For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!
Hi All! Is there a way to use ORDS in standalone mode with kerberos authentication?
If yes - please give me link to howto... If NO - please give me link saying that...
Thanks a lot!
Is there a way - theoretically yes.
standalone ords means you're using an embedded Jetty, so as you start to google...
https://stackoverflow.com/questions/27427654/how-to-use-embedded-jetty-server-9-with-kerberos-authentication
once you start to look at doing this kind of stuff, the more we encourage you to to move 'up' to Tomcat/Apache
Jeff, thanks a lot!
So recommended approach is to use Oracle WebLogic or Apache Tomcat, because GlassFish Server will be desupported as mentioned here:
https://docs.oracle.com/en/database/oracle/oracle-rest-data-services/18.3/aelig/installing-REST-data-services.html#GUID-5F7A8DB0-B0D2-48FF-A99B-7ABCA7DFF9DAGlassFish Server support will be desupported in a future release. Oracle recommends that you use the following alternatives instead:
https://docs.oracle.com/en/database/oracle/oracle-rest-data-services/18.3/aelig/installing-REST-data-services.html#GUID-5F7A8DB0-B0D2-48FF-A99B-7ABCA7DFF9DA
GlassFish Server support will be desupported in a future release. Oracle recommends that you use the following alternatives instead:
If yes:
1) are Oracle WebLogic and Apache Tomcat the only servers known as compatible/supported for ORDS ank Kerberos?
2) What is better option between Oracle WebLogic and Apache Tomcat to use with Kerberos auth and why (maybe there is huge difference in options)&
3) Is there a step-by-step guide for Oracle WebLogic and Apache Tomcat - how to configure them + ords + kerberos together?
Found this https://community.oracle.com/thread/3637062 but it is 3 years old...
WLS and Tomcat are the only servers we support, period.
WLS isn't free. Tomcat is free. That's usually the biggest factor for choosing which way to go. Spending $ on WLS JUST for ORDS, doesn't make sense. But if you already have it...sure, why not.
I think you might enjoy this slide deck from Colm, one of our developers - it's all about securing your REST services.
https://www.slideshare.net/ColmDivilly1/openworld-2017-con-6667-securing-your-rest-services
Hey Jeff, That deck you reference above from Colm is literally the only hit in Google that mentions these security parameter in defaults.xml: - security.externalUserHeader - The name of the header that identifies the user - security.externalRolesHeader - The name of the header that identifies user roles ( comma delimited ) - security.externalSessionTrustedOrigins - The set of Origins trusted to make cross-origin requests to this server I first found out about them in Connor McDonald's response to my AskTom question here: Customizing the ORDS web.xml file in ords.war - Ask TOM (oracle.com) Why aren't these parameters documented in the formal ORDS documentation? I did find this in Oracle Support: Documentation Bug 30507241 - No reference to security.externalUserHeader parameter in the documentation Are they safe to use or are they truly undocumented and "use at your own risk" status? Thanks, Jack