9 Replies Latest reply: Mar 14, 2012 9:29 AM by pinnom RSS

    problem with Apex 4.1.1 NTLM Authentication - user always "nobody"

    chrissy2
      Hi all,

      I'm using the NTLM solution of Jason Straub http://jastraub.blogspot.com/2008/03/ntlm-http-authentication-and.html, which was working without any problems in our ApEx 3.1.
      After upgrading to Apex 4.1.1 I first had some problems, which I get fixed with this thread apex 4.1.1 and get_session_id_from_cookie

      Now I get no error for login, but the application user is always set to "nobody", what's confusing me, because before it was using my windows user name.
      I'm using Firefox 10.0.2, but I think it's not a problem of the browser.
      In the PL/SQL function I found that username is set to "nobody, when some values doesn't match.
      So I'm not firm, in the functions used in the PL/SQL function, I'm not sure, what happens there.

      Does anybody has an idea what's going wrong and what I have to do to get it solved.

      Thanks for any hints and help
      chrissy
        • 1. Re: problem with Apex 4.1.1 NTLM Authentication - user always "nobody"
          Martin1
          Hi Chrissy,

          i think APEX 4.1.1 is buggy. I have similar problems - see my thread: Problem with post_login after Upgrade to 4.1.1.00.23

          Regards,
          Martin
          • 2. Re: problem with Apex 4.1.1 NTLM Authentication - user always "nobody"
            chrissy2
            Hi Martin,

            I think the problem is behind this point, because I have set already my cookie name to a shorter one like F109. And also the functions wwv_flow_custom_auth_std.post_login and wwv_flow_custom_auth_std.get_session_id_from_cookie seems to work, so they are only returning nobody, a user defined in the sentry funtion.
            Also it seems to work for other people using the function, so maybe someone knows a solution.

            Thanks for your hint.
            chrissy
            • 3. Re: problem with Apex 4.1.1 NTLM Authentication - user always "nobody"
              Christian Neumueller-Oracle
              Hi chrissy2,

              is your NTLM sentry identical to Jason's? I'm asking because over time I saw a few with slight changes, that might make a difference. Maybe you could send your sentry function to me per email, so I can compare them? I also have a heavily instrumented version, which I could send back to further investigate the problem.

              Regards,
              Christian
              • 4. Re: problem with Apex 4.1.1 NTLM Authentication - user always "nobody"
                Christian Neumueller-Oracle
                Martin1,

                in case your NTLM sentry still makes problems (you didn't answer to Patrick yet), could you also send your sentry function to me?

                Regards,
                Christian
                • 5. Re: problem with Apex 4.1.1 NTLM Authentication - user always "nobody"
                  Martin1
                  Hi Patrick,

                  thank you for your reply. I sent you the function code via mail.
                  BTW my customer decided to downgrade to APEX 4.1.0.00.32.

                  Regrads,
                  Martin
                  • 6. Re: problem with Apex 4.1.1 NTLM Authentication - user always "nobody"
                    chrissy2
                    With the help of Christian I found a solution that's working for me.
                    I changed my Cookie name to "C109", and changed the page sentry function not to check if Binary at position 14 in Cookie is something else then 130
                    IF substr( l_auth, 1, 5) = 'NTLM ' THEN
                                l_decode := utl_encode.text_decode( buf => substr(l_auth,6)
                                                                  , encoding => UTL_ENCODE.BASE64 );
                                l_raw := utl_raw.cast_to_raw(l_decode);
                                l_help := utl_raw.substr(l_raw,14,1);
                                l_help_int := utl_raw.cast_to_binary_integer(l_help);
                                /*IF utl_raw.cast_to_binary_integer(utl_raw.substr(l_raw,14,1)) != 130 THEN*/
                                    IF utl_raw.cast_to_binary_integer(utl_raw.substr(l_raw,9,1)) = 1 THEN
                                        owa_util.mime_header('text/html', FALSE, 'utf-8');
                                        owa_util.status_line( nstatus => 401
                                                            , creason => 'Unauthorized'
                                                            , bclose_header => false );
                                        htp.p('WWW-Authenticate: NTLM TlRMTVNTUAACAAAAAAAAACgAAAABggAAAAICAgAAAAAAAAAAAAAAAA==');
                                        owa_util.http_header_close;
                                        wwv_flow.g_unrecoverable_error := TRUE;
                                        RETURN FALSE;
                                    END IF;
                                    -- Determine DB charset and convert raw to WE8MSWIN1252, thanks to Andrew Barbaccia
                                    SELECT VALUE 
                                    INTO l_charset 
                                    FROM nls_database_parameters 
                                    WHERE parameter='NLS_CHARACTERSET';
                                    
                                    l_length := utl_raw.cast_to_binary_integer(utl_raw.substr(l_raw,32,1))*256 + utl_raw.cast_to_binary_integer(utl_raw.substr(l_raw,31,1));
                                    l_offset := utl_raw.cast_to_binary_integer(utl_raw.substr(l_raw,34,1))*256 + utl_raw.cast_to_binary_integer(utl_raw.substr(l_raw,33,1));
                                    l_domain := REPLACE(REPLACE(substr(CONVERT(utl_raw.cast_to_varchar2(l_raw),l_charset,'WE8MSWIN1252'),l_offset + 1,l_length),chr(0),NULL),chr(15),NULL);
                                    l_length := utl_raw.cast_to_binary_integer(utl_raw.substr(l_raw,40,1))*256 + utl_raw.cast_to_binary_integer(utl_raw.substr(l_raw,39,1));
                                    l_offset := utl_raw.cast_to_binary_integer(utl_raw.substr(l_raw,42,1))*256 + utl_raw.cast_to_binary_integer(utl_raw.substr(l_raw,41,1));
                                    l_user := REPLACE(substr(CONVERT(utl_raw.cast_to_varchar2(l_raw),l_charset,'WE8MSWIN1252'),l_offset,l_length),chr(0),NULL);
                                    l_username := l_domain || '\' || l_user;
                               /* ELSE
                                    l_username := 'nobody';
                                END IF; */
                            END IF;
                    That's working for me, but nor the best solution. Jason mentioned this solution in his blog, but also says it is not recommended ...

                    Thanks for all the help of Christian
                    • 7. Re: problem with Apex 4.1.1 NTLM Authentication - user always "nobody"
                      pinnom
                      Hi,
                      I have the same problem with APEX 4.1.1.
                      I want to test your workaround, chrissy2, but how I have to set the cookie-name?

                      Regards,
                      Mark
                      • 8. Re: problem with Apex 4.1.1 NTLM Authentication - user always "nobody"
                        chrissy2
                        Hi Mark,

                        you can set the cookie name in your Authentication scheme > session cookie attributes.

                        chrissy
                        • 9. Re: problem with Apex 4.1.1 NTLM Authentication - user always "nobody"
                          pinnom
                          Thank you, now its running!

                          Regards,
                          Mark