This content has been marked as final. Show 7 replies
apexguy wrote:Can you provide a link to where this limitation is documented? Or explain why you think this is the case?
I have created a custom authentication scheme, assigned it to my app and by all accounts, save one, it is working well. The only issue I have, is that I have several interactive reports, and as part of this, the actions button has some features that are unavailable to me because I am using custom authentication. One such feature is the ability to "Save Report" which works if you use standard APEX and/or database authentication
APEX authentication schemes are intended to be completely transparent to the application, however authentication is actually performed. On apex.oracle.com I have created an end user account using Application Express Accounts and logged in as this user and created saved IRs. I then switched the app authentication scheme to Open Door and supplied the same user name. The user's saved IRs were available, and he was able to create and save others. I repeated this process with a custom authentication scheme with the same results.
This suggests that your authentication is not working properly.
Limitations on what a user can do once authenticated are considered as authorization, not authentication.
The authentication is working... this is a production system at the moment. But the capability to save IR's doesn't exist within the actions menu. I'm not sure what dictates this. If you have this working then I would ask if I could see how you setup your custom authentication. I do have one question. You say you created a apex user account, tried it and you can save IR's. You then said you switched to custom authentication and it still works with the username. May I suggest you remove the username from apex BEFORE switching to custom authentication. I do not have any users saved in the apex repository. I'm wondering if yours is working because you still have the user info saved in the apex repository and because of this the option is still available to you.
As I mentioned in your earlier thread on this topic here: (Custom authentication and actions within interactive reports I believe that an account in Apex that matches the username of your custom authentication username is required. If you create an Apex account to match your custom authentication username, do you see the Save button? If so, why is that not the solution?
apexguy wrote:Two things:
The authentication is working... this is a production system at the moment. But the capability to save IR's doesn't exist within the actions menu. I'm not sure what dictates this.
<li>The user is properly authenticated .
<li>The Include in Actions Menu > Save Report option is set by the developer in the Interactive Report's Search Bar attributes.
If you have this working then I would ask if I could see how you setup your custom authentication. I do have one question. You say you created a apex user account, tried it and you can save IR's. You then said you switched to custom authentication and it still works with the username. May I suggest you remove the username from apex BEFORE switching to custom authentication. I do not have any users saved in the apex repository. I'm wondering if yours is working because you still have the user info saved in the apex repository and because of this the option is still available to you.Not so. Interactive reports can be saved following custom authentication using a username with no corresponding APEX user.
The application I have created uses a third party authentication process. When a user connects they are automatically redirected to a third party site which authenticates the user and passes the user back to my apex application. It passes a userid (called party_id passed through http header info) which I then can relate to a table in my application which has a corresponding party id. My custom authentication is responsible for comparing the party id passed from the external third party site and compares it against the same party id in a table within my application. The sign-in actually occurs on the thrid party site. When it passes the party id to my app, the custom authentication validates it as a legit user and basically goes directly to the first page of the application. There is no sign-in page to my application directly... i must trust the party id being passed from the externally authenticated site as being a legitimate user. So in that respect I'm not calling the standard login functions you would normally see in the default login page.
I had thought about putting a username in the repository to kind of fudge it and make apex think it was an actual user. However, because there is no login directly, I'm not sure of how to setup the environment correctly (in my custom auth within apex) to make apex think I'm an apex user. I'm not sure of what the standard login api does or what it calls when you login through a normally authenticated app. I was curious if there was a way to programmatically make apex look at the apex repository for a particular user since I do have a party id in a custom table with their last name/first name (no username right now but there could be one). I know there are lots of api's and such but I'm obviously not using the correct ones. The idea of a double sign-in is not appealing when they have already signed in once on the third party site so I am trying to figure out what api's to call, or what things to set, to simulate an apex user who is registered in the apex repository. If I can figure that out, the I can put something in my custom auth to do this.
I was able to figure this out myself. I noticed in the authentication that the http header variable was not populated. The authentication would still work despite this being null. The http header variable expects a username (of sorts) being passed via the http header.. anything that can be used to uniquely identify a user. Since I'm not being passed a username, rather a partyId (unique by user), I populated the header variable with partyId. Once I did this, apex now displays the "Save Report" option under the Actions menu and it is able to properly associate saved IR reports by user. So its clear that when using apex authentication it is getting this info from the userid stored in the apex repository. When using database authentication, it's using user_id or user_name from dba_users. However, in the case of custom authentication, it is relying on the http header variable being populated to identify users.