Skip to Main Content
Forums

APEX

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Interested in getting your voice heard by members of the Developer Marketing team at Oracle? Check out this post for AppDev or this post for AI focus group information.

Oracle APEX18.2 Oauth2 Authentication with IBM Oauth2 server?

AllenS.Aug 6 2019 — edited Aug 16 2019

Hi,

We're trying to implement Oath2 Authentication with our Oracle APEX application. We have an IBM Oauth2 server that we plan to use in our APEX. However, we are getting the following error upon login from the Authorization End point.

FBTOAU229E Confidential clients accessing the token endpoint must authenticate using their registered credentials.

I was advised by our IBM Oauth2 admins that the request for the token was not done correctly and I need to check the body used for requesting access token.

Where can I find in Oracle APEX the request for the access token?

I've tried looking at the Monitory Activity but it doesn't give me much info.

| 0.20940 | 0.00016 |

CGI: PATH_INFO = /apex_authentication.callback?state=Oher6eSm9cYOSL9acxS5s-1k6s0V1xNdQWB2scBLQ3GLd4ftPmmblcKJGKh_cl9WGuG8CcYznHc480ICxXW7Vobe1dj5NBYTQvZXEn5BEnM&code=14NsMIOccdHemLhQETIS1tyOy

| 9 |

0%

|
| 0.20957 | 0.00012 |

GET https://server/apex REMOTE_ADDR=172.23.147.25 REMOTE_USER=APEX_PUBLIC_USER APEX_LISTENER_VERSION=18.3.0.r2701456 REFERER=https://server/apex/f?p=4000:1:13535485084307::NO:RP:FB_FLOW_ID,F4000_P1_FLOW:101,101 HTTP_COOKIE=__cfduid=dcd59d87047756037bf44ca21d4b2026c1554701632; _ga=GA1.2.1395116425.1554701633; _fbp=fb.1.1559278605108.1706225754; dev=YNUxbei7BixWic5xb9qW0uCJpL; PD-S-SESSION-ID-3=1_qJzwhCFG01ENQlr/EKw7sK7ynvHbTlw05nCvfErFpJ/R1TKhK8A=_AAAAAQA=_t9VuYd5pP5xHQDXFVeagF/H/hIg=

| 9 |

0%

|
| 0.20969 | 0.00005 |

SID=973 USER=APEX_PUBLIC_USER INSTANCE=1

| 9 |

0%

|
| 0.20974 | 0.00218 |

JSON POST https://ibmoauth2/mga/sps/oauth/oauth20/token request got HTTP status 400

| 1 |

1%

|
| 0.21192 | - |

OAuth2 Authorization error "invalid_client". FBTOAU229E Confidential clients accessing the token endpoint must authenticate using their registered credentials.

| 2 |

0%

|

Here's a screen shot of our Authentication setup.

pastedImage_4.png

UPDATE:

After further investigation, it seems that APEX is not entering the client credentials when requesting for the token hence the error returned by our IBM Oauth2 server. It this a bug or am I doing something wrong?

Appreciate any feedback.

UPDATE #2:

Just noticed this in the Web Credentials page.

pastedImage_1.png

Does this mean that the grant_type should be client_credentials? We are using grant_type authorization_code as of now.

UPDATE #3:

Got this working with Okta and Google Oauth2 servers. So not sure what the issue is with the IBM Oauth2 server.

UPDATE#4:

We've updated our openid config file as shown below but still getting the same error.

pastedImage_2.png

Comments

sb92075
Answer
Can Oracle 11g RAC support 2 separate databases given that it asks for SCAN ip for cluster with a single Listener port number?
YES
Will the Oracle 11.2 database connections work successfully if I setup a mandatory DNS server within the Oracle RAC servers?
YES
Marked as Answer by 745782 · Sep 27 2020
745782
So, does this Listener port information provided during the Grid Infrastructure have anything to do with the (tns) Listener port # of the databases on the cluster? If so, do all databases (not 'instance') require to have the same Listener port #?

Can you direct me to a clear document on installing SCAN IP on the dns server and/or can you please explain a bit further on how SCAN IP resolves the address to the VIPs of the servers.

Thank you so much for your previous response and many more in advance!

Satish...
sb92075
http://download.oracle.com/docs/cd/E11882_01/install.112/e10812/concepts.htm#sthref790
damorgan
Please provide a link that indicates a single cluster can have two or more databases.

Multiple instances is one thing. I would appreciate a link showing a single cluster with multiple system tablespaces.
Hemant K Chitale
Why should a cluster not support multiple databases ?
Is there a catch in 11gR2 ?
damorgan
No Real Application Cluster technology has ever supported more than one database.

RAC is always 1 database with multiple instances.

If you have a second database then you have a second cluster.
Hemant K Chitale
No Real Application Cluster technology has ever supported more than one database.
Quite untrue.

I know that both you and Tom Kyte take the stand that a cluster should have only 1 instance per node.
That doesn't mean that it is not possible to have more than one database in a cluster -- i.e more than one instance in a node.

That doesn't mean that it must always be so. Installing a separate cluster and additional EE + RAC licences for a separate database can be quite expensive. Of course, your reply is "consolidate". That is another debate that has been going on for years.


A discussion on multiple databases on RAC is also at
http://www.freelists.org/post/oracle-l/multiple-databases-in-a-single-RAC-cluster


Hemant K Chitale

Edited by: Hemant K Chitale on Jan 12, 2010 11:15 AM
1 person found this helpful
745782
I've created multiple databases under 10g RAC, but not on 11g. It's definitely possible, but I had my doubts on whether I should provide the same Listener port (e.g., 1521) to all the databases that run under the 11.2 cluster when I give that port # during the SCAN IP configuration in Grid Infrastructure install.
Hemant K Chitale
I haven't done 11g RAC.

However I found this link :
http://sites.google.com/site/connectassysdba/oracle-rac-11-2-multiple-listener

referenced from this thread :
974062


Hemant K Chitale
1 person found this helpful
745782
Thank you very much Hemanth! The link you posted [http://sites.google.com/site/connectassysdba/oracle-rac-11-2-multiple-listener|http://sites.google.com/site/connectassysdba/oracle-rac-11-2-multiple-listener] and the ones before were very helpful!

Satish...
12cdb
I will give you an example:

Setup: 2 Nodes in the 11gR2 RAC on RHEL4

-- db1, db1 nodes

Install 11gR2 Grid and define SCAN name (which should be registered in DNS with 2 IPs as I have 2 nodes RAC) & port 1521

Install 11gR2 Database server.

Create Instance1 ( e.g. elevenone) using DBCA where ASM storage is used. - This will create a service with database name e.g. elevenone.localdomain

Create Instance2 (e.g. eleventwo) using DBCA where same ASM storage is used. - This will create another service eleventwo.localdomain

Now both instances can be accessed as:

sqlplus user/pwd@scan:1521/elevenone.localdomain

sqlplus usr/pwd@eleventwo.localdomain
1 - 11

Post Details

Added on Aug 6 2019
#apex-discussions
7 comments
1,197 views