2 Replies Latest reply on Jan 23, 2019 4:59 AM by wgkorb-JavaNet

    Migrating APEX from OAS 10.1 to WLS/ORDS - 12c upgrade, SSO, and multiple DBs


      I inherited the DBA role for a legacy database that includes some APEX applications. Unfortunately I have virtually no experience with APEX, so I'm struggling to get things working the way our users expect.


      Here's what we've done so far:


      1. Upgraded the database from to
      2. Upgrade APEX (including ORACLE_HOME/apex) to APEX 5.1 and ran included apex_rest_config.sql.
      3. Installed WLS
      4. Installed ORDS
      5. Ran ords setup to point to our upgraded DB and allowed it to create the appropriate schemas in the DB for ORDS & APEX.
      6. Created the i.war for images.
      7. Deployed ords.war & i.war on our WLS instance.


      At this point, if I navigate to https://apps/ords I get the expected APEX login screen and can log in using the ADMIN account. This allows me to see the existing APEX workspaces and the applications within them.


      Two things are not working at this point, and this is what I am trying to figure out based on the APEX/ORDS documentation and lots of googling:


      1. How can I configure an interface to the APEX workspaces in multiple databases within a single ORDS installation?
      2. The old version of APEX as deployed via OAS 10.1 included Active Directory integration for user logins, but when attempting to login now using an AD account, we get an error that says:


      Error processing SSO authentication.

      ORA-06550: line 1, column 7: PLS-00201: identifier 'WWV_FLOW_CUSTOM_AUTH_SSO' must be declared ORA-06550: line 1, column 7: PL/SQL: Statement ignored



      As to #1, I've tried adding a second database:


      java -jar ords.war setup --database dev


      ...then adding a mapping to that database:


      java -jar ords.war map-url --type base-path /ords/dev dev


      I've tried various combinations of options on the map-url including a workspace name & schema name, but none of them work. I even tried to add another URL mapping that should in theory use the default (apex) database created during the ORDS setup since I know APEX is working there, but even that doesn't work. For example, I did this:


      java -jar ords.war map-url --type base-path /ords/dev apex


      In all cases, I am getting the same error from ORDS:


      404 Not Found

      The request could not be mapped to any database. Check the request URL is correct, and that URL to database mappings have been correctly configured


      So clearly I don't understand how ORDS is doing the mapping since APEX in the default database using the default path works.



      As to #2 (Active Directory integration), I've found various references on that. All of them state that the first step is to get AD integration working in the hosting app server (in our case, WebLogic which is done and confirmed working. The APEX application itself has a custom authentication scheme defined using the scheme type "Oracle Application Server Single Sign-On", so my assumption was that once I had the AD authenticator working in WLS that it would just work, but alas, that does not appear to be the case.


      Any clues that would help me resolve either of these issues would be much appreciated!



        • 1. Re: Migrating APEX from OAS 10.1 to WLS/ORDS - 12c upgrade, SSO, and multiple DBs
          Peter de Vaal

          For question #2: You should choose "LDAP Directory Verification' as the authentication method, not 'Oracle Application Server SSO'. The latter is an old Oracle 10g service that should not be used anymore.


          For question #1: I have set this up years ago for a customer (just after it had been introduced, I think in version 2 in 2013 when it still was called the Apex Listener) and worked without problems, but have not tried it in the latest versions. Maybe it is something simple as adding a trailing slash. I will try it out because I am preparing a training for it for my collegues anyway, so let you know the result.

          • 2. Re: Migrating APEX from OAS 10.1 to WLS/ORDS - 12c upgrade, SSO, and multiple DBs



            Thank you for your response. I believe that the proper solution is to use SAML2 for single sign-on. I have found a number of references to this. It will certainly mean that each and every APEX application must be changed to use that authentication method, but as you say, the OAS SSO approach is no longer valid.


            If you have any luck getting this working, I would very much appreciate any insights you may be able to offer.