13 Replies Latest reply: Aug 12, 2012 7:03 PM by 786160 RSS

    How to get username from HTTP request headers in APEX

    INAMIK
      Hello,

      I'm a total newbie to apex and looking for some help.

      My organization is now using APEX internally for applications.
      We are using APEX 4.0 on oracle 11g database.

      We use CA site-minder agent for single sign-on on an Apache web-server.

      We are trying to get the username that's passed in through the HTTP request headers.

      Can someone provide me with directions on how to do this?
      I've been struggling to find out how to exactly do this.

      Thanks
      Kimani
        • 1. Re: How to get username from HTTP request headers in APEX
          Patrick Wolf-Oracle
          Hi Kimani,

          if you have the possibility to upgrade to APEX 4.1 then you should consider that because it contains a pre-build "HTTP Header Variable" authentication scheme where everything is handled for you.

          If that's not possible, please have a look at the following posting by Joel Kallman http://joelkallman.blogspot.com/2010/10/custom-authentication-scheme-for-oracle_20.html
          It explains a HTTP header based authentication for Oracle Access Manager, but it will be the same for CA site-minder.

          But I would suggest to use the HTTP Header Variable authentication of 4.1, because it's more sophisticated and will allow you to have public pages where you don't need a CA site-minder authentication, compared to the 4.0 solution which always authenticates all requests issued to the URL /apex/.

          Regards
          Patrick
          -----------
          My Blog: http://www.inside-oracle-apex.com
          APEX Plug-Ins: http://apex.oracle.com/plugins
          Twitter: http://www.twitter.com/patrickwolf

          Edited by: Patrick Wolf on Feb 29, 2012 10:53 AM
          • 2. Re: How to get username from HTTP request headers in APEX
            INAMIK
            Patrick, thanks for your response.
            Do you have any instructions on using the 4.1 method?
            • 3. Re: How to get username from HTTP request headers in APEX
              Patrick Wolf-Oracle
              Hi,

              in 4.1 it's very simple.

              1) As soon as you have configured OHS (Oracle HTTP Server) to pass through the HTTP header variable (see the document linked in the blog posting) you just have to
              2) switch your application authentication scheme to "HTTP Header Variable".
              3) If your header variable is not named REMOTE_USER, you have to enter it into the attribute "HTTP Header Variable Name" of your authentication.
              4) Now you have to setup CA site-minder. The easiest would be if you tell site-minder that it should protect the URL /apex/apex_authentication.callback so that it triggers the login and provides the username in the HTTP Header Variable. Please see field level help of the authentication scheme attribute "Action if Username is Empty".

              Regards
              Patrick
              -----------
              My Blog: http://www.inside-oracle-apex.com
              APEX Plug-Ins: http://apex.oracle.com/plugins
              Twitter: http://www.twitter.com/patrickwolf
              • 4. Re: How to get username from HTTP request headers in APEX
                INAMIK
                Patrick, Thanks

                If we upgrade to 4.1, do you know if there will issues with applications that were created with 4.0?
                • 5. Re: How to get username from HTTP request headers in APEX
                  Patrick Wolf-Oracle
                  Hi,

                  I don't think so. But I would recommend to always test your apps if you upgrade to a new version of APEX before you put it into production.

                  Regards
                  Patrick
                  -----------
                  My Blog: http://www.inside-oracle-apex.com
                  APEX Plug-Ins: http://apex.oracle.com/plugins
                  Twitter: http://www.twitter.com/patrickwolf
                  • 6. Re: How to get username from HTTP request headers in APEX
                    INAMIK
                    Patrick,

                    I know its been some time.

                    Our DBA's were just now able to get APEX 4.1 installed.

                    I migrated my application into 4.1.

                    I now see the HTTP Header Scheme, but i'm trying to figure out how to use it.


                    My users will be logging in thru ca site-minder. Site-minder passes the username in the HTTP Header variable.
                    So now what do i do to with the APEX HTTP Header Scheme? Any documentation on this?

                    I'm sorry I'm new to this.
                    • 7. Re: How to get username from HTTP request headers in APEX
                      Patrick Wolf-Oracle
                      Hi,

                      what kind of additional information do you need? Have you already had a look at the previous posting with the following instructions?

                      1) As soon as you have configured OHS (Oracle HTTP Server) to pass through the HTTP header variable (see the document linked in the blog posting) you just have to
                      2) switch your application authentication scheme to "HTTP Header Variable".
                      3) If your header variable is not named REMOTE_USER, you have to enter it into the attribute "HTTP Header Variable Name" of your authentication.
                      4) Now you have to setup CA site-minder. The easiest would be if you tell site-minder that it should protect the URL /apex/apex_authentication.callback so that it triggers the login and provides the username in the HTTP Header Variable. Please see field level help of the authentication scheme attribute "Action if Username is Empty".


                      Regards
                      Patrick
                      -----------
                      My Blog: http://www.inside-oracle-apex.com
                      APEX Plug-Ins: http://apex.oracle.com/plugins
                      Twitter: http://www.twitter.com/patrickwolf
                      • 8. Re: How to get username from HTTP request headers in APEX
                        INAMIK
                        Will i still need to create a Sentry function or does the new HTTP Variable take care of this? What does the new HTTP Variable do?

                        I guess i'm trying to figure out what step do i skip in the link/documentation that you sent with the new APEX 4.1 functionality.
                        • 9. Re: How to get username from HTTP request headers in APEX
                          Patrick Wolf-Oracle
                          Hi,

                          no you don't have to write a sentry function, the HTTP Header Variable authentication schema will do everything which is necessary.

                          Based on the steps described in http://www.oracle.com/technetwork/developer-tools/apex/learnmore/apex-oam-integration-1375333.pdf

                          Page 9) You have to setup something in Siteminder to protect the URL /apex/apex_authentication.callback to trigger the authentication. After this is done, the username has to be returned in an environment variable like REMOTE_USER.

                          Page 13) You have to add the environment variable specified above (eg. REMOTE_USER) to the http.conf or dads.conf file. And then follow the steps to setup your APEX application with the HTTP Header Variable authentication scheme.

                          Please also check the item level help for the different attributes of the HTTP Header Variable authentication for additional details.

                          Regards
                          Patrick
                          -----------
                          My Blog: http://www.inside-oracle-apex.com
                          APEX Plug-Ins: http://apex.oracle.com/plugins
                          Twitter: http://www.twitter.com/patrickwolf
                          • 10. Re: How to get username from HTTP request headers in APEX
                            INAMIK
                            Patrick,

                            We are using APEX as Embedded PL/SQL gateway.

                            Our DBA says there is no DADS file to edit in this setup.

                            Is this correct?
                            Will we need a different setup in order to do this or can we still use ca siteminder with an APEX Embedded PL/SQL gateway?


                            Thanks for all your help!
                            Kimani
                            • 11. Re: How to get username from HTTP request headers in APEX
                              INAMIK
                              Ok, so i searched and found the answer.

                              CA Siteminder is passing in http header variable HTTP_SMUSER(this can be changed thru siteminder)

                              since there is no dads.conf file for APEX with embedded pl/sql gateway, we found we could edit the DADS configuration via pl/sql.

                              Like this:
                              BEGIN
                              DBMS_EPG.set_dad_attribute (
                              dad_name => 'APEX',
                              attr_name => 'cgi-environment-list',
                              attr_value => 'HTTP_SMUSER');
                              END;


                              This added successfully.
                              I am using APEX 4.1, so i used the HTTP Header Variable Authentication Scheme.
                              I set the HTTP Header Variable Name to HTTP_SMUSER, then saved and closed out of all my browswers.

                              I launched the siteminder login page for my apex app and logging in worked successfully.

                              Edited by: INAMIK on Apr 4, 2012 2:41 PM
                              • 12. Re: How to get username from HTTP request headers in APEX
                                Luis
                                Hi Inamik and Patrick,

                                Really good, thank you very much!

                                We have implemented a very similar solution for our APEX environments. At the end of the day is a matter of passing the info through HTTP headers.

                                We would like to send also the user's groups in a header. The problem is that there are several users that belongs to too many groups, so when they login the header size is risen and they get a *400 Bad-Request Error*.

                                I have seen your code for editing the configuration. My question is, does it work dynamically? What I would like is to be able to create the necessary headers for those users. This is, first I would calculate the number headers based on the numbers of groups and the header size (LimitRequestFieldsize directive in Apache). Another issue is that we are using pl/sql gateway...

                                Thanks in advance,

                                Luis
                                • 13. Re: How to get username from HTTP request headers in APEX
                                  786160
                                  Hi,

                                  I am currently trying to do the same thing - integrate APEX 4.0 (no way to upgrade to 4.1 soon) with SiteMinder.

                                  I have created sentry function and referred to it from my custom authentication schema, but once I try to open my application I get a text box with for username with info "     *Enter any string to be used as your user identifier for this session." present. Could please help me understand what am I doing wrong?

                                  Regards,
                                  Magda