This content has been marked as final. Show 6 replies
The Apex Listener only authenticates for the Manager, and Admin roles used to configure and manage the listener. To do this, it can use the authentication services provided by your application server. But the servlet that actually provides the bulk of the listener's functionality is usually unauthenticated. I suppose that you COULD change web.xml to force authentication of this servlet, but I wouldn't.
It is designed to use the authentication services that are built into Apex itself, in that it will initially connect to the database as the low-privileged user, APEX_PUBLIC_USER, then present a login screen for the user to identify and authenticate him/herself. For most people, this is fine - Apex's built-in authentication capabilities can use OID, AD, and several other authentication methods. And you can build your own in PL/SQL. If you need some more help with how to use the built-in authentication in Apex, I suggest that you ask in the Apex forum - it will be the same whether you use the Apex Listener, or mod_plsql, or DBMS_EPS.
Of course, if you aren't using Apex, and are using the Apex Listener as a front-end to other PL/SQL Web Toolkit applications, you will have to build your own authentication method. I've done this with DBMS_LDAP, and I can provide some sample code.
Thanks - this is what I thought and setting up the authentication Apex for OID or AD looks quite stright forward, yes it is for an Apex application
I can say this much about APEX Listener. It is nothing but a front end interface, just like mod-plsql is with OHS. All of your application authentication actually happens within the APEX processes on your database server. OID SSO is controled and triggered at the database server and handled there as well. I know for a fact that OID, LDAP, and Internal Authentication of APEX works fine through the listener.
I currently have APEX (4.0.2) running through the APEX Listener (1.1.2). I'm trying to use APEX LDAP authentication, but am not able to through the listener. I get a 'failed to authenticate' error. If I access apex through Oracle's HTTP Server, I have no problems with authenticating with LDAP (with the same exact LDAP configs). I was wondering if you had to make any Listener configurations changes in order to get LDAP working via APEX Listener?
I am looking for an answer for a similar question. I think follow link about the authentication and authorization using OID and OOS with APEX may give some hints for this question:
Edited by: user9516763 on 30-Sep-2011 10:27 AM
Our APEX Listener worked out of the box. I would think that from what your describing here you may have a configuration problem at your Database. You can test this by writing a PL/SQL procedure that will go out and authenticate with your LDAP. If that works, then APEX should work. We have 2 main authentication servers here (OID and LDAP). The only modifications we had to make to the listener were due to an Oracle "Unpleasant Feature" where they defaulted your configuration to only be located within your /tmp folder so it was constantly being erased. I still edit the new versions of the listener because I do not store my config file in the default location. As far as SSO working, that worked out of the box, you just may need to reinstall it because when we upgraded our APEX it got nerfed by the upgrade. We use only the default built in LDAP Authenticator functions though so if your doing anything custom that would be where to start looking. Variable handling changed somewhat in the APEX Listener when it comes to your session so if you use envrioment variables, you may need to dig alittle and make sure you are getting what you need. Some of those have to be pulled a different way on the APEX Listener and then put where APEX thinks they should be. We never had any issues there but be aware we are still in APEX 3.x.x so you might have something specific to 4.x.x.