6 Replies Latest reply on Oct 14, 2011 4:06 PM by David Pulliam

    Oracle Apex Listener and User Authentication via OID and Active Directory

    Vickie
      Hi

      My architect is proposing that the apex database for a new application can use the Apex Listener to Authenticate via OID or AD instead of setting up the authentication via apex itself. Could you confirm that it is possible to do the authentication in this way via Apex Listener on one server and therefore there would be no requirement for the database sever where Apex is installed to know the host and port details of the OID or AD server. - there would just be a sqlnet connection between the server where the Apex listener is installed and the server where apex will be installed.

      Thanks
      Vickie
        • 1. Re: Oracle Apex Listener and User Authentication via OID and Active Directory
          jflack
          The Apex Listener only authenticates for the Manager, and Admin roles used to configure and manage the listener. To do this, it can use the authentication services provided by your application server. But the servlet that actually provides the bulk of the listener's functionality is usually unauthenticated. I suppose that you COULD change web.xml to force authentication of this servlet, but I wouldn't.

          It is designed to use the authentication services that are built into Apex itself, in that it will initially connect to the database as the low-privileged user, APEX_PUBLIC_USER, then present a login screen for the user to identify and authenticate him/herself. For most people, this is fine - Apex's built-in authentication capabilities can use OID, AD, and several other authentication methods. And you can build your own in PL/SQL. If you need some more help with how to use the built-in authentication in Apex, I suggest that you ask in the Apex forum - it will be the same whether you use the Apex Listener, or mod_plsql, or DBMS_EPS.

          Of course, if you aren't using Apex, and are using the Apex Listener as a front-end to other PL/SQL Web Toolkit applications, you will have to build your own authentication method. I've done this with DBMS_LDAP, and I can provide some sample code.
          • 2. Re: Oracle Apex Listener and User Authentication via OID and Active Directory
            Vickie
            Thanks - this is what I thought and setting up the authentication Apex for OID or AD looks quite stright forward, yes it is for an Apex application
            • 3. Re: Oracle Apex Listener and User Authentication via OID and Active Directory
              David Pulliam
              I can say this much about APEX Listener. It is nothing but a front end interface, just like mod-plsql is with OHS. All of your application authentication actually happens within the APEX processes on your database server. OID SSO is controled and triggered at the database server and handled there as well. I know for a fact that OID, LDAP, and Internal Authentication of APEX works fine through the listener.
              • 4. Re: Oracle Apex Listener and User Authentication via OID and Active Directory
                889893
                Hi David,

                I currently have APEX (4.0.2) running through the APEX Listener (1.1.2). I'm trying to use APEX LDAP authentication, but am not able to through the listener. I get a 'failed to authenticate' error. If I access apex through Oracle's HTTP Server, I have no problems with authenticating with LDAP (with the same exact LDAP configs). I was wondering if you had to make any Listener configurations changes in order to get LDAP working via APEX Listener?

                Thanks!
                Julie
                • 5. Re: Oracle Apex Listener and User Authentication via OID and Active Directory
                  698138
                  I am looking for an answer for a similar question. I think follow link about the authentication and authorization using OID and OOS with APEX may give some hints for this question:

                  http://www.patrickhaston.co.uk/plsql/oid_authorisation.html

                  Edited by: user9516763 on 30-Sep-2011 10:27 AM
                  • 6. Re: Oracle Apex Listener and User Authentication via OID and Active Directory
                    David Pulliam
                    Our APEX Listener worked out of the box. I would think that from what your describing here you may have a configuration problem at your Database. You can test this by writing a PL/SQL procedure that will go out and authenticate with your LDAP. If that works, then APEX should work. We have 2 main authentication servers here (OID and LDAP). The only modifications we had to make to the listener were due to an Oracle "Unpleasant Feature" where they defaulted your configuration to only be located within your /tmp folder so it was constantly being erased. I still edit the new versions of the listener because I do not store my config file in the default location. As far as SSO working, that worked out of the box, you just may need to reinstall it because when we upgraded our APEX it got nerfed by the upgrade. We use only the default built in LDAP Authenticator functions though so if your doing anything custom that would be where to start looking. Variable handling changed somewhat in the APEX Listener when it comes to your session so if you use envrioment variables, you may need to dig alittle and make sure you are getting what you need. Some of those have to be pulled a different way on the APEX Listener and then put where APEX thinks they should be. We never had any issues there but be aware we are still in APEX 3.x.x so you might have something specific to 4.x.x.