypted values
-- 1. change the user's password to the supplied parameter (which encrypts the value)...
l_stmt := 'alter user '||p_username||' identified by '||p_password;
execute immediate l_stmt;
-- 2. obtain the encrypted value of this new password...
begin
select password
into l_new_encrypted
from sys.dba_users
where username = upper(p_username);
exception
when no_data_found then
-- This should never occur, but let's be safe...
return false;
end;
-- 3. compare the two encrypted values...
if l_old_encrypted <> l_new_encrypted then
-- Change the password back to its old value...
l_stmt := 'alter user '||p_username||' identified by values '||chr(39)||l_old_encrypted||chr(39);
execute immediate l_stmt;
end if;
if l_old_expiry_date < sysdate then
l_stmt := 'alter user '||p_username||' password expire';
execute immediate l_stmt;
end if;
return l_old_encrypted = l_new_encrypted;
end authenticate_u_p; -
I'm trying to create an LDAP authentication scheme on XE APEX
Hi --
I hope I did not do something or not do something really dumb. I followed the instructions on http://www.oracle.com/technology/products/database/application_express/howtos/how_to_ldap_authenticate.html to create an LDAP authentication scheme from the gallery. After the final 'Create Scheme' button has been hit, I get the green check mark and a statement "Authentication Scheme Created". However, below that, on the content section, I get "No authentication schemes have been defined. You can create a new authentication scheme starting with the Create Scheme button above.".
It seems like nothing happened because I don't see the new scheme I just created.
I am running an APEX on an XE oracle.
Thanks
BettyBetty,
Sorry about that. That's one of those bugs that was identified after XE went out the door.
Joel -
Customized authentication scheme unauthorized when using help
I am receiving an unauthorized message when clicking on help on a label. The message was not being received until the customized authentication scheme was enabled.
If you still need help with this, please provide all the usual information: a complete description of the situation, an example on apex.oracle.com if possible, your version of apex and database, all custom code, all authentication scheme details, etc.
Also, please tell us your first name and put it into your handle and/or profile to help us.
Scott -
Define Reverse Proxy and Deffered Authentication Schema
Hi Experts,
Can some one help me with the Definition for "*Reverse Proxy in OAM*" and "Deffered Authentication Schema (*DAS*) in Directory server". And please quote one example for understanding.......
Thanks in Advance.
Sandy
Edited by: sandyb4u on Oct 11, 2010 1:34 AMHello Markus,
1. have you checked out Alon Weinstein's Weblog <a href="/people/sap.user72/blog/2005/02/23/the-reverse-proxy-series--part-2-iis-as-a-reverse-proxy">The Reverse Proxy Series -- Part 2: IIS as a reverse-proxy</a>?
2. Is the IIS a must? Can you give Apache or SAP Web Dispatcher a try. Prakash Singh wrote a Weblog <a href="/people/prakash.singh4/blog/2005/08/16/how-to-setup-webdispatcher-to-load-balance-portal-in-a-clustered-environment">How to setup webdispatcher to load balance portal in a clustered environment</a>.
Regards
Gregor -
Can I change the database authentication
Hi,
I have created an application with database authentication. Can I change this to use application users authentication? Or can I import pages from aon application to another?
Thank youin your application go to shared components-->Authentication Schemes
And choose tab "Change Current"
regards
jean marc -
Problems with "Application Express Accounts" authentication scheme...
Hi.
I'm using Application Express 4.1.1.00.23 on Oracle 10g XE.
I have created and used an authentication scheme based on APEX accounts which worked okay for a while but it now experiencing issues. All the current users are working fine, but I cannot add new ones in the app! Oh, I'm using an APEX generated Access Control page within the app (which I have deleted/recreated to no joy).
If I make changes to a current user I get the expected "1 row(s) updated, 0 row(s) inserted." message and it has indeed worked. If I "Add User" and "Apply Changes", nothing happens... well, the page is seemingly submitted, but no action is taken, no errors are raised, but no user is added.
Curiously, if I both amend a user and add a user before applying changes I get the following -
"1 error has occurred
Current version of data in database has changed since user initiated update process. current row version identifier = "A884FA378C851786DDFE3A33709CB23C" application row version identifier = "234234C67A01764460EDABD366BC4C48" (Row 2)"
The row is mentions is the one I tried to amend. To make matters worse, it's not consistent as another row I tried to amend (at the same time as inserting a new user) gives the following error -
"1 error has occurred
unique constraint (ICTLIVE.APEX_ACCESS_CONTROL_PK) violated (Row 1)"
This update, again, works correctly when I try to update without adding a new user!
Very confused, can anyone help please!
Thanks in advance,
Adam.Hi, and thanks for the reply.
I have used this successfully before myself... that's why this is confusing me! I have tried recreating the page with the same number and also creating a new page with a new number and the result is the same. It leads me to believe there's something else going on but I have no idea what!
Adam.
Maybe you are looking for
-
Transfering PO's from one Purch. Grp to another Purch. Grp to
Hi, We recently changed commodities within purchasing and need to change all open POs under a certain material group from one buyer to the new buyer. Instead of manually opening all POs to do this, do you know if there is a way to do a mass update
-
I have just purchased a new MacBook and am having trouble syncing the existing iTunes on my iPhone 6 to it. The only option it gives me is to wipe the music on my phone and replace it with the existing playlists on my iTunes (on the MacBook). For som
-
Delivery Date Monitor Against Purchase Order Delivery Date.
Hi All Forgive me if I've posted this in the wrong forum area but I'm fairly new to this and have spent some time looking for a correct area but still not sure??? Anyway........ ....I'm wanting to know if there's a standard SAP Report or anything tha
-
How to: Fast save as word file (while working in word file)
I really don't like going in to the export menu all the time, but don't want to save my files as .pages (as I work in files of customers who only have Word or OpenOffice). How to do that?
-
I am trying to update my ipod touch.But ios6 will not down load
i have an ipod touch 4 version 4.2.1 that i am trying to update to 6.1.3 How ever every time i try downloading it through itunes the download stops and after about 3 minutes i get a box saying my network has timed out. I have run the trouble shooteer