Https with login page
Hi,
How can I make the default APEX login page secure (https)? The other pages will remain http. Is this possible? or I need to make the whole application https.
I think, in future APEX releases, it will benefit if there are options for declarative control over http/https in the same application.
Thanks.
Andy
Hi Andy,
just having HTTPS for the login page is insecure, because if you use HTTP for all other pages your session cookie can be stolen by a man-in-the-middle attack. Just remember a year or two ago when somebody released a Firebug plug-in to steal the session cookie for Facebook, Twitter, ... when those user are on the same WiFi.
Regards
Patrick
My Blog: http://www.inside-oracle-apex.com
APEX Plug-Ins: http://apex.oracle.com/plugins
Twitter: http://www.twitter.com/patrickwolf
Similar Messages
-
Home page opening with Login page
Hi,
Today we are facing a peculiar case, when we login to Unifier application. On successful login, the home is displayed with login page again. Please let me know hw to resolve this.
Regards,
DeepakTry ditching Dreamweaver and switching to Notepad ++, less bugs, less control from big brother, more nimble, less crashes ... simply better than this pile of junk.
Ok - put your style sheet in a separate file and link it.
If you're going to use styles then don't use attributes if you can get away with it. (Have a look at CSS Zen garden - such a great site. May be a little complicated for a beginner, but it gives you something to aim for.)
Ditch the table format - it makes everything far, far more complicated; try using DIVs instead.
NEVER nest tables if you can at all avoid it. Usually you can - it's just a case of looking at column and row spans.
NEVER use something like DreamWeaver in design mode - it's a huge waste of time.
Try starting with something more basic and build it up a step at a time. Test every change stage by stage - if you're painting a picture you never paint the whole thing then take a step back and look, you always paint a piece, step back and look, paint another piece etc...
Most importantly - research which setting (relating to tags, CSS and attributes) actually performs what operation, and which affects which browser. The classic example of this is the Internet Explorer 6.0 box model problem.
But most importantly, ditch DreamWeaver. Hell! VI is better! -
Hi,
Can anyone help me with the following issue: When I try logging into the login page using the URL_*(http://hostname.domainname)*_ the page is re-directed to the same URL but with https:_ in front of the URL but the login page is not displayed/shown.
But when i remove the 's' from https:_ and press enter i get the login page.Once i Login with the credentials also it is again re-directed to the https:hostname.domainame_.
Again only if i remove the 's' from (https:hostname.domainame) and press Enter do i get the responsibility page.This is happening each and every time when i click on responsibility its re-directed to https: link and i need to remove the 's' from https and press Enter to get the responsibility displayed.
Can anyone help me out with this issue.
Apps version :11.5.10.2Do you have SSL implemented? If not, please review the application context file for any referenced to https and change it to http then run AutoConfig and bounce the services.
Also, check if any of the profile options is set to https and change it to http -- How to Search all of the Profile Options for a Specific Value [ID 282382.1]
Thanks,
Hussein -
Https with tomcat-page cannot be displayed error
Hi,
when trying to connect using https browser displays page cannot be displayed message
I've created a self-signed certificate using the keytool program.
I've uncommented the connecter element for port 8443 in the server.xml file. I'm using jdk1.6 and tomcat 5.5.
please help as to what i might have done wrong
thankshi
I am also facing the same problem. I have installed jre5 and tomcat 5.
I am not getting any error in configuration. it is working when I am using
http://localhost:8443
but it is not working with
https://localhost:8443
please help me on this
Thanks in Advance
Dalwinder Kumar -
How to change the http regular login page
The iFS/HTTP authenticates users as Guest automatically. Can someone tell me how to change it back to the login dialog? Thanks.
Hey,
Thanks for the reply, but I didn't understand much.
Guess I'm just going to try and look on why I can't change the context path when deploying a webservice package using ant tasks.
Thanks again for the reply.
William -
Username and password with new login page
i have created an application where in which in login page i have created
3 items username and password confirm password . where does the
data entered in the items fall . how can i retrieve the data .Just some information :
- The problem with LOGIN page exists. I don't have that problem with for example GMAIL when defined as external application, but with my applications in Oracle Application Server.
- There is also another thing I don't understand. The link to external application is something like:
javascript:open_jwindow('../ealogin?ID=76D4766','76');
and couldn't be executed outside pls/orasso
in other words we can't give that to our users, can we? They should login to orassso and see that?
We don't want to involve them in Identity Management...
Any help is appreciated....
Regards -
Choosing between external and partner application and problem with login
We have an application on Oracle App Server 10.1.3.3 and we have an OID server.
I had taken this for granted that I should define the application as 'Partner Application' and not external application for single sign on.
Now that we need the 'PASSWORD' retrieved by application, we are considering defining it as an external application.
There are at least two problems I have encountered defining the application as external:
1. 'pageConfig:serverDate' is among the login form's inputs in the login page, but I can't set it in orasso 'Edit External Applications' page
2. After login using SSO as external application and when I click on the application's new link, the login page is shown with the username and password field filled, but I have to click on login button anyway (no automatic and invisible login).
I will be very grateful if someone gives a general view on the differences between external and partner, whether in this case external has to be used or partner and finally give some comment on my specific problem with login button and manual login.
Thank youJust some information :
- The problem with LOGIN page exists. I don't have that problem with for example GMAIL when defined as external application, but with my applications in Oracle Application Server.
- There is also another thing I don't understand. The link to external application is something like:
javascript:open_jwindow('../ealogin?ID=76D4766','76');
and couldn't be executed outside pls/orasso
in other words we can't give that to our users, can we? They should login to orassso and see that?
We don't want to involve them in Identity Management...
Any help is appreciated....
Regards -
Hi,
I have make a new and clean install of Windows Server 2012 R2 Essentials on my office network server and then i made a new and clean install of Windows 8.1 Enterprise version on one of my office desktops.
After all VPN and Anywhere Access where setup on the server i when to a PC that is inside my office network and browse on Internet Explorer to the URL to connect this PC to the server and make it part of the domain.
But when i browse to the http://MYSERVERNAME/connect im not getting the Windows Server page with the option to download the windows connector. Instead i get a login pop-up saying "iexplore" and "digest". I try to create a user on the server
and use that user login details on this login box, but even then, the only thing i get is a blank page saying a HTTP Error 404.
So can someone please help me on this? Any advice on how to solve this problem in order to show the normal Windows Server connect page?
ThanksHi,
Based on your description, please refer to following operations and troubleshoot this issue. Then check if
can help us to narrow down the cause of this issue.
Please type
http://server-IP-address/connect in IE. Then check if encounter the same issue.
On the Windows Server 2012 R2 Essentials, please open Internet Information Services (IIS) Manager. Navigate to Sites, then right click Default Web Site and select
Edit Bindings… In Site Bindings, select Port 80 and click “Edit…” button. Would you please provide a screenshot of the Edit Site Binding (Port 80) that you can see?
Then please click
Connect which in the list of Default Web Site. In the mid panel, select
.NET Authorization Rules and double click it. Then please check if all users were allowed.
By the way, would you please provide a screenshot of the login page when you browser
http://servername/connect? It may help me to understand this issue clearly.
Meanwhile, please logon a problematic client computer and navigate to the path: C:\ProgramData\Microsoft\Windows
Server\Logs folder. Then check if there is Computerconnector log file. If there is, please check it if can find some clues. (Please note: the log file is a hidden file. Please open Control Panel, select Folder Options, select View tab and check Show hidden
files, folders and drives. Then you will be able to find the log file.)
If any update, please feel free to let me know.
Hope this helps.
Best regards,
Justin Gu -
APEX 3.2 Associating application with SSO login page.
Hi
My requirement is to replace my login page of APEX3.2 application with an SSO login page. Also, the application uses some tables with some history columns like: "Last Updated by", "Created by", "Last Update Time", etc... While create/edit of any table, I want these columns to be automatically populated according to the credentials used in SSO login page to that application. Please help.
The link given on this forum (http://www.oracle.com/technology/products/database/application_express/howtos/sso_partner_app.html) for the purpose seems to be obsolete i.e. for previous versions of APEX.
Thanks
BhaveshBhavesh,
That how-to explains all the steps you need to set up SSO with Application Express.
As far as the audit columns, just create triggers on your tables. Referenced v('APP_USER') to get the authenticated username.
Scott -
My Macbook Pro is frozen on the login page with a white screen and only my login picture. How do I fix this? I can't turn it off and I closed it and let it charge but it's still not working. It's only 3 months old and was working perfectly fine 30min before this happened.
Hello Kierasully,
I would start your troubleshooting with the article below for issues of not being able to log in to your Mac. Start with booting up in to Safe Boot as well as resetting PRAM on your Mac. If that does not work, then verify the hard drive with booting to the Recover HD and go to Disk Utility to verify it.
Mac OS X: Gray screen appears during startup
http://support.apple.com/en-us/ts2570
Regards,
-Norm G. -
Not able to pass portal login page with valid credentials using WebDispatch
Hi,
We are implementing SAP BillerDirect Portal. To make BillerDirect Portal available over the internet, we Configured SAP WebDispatcher with SSL termination. We followed the steps mentioned in SAP Help Documentaion for SAP WebDispatcher with SSL termination.
http://help.sap.com/saphelp_nw2004s/helpdata/en/76/6d4fa247d0d647b5bd40745400d873/frameset.htm
We created certificate and send it to CA (TrustCenter CA). We received the CA response and we imported the certificate.
AS mentioned in the help document, we configured the SAP Web Dispatcher profile to support SSL termination
We tried to access our BillerDirect Portal over the internet using below link
https://company.com/bd
We are getting login page, once we enter correct user ID and Password, portal is not loading (not going to next page) portal remains on same login page.
If we enter invalid credentials portal login page is giving u201CUser Authentication Failedu201D error.
If we try to access any portal login pages which brings a pop-up for login, login gets succeeded and we are able to see next pages
Examples
1) https://company.com/bd/admin/xcm/init.do
2) https://company.com/monitoring/SystemInfo
All pages which bring up portal login page without pop-up, not able to pass through portal login screen.
We Tried the ProxyMapping option on Dispatcher using Visual admin. This option also didnu2019t work for us.
Here is the WebDispatcher Profile
SAPSYSTEMNAME = xxx
SAPGLOBALHOST = xxxxx
SAPSYSTEM = 00
INSTANCE_NAME = W00
DIR_CT_RUN = $(DIR_EXE_ROOT)\$(OS_UNICODE)\NTI386
DIR_EXECUTABLE = $(DIR_CT_RUN)
Accesssability of Message Server
rdisp/mshost = hostnameofportalserver with FQDN
ms/http_port = 8101
Configuration for medium scenario
icm/max_conn = 500
icm/max_sockets = 1024
icm/req_queue_len = 500
icm/min_threads = 10
icm/max_threads = 50
mpi/total_size_MB = 80
SAP Web Dispatcher Ports
icm/server_port_0 = PROT=HTTPS,PORT=443
icm/server_port_1 = PROT=HTTP,PORT=80
icm/HTTPS/verify_client = 0
SAP Web Dispatcher Web Administration
icm/HTTP/admin_0 = PREFIX=/sap/wdisp/admin,DOCROOT=D:\usr\sap\xxx\W00\data\icmanroot\admin,AUTHFILE= D:\usr\sap\xxx\SYS\global\security\data\icmauth.txt
Parameters for the SAP Cryptographic Library
ssl/ssl_lib = D:\usr\sap\xxxW00\sapcrypto.dll
ssl/server_pse = D:\usr\sap\xxx\W00\sec\SAPSSLS.pse
ssf/name = D:\usr\sap\xxx\W00\sec\SAPSSLS.pse
ssf/ssfapi_lib = D:\usr\sap\xxx\W00\sapcrypto.dll
sec/libsapsecu = D:\usr\sap\xxx\W00\sapcrypto.dll
wdisp/ssl_cred = D:\usr\sap\xxx\W00\sec\SAPSSLC.pse
Parameters for Using SSL to the backend server
wdisp/ssl_encrypt = 1
wdisp/ssl_auth = 1
wdisp/ssl_cred = D:\usr\sap\xxxW00\sec\SAPSSLC.pse
wdisp/ssl_certhost = hostnameofportalserver with FQDN
wdisp/ssl_ignore_host_mismatch = true
#ICM Parameters
icm/HTTP/j2ee_0 = PREFIX=/, HOST =hostnameofportalserver with FQDN PORT=50000,SPORT=50001, SSLENC=1,TYPE=1, CRED =D:\usr\sap\xxx\W00\sec\SAPSSLC.pse
We also tried below options in WebDispatcher profile but we are getting same problem.
wdisp/add_client_protocol_header = true
wdisp/add_clientprotocol_header = 1
wdisp/ssl_ignore_host_mismatch = true
#ICM Parameters
icm/HTTPS/forward_ccert_as_header = true
icm/HTTPS/trust_client_with_issuer = *
icm/HTTPS/trust_client_with_subject = *
we also tried
wdisp/ssl_encrypt = 0
wdisp/ssl_auth = 0
we also tried
wdisp/ssl_encrypt = 2
wdisp/ssl_auth = 2
We are not able to resolve issue. Please help us on resolving this issue.
Thanks
Praveen' in Host Names is not allowed. Our hosname has '_'.
http://help.sap.com/saphelp_nw70ehp1/helpdata/en/67/be9442572e1231e10000000a1550b0/frameset.htm -
Help with implementing a login page - ADF Faces & 10.1.3
I am having trouble getting a basic login page working and am hoping someone can help. I'd like to have a login page with username and password fields and a submit button. When submitted, I would like to authenticate the user and either send them to a second page if I find the username & password, or return them to the login page and display a global JSF message if I can't find the username/password info. Pretty standard stuff.
I've got an app module that contains a read-only view object, which has a custom method (in MyViewImpl.java) that checks the username & password against a database table and returns a boolean. I don't have an entity object since it's a read-only view.
I've tried 2 different approaches:
1) Binding the username and pw inputText fields to the parameters of my custom method, and binding the submit button to the custom method, all done by drag and drop from my data controls.
The problem with this approach is that I cannot figure out how to set the global message if the username/password combo is invalid. Once my method is invoked, it returns an "action" String and page navigation occurs (In this case, I have my custom method return a String instead of a boolean). If login fails, at what point do I set the global message?
2) Using a backing bean for my login page and binding the fields and the button to the bean, and setting the button's action to a method in the bean, which then calls my custom method. Finally, either set the message or navigate based on the boolean returned from my method.
This seems the better approach, since it keeps the navigation and error message in the ViewController. The problem here is that I can't figure out how to call my custom method from my backing bean. I've seen a few examples, including one using a managed property and calling the action binding's invoke() method, but haven't had any luck (see #51 on this page: http://radio.weblogs.com/0118231/stories/2004/09/23/notYetDocumentedAdfSampleApplications.html). The invoke() method does not return a value, so I cannot get the boolean value I need.
So, I'm apparently missing a piece (or two or three) of the puzzle here. Any guidance is most welcome! And I'm fine with changing any piece of this puzzle if there's a better way of accomplishing this.
Thanks,
AndyFrank,
Thanks for your reply. I'm not sure if container managed authentication is a good fit or not for my current application, so I will have to look into the details of how it works. Thanks for the suggestion. Whether I use it or not, I will still need to authenticate against a database and not a flat file due to the fact that users may come and go and change passwords frequently, and my application will not be handling the management of that.
So, I would be still left with the task of accessing the ViewObject and navigating/displaying a message based on the results of that lookup. Fortunately, after slogging through my code and consulting the ADF documentation that is scattered throughout the Oracle website, I was able to get the login page working as I wanted (I found the "Accessing Bindings and Binding Containers from JSF Backing Beans" section of http://www.oracle.com/technology/products/jdev/tips/muench/1013eabinding/index.html to be especially helpful). I used the submit button's action to call a method in the backing bean that sent the username and password to my application module's custom authentication method. When I got the boolean result, I either returned a "success" action or set a global JSF message and returned "null".
Needless to say, I am looking forward to the ADF/JSF version of the Toystore application, along with some sort of comprehensive framework documentation.
Thanks,
Andy -
hi guys
i have configured trusted identity provider for my public facing internet portal, but i dont want to use the login screen
since i have about 10 site collection which will use this authentication.
is there a class or property that gives me the url ready with the parameters like "wa" and "wtrealm" and the redirect url based on the place the user click the link from.You can create your own login page and specify the URL for it in the authentication provider settings of a Web Application or Zone. So the easiest way to do what you want would be to extend your existing Web Application to a new Zone, change the login
Page url to point to use your custom zone, and tell users to use the url of that zone to login with the custom provider you have built.
If you want a single zone then you will need to modify a copy of the login page you display above and have it redirect to a custom login page for your identity provider if the pick the correct entry in the dropdown.
Paul Stork SharePoint Server MVP
Principal Architect: Blue Chip Consulting Group
Blog: http://dontpapanic.com/blog
Twitter: Follow @pstork
Please remember to mark your question as "answered" if this solves your problem. -
How to: create a Login page with data tags
hi, how could i create a jsp login page using the data tags.. and how to associate it with the other jsp pages that should be displayed in case of the correct insertion of the password .
http://technet.oracle.com:89/ubb/Forum2/HTML/006025.html
-
Login page Apex 3.1.1 very slow with remote access
I've recently installed Oracle Database 11.1.0.6.0. and upgraded Apex 3.0 to Apex 3.1.1
I've also configured the Embedded PL/SQL Gateway on port 7779.
When I browse locally to http://<host-name>:7779/apex everything goes fine, but when I browse to the same URL (with host-name OR IP adress) it takes up to 5min to load the login page. Once I can login, browsing through Apex is as fast as locally.
Is this a new security feature of Oracle 11G ?
Please adviceThe issue was already solved and you are right. It was an DNS issue. We are using a proxy server and with the proxy server enabled the login page of APEX takes a while to load. When disabling the Proxy Server, it goes like hell.
I was not familiar with the phenomenon, but finally I found. thanks a lot...
Kindly regards
Maybe you are looking for
-
How to share files and folders between users of a same mac
Hello, I would like to share a folder among users of the same Mac. I have a folder called toto, containing files and folders and i would like to share toto with other users of my mac. I would like the other users to be able to read and write every fi
-
Why can't I select Text box in Adobe XI?
I am SO frustrated. I can't do something so simple as select a text box in Adobe XI. Whenever I try, all it does is edit the text. I have tried clicking all over in different spots of the object with the select object tool and all it will ever do is
-
Why is my easy view and expert view not showing up in my controller assignments window
when i go to contol surfaces and then select the controller assignments i do not have the option to hit the easy view or the expert view i was wondering if anyone knew why this is?
-
Project Code Update after AR Invoice posted
Dear Experts, I have AR Invoices with blank Project Codes on the rows. Is there anyway to updated these? Holding thumbs, Adriaan
-
ERROR in setPayload: ORABPEL-10171
Hi , One of our Customer is getting the following error in in the PRODUCTION ENV . This error has occured due to failure of update payload. OraBPEL~OC4J_BPEL~default_island~1:_ 07/01/26 08:38:57 ERROR in setPayload: ORABPEL-10171 Worklist Service Tas