This discussion is archived
13 Replies Latest reply: Aug 12, 2012 5:03 PM by 786160 RSS

How to get username from HTTP request headers in APEX

INAMIK Newbie
Currently Being Moderated
Hello,

I'm a total newbie to apex and looking for some help.

My organization is now using APEX internally for applications.
We are using APEX 4.0 on oracle 11g database.

We use CA site-minder agent for single sign-on on an Apache web-server.

We are trying to get the username that's passed in through the HTTP request headers.

Can someone provide me with directions on how to do this?
I've been struggling to find out how to exactly do this.

Thanks
Kimani
  • 1. Re: How to get username from HTTP request headers in APEX
    Patrick Wolf Employee ACE
    Currently Being Moderated
    Hi Kimani,

    if you have the possibility to upgrade to APEX 4.1 then you should consider that because it contains a pre-build "HTTP Header Variable" authentication scheme where everything is handled for you.

    If that's not possible, please have a look at the following posting by Joel Kallman http://joelkallman.blogspot.com/2010/10/custom-authentication-scheme-for-oracle_20.html
    It explains a HTTP header based authentication for Oracle Access Manager, but it will be the same for CA site-minder.

    But I would suggest to use the HTTP Header Variable authentication of 4.1, because it's more sophisticated and will allow you to have public pages where you don't need a CA site-minder authentication, compared to the 4.0 solution which always authenticates all requests issued to the URL /apex/.

    Regards
    Patrick
    -----------
    My Blog: http://www.inside-oracle-apex.com
    APEX Plug-Ins: http://apex.oracle.com/plugins
    Twitter: http://www.twitter.com/patrickwolf

    Edited by: Patrick Wolf on Feb 29, 2012 10:53 AM
  • 2. Re: How to get username from HTTP request headers in APEX
    INAMIK Newbie
    Currently Being Moderated
    Patrick, thanks for your response.
    Do you have any instructions on using the 4.1 method?
  • 3. Re: How to get username from HTTP request headers in APEX
    Patrick Wolf Employee ACE
    Currently Being Moderated
    Hi,

    in 4.1 it's very simple.

    1) As soon as you have configured OHS (Oracle HTTP Server) to pass through the HTTP header variable (see the document linked in the blog posting) you just have to
    2) switch your application authentication scheme to "HTTP Header Variable".
    3) If your header variable is not named REMOTE_USER, you have to enter it into the attribute "HTTP Header Variable Name" of your authentication.
    4) Now you have to setup CA site-minder. The easiest would be if you tell site-minder that it should protect the URL /apex/apex_authentication.callback so that it triggers the login and provides the username in the HTTP Header Variable. Please see field level help of the authentication scheme attribute "Action if Username is Empty".

    Regards
    Patrick
    -----------
    My Blog: http://www.inside-oracle-apex.com
    APEX Plug-Ins: http://apex.oracle.com/plugins
    Twitter: http://www.twitter.com/patrickwolf
  • 4. Re: How to get username from HTTP request headers in APEX
    INAMIK Newbie
    Currently Being Moderated
    Patrick, Thanks

    If we upgrade to 4.1, do you know if there will issues with applications that were created with 4.0?
  • 5. Re: How to get username from HTTP request headers in APEX
    Patrick Wolf Employee ACE
    Currently Being Moderated
    Hi,

    I don't think so. But I would recommend to always test your apps if you upgrade to a new version of APEX before you put it into production.

    Regards
    Patrick
    -----------
    My Blog: http://www.inside-oracle-apex.com
    APEX Plug-Ins: http://apex.oracle.com/plugins
    Twitter: http://www.twitter.com/patrickwolf
  • 6. Re: How to get username from HTTP request headers in APEX
    INAMIK Newbie
    Currently Being Moderated
    Patrick,

    I know its been some time.

    Our DBA's were just now able to get APEX 4.1 installed.

    I migrated my application into 4.1.

    I now see the HTTP Header Scheme, but i'm trying to figure out how to use it.


    My users will be logging in thru ca site-minder. Site-minder passes the username in the HTTP Header variable.
    So now what do i do to with the APEX HTTP Header Scheme? Any documentation on this?

    I'm sorry I'm new to this.
  • 7. Re: How to get username from HTTP request headers in APEX
    Patrick Wolf Employee ACE
    Currently Being Moderated
    Hi,

    what kind of additional information do you need? Have you already had a look at the previous posting with the following instructions?

    1) As soon as you have configured OHS (Oracle HTTP Server) to pass through the HTTP header variable (see the document linked in the blog posting) you just have to
    2) switch your application authentication scheme to "HTTP Header Variable".
    3) If your header variable is not named REMOTE_USER, you have to enter it into the attribute "HTTP Header Variable Name" of your authentication.
    4) Now you have to setup CA site-minder. The easiest would be if you tell site-minder that it should protect the URL /apex/apex_authentication.callback so that it triggers the login and provides the username in the HTTP Header Variable. Please see field level help of the authentication scheme attribute "Action if Username is Empty".


    Regards
    Patrick
    -----------
    My Blog: http://www.inside-oracle-apex.com
    APEX Plug-Ins: http://apex.oracle.com/plugins
    Twitter: http://www.twitter.com/patrickwolf
  • 8. Re: How to get username from HTTP request headers in APEX
    INAMIK Newbie
    Currently Being Moderated
    Will i still need to create a Sentry function or does the new HTTP Variable take care of this? What does the new HTTP Variable do?

    I guess i'm trying to figure out what step do i skip in the link/documentation that you sent with the new APEX 4.1 functionality.
  • 9. Re: How to get username from HTTP request headers in APEX
    Patrick Wolf Employee ACE
    Currently Being Moderated
    Hi,

    no you don't have to write a sentry function, the HTTP Header Variable authentication schema will do everything which is necessary.

    Based on the steps described in http://www.oracle.com/technetwork/developer-tools/apex/learnmore/apex-oam-integration-1375333.pdf

    Page 9) You have to setup something in Siteminder to protect the URL /apex/apex_authentication.callback to trigger the authentication. After this is done, the username has to be returned in an environment variable like REMOTE_USER.

    Page 13) You have to add the environment variable specified above (eg. REMOTE_USER) to the http.conf or dads.conf file. And then follow the steps to setup your APEX application with the HTTP Header Variable authentication scheme.

    Please also check the item level help for the different attributes of the HTTP Header Variable authentication for additional details.

    Regards
    Patrick
    -----------
    My Blog: http://www.inside-oracle-apex.com
    APEX Plug-Ins: http://apex.oracle.com/plugins
    Twitter: http://www.twitter.com/patrickwolf
  • 10. Re: How to get username from HTTP request headers in APEX
    INAMIK Newbie
    Currently Being Moderated
    Patrick,

    We are using APEX as Embedded PL/SQL gateway.

    Our DBA says there is no DADS file to edit in this setup.

    Is this correct?
    Will we need a different setup in order to do this or can we still use ca siteminder with an APEX Embedded PL/SQL gateway?


    Thanks for all your help!
    Kimani
  • 11. Re: How to get username from HTTP request headers in APEX
    INAMIK Newbie
    Currently Being Moderated
    Ok, so i searched and found the answer.

    CA Siteminder is passing in http header variable HTTP_SMUSER(this can be changed thru siteminder)

    since there is no dads.conf file for APEX with embedded pl/sql gateway, we found we could edit the DADS configuration via pl/sql.

    Like this:
    BEGIN
    DBMS_EPG.set_dad_attribute (
    dad_name => 'APEX',
    attr_name => 'cgi-environment-list',
    attr_value => 'HTTP_SMUSER');
    END;


    This added successfully.
    I am using APEX 4.1, so i used the HTTP Header Variable Authentication Scheme.
    I set the HTTP Header Variable Name to HTTP_SMUSER, then saved and closed out of all my browswers.

    I launched the siteminder login page for my apex app and logging in worked successfully.

    Edited by: INAMIK on Apr 4, 2012 2:41 PM
  • 12. Re: How to get username from HTTP request headers in APEX
    Luis Newbie
    Currently Being Moderated
    Hi Inamik and Patrick,

    Really good, thank you very much!

    We have implemented a very similar solution for our APEX environments. At the end of the day is a matter of passing the info through HTTP headers.

    We would like to send also the user's groups in a header. The problem is that there are several users that belongs to too many groups, so when they login the header size is risen and they get a *400 Bad-Request Error*.

    I have seen your code for editing the configuration. My question is, does it work dynamically? What I would like is to be able to create the necessary headers for those users. This is, first I would calculate the number headers based on the numbers of groups and the header size (LimitRequestFieldsize directive in Apache). Another issue is that we are using pl/sql gateway...

    Thanks in advance,

    Luis
  • 13. Re: How to get username from HTTP request headers in APEX
    786160 Newbie
    Currently Being Moderated
    Hi,

    I am currently trying to do the same thing - integrate APEX 4.0 (no way to upgrade to 4.1 soon) with SiteMinder.

    I have created sentry function and referred to it from my custom authentication schema, but once I try to open my application I get a text box with for username with info "     *Enter any string to be used as your user identifier for this session." present. Could please help me understand what am I doing wrong?

    Regards,
    Magda

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points