External authentication from APEX

Hi All
I have a problem. User need to get over on new system external to APEX and automatically authenticate there. I know login and password. How execute authentication?
Is any idea, may be using apex or just javasrcipt?

Hello,
If your compliance team is worried about network packet sniffers, then you should be using SSL, using a Cookie would not solve that problem (as the information would still be transmitted in clear text).
If you search this forum for 'cookie' you should find quite a few hits on how to use Cookies in APEX (including how to create and read them).
John.
http://jes.blogs.shellprompt.net
http://apex-evangelists.com

Similar Messages

Call more external webservice from apex

How can call more external webservice from apex - consecutively one after another - one execute, than next used as a parameter of the previous webservice results

Sandboxed solution server code can't call an external web service. There are ways to write a sandboxed solution that calls a web service using client side code. Here's a sample of a silverlight application deployed via the sandbox that can call
an external web service.
http://msdn.microsoft.com/en-us/library/gg615590(v=office.14).aspx
Paul Stork SharePoint Server MVP
Principal Architect: Blue Chip Consulting Group
Blog: http://dontpapanic.com/blog
Twitter: Follow @pstork
Please remember to mark your question as "answered" if this solves your problem.

Pointing to external Database from apex application

Hi Guys,
Is that possible to point to databse exist in another server through apex application ? is there any configuration like that ?

You would make this kind of connection within a schema/database that your Apex instance already has access to, or a different schema, which you would then make available to Apex. Once you have this setup you can reference the external database/tables just like any other table in Apex. You may be limited to which operations are supported on the external data, depending on whether it's an Oracle dblink or an ODBC connector, etc.
Earl

BOFC 10.0 External Authentication

Hi there,
I have installed a BO Financial Consolidation 10.0 and a BO BI Platform 4.0 on the same machine. Now I want to set up the external authentication from FC to BI Platform.
In the FC WebAdmin page I've configured the 'External authentication configuration string' to 'Business Objects Enterprise XI Authentication' and the CMS servername is the hostname the applications are installed on.
This doesn't work. Maybe there is missing something. The BOFC Login doesn't accept a user that is configured in the CMC from BI Platform.
I've searched for a long time, bud didn't find more than the short description in the instguide.
I would be really thankful if you might help me figure out whats exaclty missing.
Best regards

Hello,
In your steps you did no mention that you have created the user in BOFC10 itself
An external user still needs to be defined in the BOFC application (as it needs a profile). On the authentication tab, you can specify that this an externally authenticated user and indicate its BOE (CMC) name/alias
Regards
Marc Kuipers
SAP Support

Navigate to external URL from secured APEX server

NOTE I am using the internal Oracle APEX server to host my application, so it may be possible that you will have to be an Oracle employee with the same access, or using a similar setup, in order to respond. Even if you are not, if you feel inclined to "take a swing" at it, keep this in mind.
Hi all,
I am using the internal APEX server at oracle to host an application (Application Express 4.0.2.00.07). I have other, NON-APEX applications hosted on other servers within the Oracle firewall.
On page 0 of the APEX application (which, as you may know, usually displays as the "header" section of every other page in the application) I have created a select list of the other projects and their associated URLs as well as a "Go" button, so users that want to navigate to the other applications can do so from this application. Since page 0 does not seem to allow the creation of standard branch items (please correct me otherwise), I have created a process on that page triggered by the "Go" button. The process currently contains the following code:
begin
apex_application.g_unrecoverable_error := true;
htp.p('<script language="JavaScript">
window.open (:P0_PRODUCT_PAGES); 
</script>');
end;
That code currently replaces the existing page with a blank page and the associated URL is "https://apex.oraclecorp.com/pls/apex/wwv_flow.accept". I am assuming this means that APEX was looking for an application ID and/or page and did not get it so it "stopped" at this page.
I am unaware if there are any settings on the APEX server, DB,or associated web server preventing me from navigating outside of APEX once I am running the hosted application.
I would like to launch another properly-sized (default) browser window rather than replace the existing window pointing to the URL for the selected application.
I have also tried using the owa.util code to try to generate the proper URL but was likewise unsuccessful.
NOTE: I am not looking for different ways to do this by changing server parameters, settings, etc. since I do not have server rights to do this. Additionally, due to time constraints, I would prefer not to be drawn in to a discussion of the comparisons and/or benefits of owa.util or javascript over the other for navigating to an external URL from within APEX, etc. (I'm not trying to be a "punk", but I AM under the gun to resolve this with very limited time). In light of this, please indicate if you have a working option to do this under similar conditions that I can implement quickly. I have done much research within the forums and Googled extensively for information from outside sources but have not yet found something that will provide the proper results.
If you are an oracle employee and wish to contact me directly, please email me at [email protected]
Crossing my fingers and hoping someone has done this before.
Many thanks in advance; your useful contribution will actually contribute to lessening the world's INSOMINA factor considerably (mostly mine). ;)

>
I would like to launch another properly-sized (default) browser window rather than replace the existing window pointing to the URL for the selected application.
I have also tried using the owa.util code to try to generate the proper URL but was likewise unsuccessful.
>
Opening a URL in a new tab or window has to happen in the browser, without submitting the page. The server doesn't know about browser windows. Use:
onchange="window.open(this.value);" in the HTML Form Element Attributes property of <tt>P0_PRODUCT_PAGES</tt> (making the "Go" button unnecessary), or, if the "Go" button is required to match the LAF:
onclick="window.open($v('P0_PRODUCT_PAGES'));"in the button Attributes property, ensuring the button is a template button including the <tt>#BUTTON_ATTRIBUTES#</tt> substitution string, e.g.
<input type="button" value="#LABEL#" #BUTTON_ATTRIBUTES# />Ensure that absolute URLs are used in the <tt>P0_PRODUCT_PAGES</tt> where necessary, specifying the correct scheme for the site, so that you are not trying to go to <tt>{noformat}https://apex.oraclecorp.com/pls/apex/www.google.com{noformat}</tt> for example:
f?FOO:BAR:&APP_SESSION. // other APEX app hosted on apex.oraclecorp.com sharing the same authentication scheme
https://foo.oraclecorp.com // other secured internal site
http://www.google.com // unsecured external site

How to call Operating System commands / external programs from within APEX

Hi,
Can someone please suggest how to call Operating Systems commands / external programs from within APEX?
E.g. say I need to run a SQL script on a particular database. SQL script, database name, userid & password everything is available in a table in Oracle. I want to build a utility in APEX where by when I click a button APEX should run the following
c:\oracle\bin\sqlplusw.exe userud/password@database @script_name.sql
Any pointers will be greatly appreciated.
Thanks & Regards,

Hi Guys,
I have reviewed the option of using scheduler and javascript and they do satisfy my requirements PARTIALLY. Any calls to operating system commands through these features will be made on the server where APEX is installed.
However, here what I am looking at is to call operating systems programs on client machine. For example in my APEX application I have constructed the following strings of commands that needs to be run to execute a change request.
sqlplusw.exe user/password@database @script1.sql
sqlplusw.exe user/password@database @script2.sql
sqlplusw.exe user/password@database @script3.sql
sqlplusw.exe user/password@database @script4.sql
What I want is to have a button/link on the APEX screen along with these lines so that when I click that link/button this entire line of command gets executed in the same way it would get executed if I copy and paste this command in the command window of windows.
Believe me, if I am able to achieve what I intend to do, it is going to save a lot of our DBAs time and effort.
Any help will be greatly appreciated.
Thanks & Regards,

Not authenticated from external ldap in a cluster

I am having trouble getting authenticated from an Iplanet LDAP, when the weblogic is configured in a Cluster.
-I can authenticate with Embedded LDAP domain wide
-I can authenticate on the external LDAP if I send the request to Admin server
Here is my cluster configuration (all with Weblogic 7.0 SP4)
*Admin Server Port: 9209
*Cluster server 1 : 7209
*Cluster server 2 : 8209
*Proxy server : 9090 (configured with HttpClusteredServlet)
http://myserver.com:9090/j_security_check fails
http://myserver.com:9209/j_security_check works
Please let me know what is wrong?

"Bob" <[email protected]> wrote in message
news:3f9fd466$[email protected]..
I am having trouble getting authenticated from an Iplanet LDAP, when theweblogic is configured in a Cluster.
-I can authenticate with Embedded LDAP domain wide
-I can authenticate on the external LDAP if I send the request to Adminserver
Here is my cluster configuration (all with Weblogic 7.0 SP4)
*Admin Server Port: 9209
*Cluster server 1 : 7209
*Cluster server 2 : 8209
*Proxy server : 9090 (configured with HttpClusteredServlet)
http://myserver.com:9090/j_security_check fails
http://myserver.com:9209/j_security_check works
Please let me know what is wrong?Are you sure that the ldap authentication is actually occuring? I would
define the
DebugSecurityAtn="true" attribute on the ServerDebug mbean for the cluster
server members and then look at the log and the ldap_trace.log files to see
what is happening with LDAP.

Essbase security Migration from native mode to external authentication

Hi!!
I want some guidance on setting up security, all the users are currently in Native user mode and Native groups.
Now we want to migrate to external mode, current version of hyperion is 11.1.1.3, any steps to follow in
this direction would be really helpful.
What is the best way of migrating huge user base from native directory to setting up for external authentication,
this is the first time move from native to external authentication, If anyone who has done this will be helpful.
steps to setup , maxl based migration will be helpful or utility based.
Thanks

When you say native mode do you mean that that essbase security is in native mode and you want to convert to shared services security mode,or do you mean you are using shared services securtiy with native users and you want to use an external directory like MSAD.
For your question ::
Yes the first piece is correct, our security is in native mode.
and we want to convert to shared services security mode,
The request involves moving from essbase native mode to Shared services native user mode (moving all the existing users, groups and existing provisioning)
The next stage is moving from Shared services native user mode to external directory. (moving all the existing users, groups and existing provisioning)
Your input will guide me in the direction.
Thanks

Invoking 'active directory external authentication plug-in' from login.jsp

Hi
I am using the Oracle AS 10g on Unix. We have a web application in JAVA based on OC4J Framework.
Currently user use application url for accessing the login page, enters credentials and then the authentication is done through LDAP.
Now we have to remove the login page from application. i.e. once user is successfully logged in Windows on his pc, and tries to access our application through it's url, he must be automatically authenticated using the credentials entered in windows and display the welcome page of application. Same as any intranet application.
For this requirement, we have 'active directory external authentication plug-in' installed on server.
What we need to know is how this process will work and changes required in our jsp page to invoke this plug-in and authenticate user by accessing windows-credentials automatically.
kindly let me know

Hi
I am currently using NTLM to fetch the windows username and then creating an anonymous connection with the LDAP Server.
Then i serach using the user name in ldap directory.
NTLM is no longer required , instead we have 'active directory external authentication plug-in' installed on LDAP.
as far as i know the plug-in will process the kerberos ticket generated by windows to automatically authenticate.

Proxy login from externally authenticated user

Hi Experts,
I created an externally authenticated user in database. And can login without password with below syntax.
SQL> connect / @TESTDB
Connected.
SQL> show user;
USER is "SCOTT"
This scott user has a proxy permission to another DBuser PROXY_USER.
I got the syntax but that works only from Database OS.
sqlplus [proxy_user]/
SQL*Plus: Release 11.1.0.6.0 Production on Mon Nov 15 16:28:47 2010
Copyright (c) 1982, 2010, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Release 11.1.0.6.0 - 64bit Production
I can connect as externally authenticated user from windows CLIENT running on Release 10.2.0.1.0
SQL> connect / @TESTDB
Connected.
But the above mentioned Proxy connectivity syntax fails with below from CLIENT
SQL> connect [proxy_user]/ @TESTDB
SP2-0306: Invalid option.
Usage: CONN[ECT] [logon] [AS {SYSDBA|SYSOPER}]
where <logon> ::= <username>[<password>][@<connect_identifier>] | /
But the same syntax works from Database OS!
I can login from TOAD but can't login from SQLDEVELOPER or SQLPLUS
My sqldeveloper version is:
Version 2.1.1.64
Build MAIN-64.45
and sqlplus is:
SQL*Plus: Release 10.2.0.1.0
Any idea?
Thanks.
Edited by: Nadvi on Nov 18, 2010 3:09 PM

Hi Nadvi
If you get SQLPLUS working SQLDeveloper (thick jdbc/oci/instant client) is certainly worth trying.
I am not sure what is the issue with your setup the proxy usecases I am familiar with are:
Through the SQLDeveloper ui
There are two ways of doing proxy logins:
where p1 is proxy user and c1 is proxy client:
1/single session method (if no 2nd password or distinguished name required)
on main connection popup
user: p1[c1]
password: p1
2/Two session method
Main Connection popup
user: p1
password p1
popup connection authentication
proxy client: c1
none or password or distinguished name
-Turloch
SQLDeveloper Team

Post to authenticator from an external website / html form

Is it possible to post to a authenticator from an html page containing the form located on an external website?
I have developed a custom login module for the portal server, so I tried fiddling a bit and cheating with the states. Problem is the login module still expects to be called first for displaying the form... resulting in the fact that a form post to the authenticator displays the portal login form in stead of actually validating credentials right away.
I am trying to achieve something like the login box topleft on http://mysun.sun.com/
Anybody who has experience on this part and can help me out?

What you might want to do is look at the way that the login provider has been built.(Usually available when using anonymous login).
<INPUT TYPE=HIDDEN NAME="arg" SIZE=-1 VALUE="newsession">

<INPUT TYPE=HIDDEN NAME="page" SIZE=-1 VALUE="1">
<INPUT TYPE=HIDDEN NAME="Submit" SIZE=-1 VALUE="Login">
This seems to almost just "pass" the credentials through to the authenticator. It also destroys the current session, and forces the portal to start a new session.
You can find more info on this in the Release notes for SP3/SP4. See http://docs.iplanet.com
HTH

External authentication question

Hello,
I am running an apex app in a secured environment. The authentication is handled by the environment, and a username passed to apex pages in a server variable, which I am able to use to set apex_application.g_user. Now, the user is only able to access apex pages via the security proxies, which make sure that the user is authenticated, etc. All page requests go through these security proxy servers.
Now, my question is this: I've set the g_user in a custom page sentry function. I don't know a whole lot about this stuff, and so just deleted all of the session-verification stuff from the function that I copied, and return true always. Because, I'm thinking, the security proxies take care of all that. Is that okay? Or should I set that value somewhere else, and leave things that I don't understand alone? If so, where?
Here's my page_sentry function:
create or replace FUNCTION custom_Page_Sentry_Func (p_htmldb_user VARCHAR2 DEFAULT 'APEX_PUBLIC_USER' )RETURN BOOLEAN AS
l_authenticated_username VARCHAR2(256) := nvl(UPPER(OWA_UTIL.GET_CGI_ENV('HTTP_IV_USER')),'NOT_AF_AUTH');
IS_USER NUMBER := 0;
L_CURRENT_SID NUMBER;
BEGIN
--The server is behind the login system, so if the ApEx pages are shown, the login has succeeded (and we will find the cookie)
-- If logged in user is not a user (doesn't exists in USERS table)
-- THEN create a record in the table
SELECT COUNT(*)
INTO IS_USER
FROM USERS
WHERE USERNAME = l_authenticated_username ;
IF IS_USER = 0 THEN
INSERT INTO USERS (USERNAME,SSN) VALUES (l_authenticated_username,'111111111');
END IF;
apex_application.g_user := l_authenticated_username;
RETURN TRUE;
END custom_Page_Sentry_Func;
Thanks, -warren

I am setting g_user so that I can see auditing info in the DB, etc.
The database won't be aware of that value unless you set it into a context, e.g., by using dbms_session.set_identifier or some such device. You would pass v('APP_USER') into such a call that you could run as the VPD block of your application (edit application securiyt attributes to find that field).
But my apex "user" is APEX_PUBLIC_USER, same user for everyone. I'm not going to inadvertantly change that by calling the things that get called in the nmlt (or whatever it's called) page sentry function with my externally authenticated username, am I?
Correct.
Scott

Error while Configuring AD external authentication plug in

Hi
While configuring Active directory external authentication plug I am getting following error
OID Active Directory Plug-in Configuration
Please make sure Database and OID are up and running.
Please enter Active Directory host name: clmad101.ad.company.com
Do you want to use SSL to connect to Active Directory? (y/n) n
Please enter Active Directory port number [389]: 389
Please enter DB connect string:SQLPLUS sys/manager1 @infradb.ad.company-.com @md61nthiims1.ad.company.com:1521
Please enter ODS password:
Please enter confirmed ODS password:
Please enter OID host name: md61nthiims1.ad.company.com
Please enter OID port number [389]: 389
Please enter orcladmin password:
Please enter confirmed orcladmin password:
Please enter the subscriber common user search base [orclcommonusersearchbase]:
CN=Users,dc=ad,dc=company,dc=com
Please enter the Plug-in Request Group DN:
Please enter the exception entry property [(!(objectclass=orcladuser))]: (|(!obj
ectclass=orcladuser))(cn=orcladmin))
Do you want to setup the backup Active Directory for failover? (y/n) n
Installing Plug-in Packages ...
Usage: SQLPLUS [ [<option>] [<logon>] [<start>] ]
where <option> ::= -H | -V | [ [-C <v>] [-L] [-M <o>] [-R <n>] [-S] ]
<logon> ::= <username>[<password>][@<connect_identifier>] | / | /NOLOG
<start> ::= @<URL>|<filename>[.<ext>] [<parameter> ...]
"-H" displays the SQL*Plus version banner and usage syntax
"-V" displays the SQL*Plus version banner
"-C" sets SQL*Plus compatibility version <v>
"-L" attempts log on just once
"-M <o>" uses HTML markup options <o>
"-R <n>" uses restricted mode <n>
"-S" uses silent mode
Usage: SQLPLUS [ [<option>] [<logon>] [<start>] ]
where <option> ::= -H | -V | [ [-C <v>] [-L] [-M <o>] [-R <n>] [-S] ]
<logon> ::= <username>[<password>][@<connect_identifier>] | / | /NOLOG
<start> ::= @<URL>|<filename>[.<ext>] [<parameter> ...]
"-H" displays the SQL*Plus version banner and usage syntax
"-V" displays the SQL*Plus version banner
"-C" sets SQL*Plus compatibility version <v>
"-L" attempts log on just once
"-M <o>" uses HTML markup options <o>
"-R <n>" uses restricted mode <n>
"-S" uses silent mode
Usage: SQLPLUS [ [<option>] [<logon>] [<start>] ]
where <option> ::= -H | -V | [ [-C <v>] [-L] [-M <o>] [-R <n>] [-S] ]
<logon> ::= <username>[<password>][@<connect_identifier>] | / | /NOLOG
<start> ::= @<URL>|<filename>[.<ext>] [<parameter> ...]
"-H" displays the SQL*Plus version banner and usage syntax
"-V" displays the SQL*Plus version banner
"-C" sets SQL*Plus compatibility version <v>
"-L" attempts log on just once
"-M <o>" uses HTML markup options <o>
"-R <n>" uses restricted mode <n>
"-S" uses silent mode
Registering Plug-ins ...
adding new entry cn=adwhencompare,cn=plugin,cn=subconfigsubentry
adding new entry cn=adwhenbind,cn=plugin,cn=subconfigsubentry
Done.
Is there anythign wrong in the DB connect string??
Thanks

Did you check the debug information from the external auth plugin.?
This is mentioned in metalink note https://metalink.oracle.com/metalink/plsql/showdoc?db=NOT&id=277382.1
here an excerpt:
D) Enabled plug in debugging at the database level. Reference documentation: Oracle Internet Directory Administrator's Guide 10g (9.0.4) Chapter 43 Integration with the Microsoft Windows Environment - Troubleshooting Integration with Microsoft Windows Under section "Debugging the Microsoft Active Directory External Authentication Plug-in"
...enable the plug-in debugging. To do this, enter:
> sqlplus ods/odspassword @$ORACLE_HOME/ldap/admin/oidspdon.pls
To check the plug-in debugging log, enter:
> sqlplus system/manager
SQL> select * from ods.plg_debug_log order by id;
(To delete the plug-in debugging log:
> sqlplus system/manager
SQL> truncate table ods.plg_debug_log
To disable the plug-in debugging:
> sqlplus ods/ods @$ORACLE_HOME/ldap/admin/oidspdof.pls
E) Dump the plug-in profile to make sure it is enabled and configured correctly:
> ldapsearch -h <OID host> -p <OID port> -D "cn=orcladmin" -w <orcladmin password> -b "cn=plugin,cn=subconfigsubentry" -L -s sub "(objectclass=*)" "*"
please take also a look into the DIPTESTER tool available in
http://www.oracle.com/technology/sample_code/products/oid/java_diptester.tar
regards
--Olaf

PHP external authentication issue

Trying to login to AFCS connection using external authentication.
PHP file generates a key correctly and everything seems to fine up until i get to using the key inside flex.
at the login stage i get the following error in the console trace from the library login call
As far as i can tell everything is right... how can i tell what is wrong with the authentication key?
AFCS Beta Build # : 1.1
requestInfo https://connectnow.acrobat.com/{roomname}?exx=eDp7dXRmOF9lbmNvZGUoZGFyaXVzKX06OmRtOmFnZW50ZG06aHR0cHM6Ly9jb25uZWN0bm93LmF jcm9iYXQuY29tL2hpaW50ZXJmYWNlL2RtOjEwMDo4N2NmNWUwMjIzZTVhMmFkYzI2MmY4MDVlNWJmMWVlM2Y4OTJlY 2Qx&mode=xml&x=0.2519759591668844
#THROWING ERROR# bad authentication key

There are a few mistakes in the key. There is some PHP 'code' in it (wrong string expansion ?) and you are using a full URL instead of the room name.
If you want more details send me a private message, but you should check the way you call the get authentication token method.

AD External Authentication Plug-In verification issue

We are working on a Proof of Concept instance to integrate MS AD with OID for the first time for E-Biz 11i.
1) I completed the bulk load of all the existing users from AD to OID successfully
2) completed enabling the syncrhonization profile
3) Ran the txkrun.pl successfully
4) However i wanted to check the External authentication plug-in and i get the below issue.
How to debug ldapcompare ? Where is the logfile for ldapcompare ?
ldapcompare -h OID_Host -p 389 -D "cn=orcladmin" -w ******* -b "cn=lastname\, firstname,ou=consultants,ou=users,ou=usaeast,dc=adadmin,dc=lps,dc=netsrv,dc=us" -a userPassword -v abcdefgh
The value abcedefgh is not contained in the attribute userPassword in DN cn=lastname\, firstname,ou=consultants,ou=users,ou=usaeast,dc=adadmin,dc=lps,dc=netsrv,dc=us.
An ldapbind on the same AD server is successful, but ldapcompare is failing.

I get invalid credentials. Though the network password is correct. I feel its somewhere i messed up the 3rd party plug-in configuration. Is there a method to get debug information for ldapcompare command ?
From metalink NOTE : 277382.1
"When using the above command, ldapcompare binds to OID using the OID admin user (typically "cn=orclAdmin") and password. Then it provides the AD username and requests that the value supplied as AD-USER-PASSWORD be compared to whatever is stored in AD username's userPassword attribute. Because OID does not store a value in its own user entries/userPassword attributes for AD-synchronized entries, this ldapcompare call will cause OID to invoke the plug-in and verify the userPassword value in AD instead.
If the plug-in works, the ldapcompare should return a message saying that the given password is contained in the userpassword attribute, e.g.
"

External authentication from APEX

Similar Messages

Maybe you are looking for