SSO Authentication: REMOTE_USER = APEX_PUBLIC_USER

Soukaina IDRISSI

Hi Experts,

I'm trying to implement SSO in Apex using HTTP Header Variable authentication.

I'm using ORDS on Apache Tomcat.

My SSO provider is Keycloak Tomcat Adapter, which is a SAML2 implementation, and provides the REMOTE_USER header variable.

When i attempt to access the Apex application, the REMOTE_USER variable is being pre-populated some how to APEX_PUBLIC_USER, and so the authentication routine is not being tripped.

I cannot find any documentation as to how or why REMOTE_USER is being set to APEX_PUBLIC_USER.
Do you have any solutions or clues to solve this issue ?

Thank you for help.

NB:
== My environment ==

- Apex 19.2

- ORDS 19.2

- Apache Tomcat 9

=================

Pavel_p

Hi,

by far the best SSO howto I've seen so far (and I've searched a lot) is this.

Regards,

Pavel

Soukaina IDRISSI

Hi Pavel_p,
Thank you for reply.

I will see it.

pmdba

You can also check this: https://pmdba.wordpress.com/2019/09/29/high-availability-architecture-for-oracle-rest-and-apex/

It includes a section on header authentication and mirrors your architecture very closely.

Sylvain Martel

Hello IDRISSI,

You might also want to look at this blog from Adrian Png: https://insum.ca/saml2-single-sign-on-with-oracle-application-express/