In Oracle APEX, an Authentication Scheme defines how users log in and how their identities are verified. By creating a custom or alternate authentication scheme, you can connect your APEX app to various identity providers like APEX accounts, LDAP, Social Sign-In, or use a completely custom method (such as a PL/SQL function or REST-based service). Below is a detailed step-by-step guide on how to create an Authentication Scheme in Oracle APEX.
How to Create an Authentication Scheme in Oracle APEX
Step 1: Log in to Oracle APEX
-
Open your web browser and navigate to your APEX workspace.
-
Enter your Workspace, Username, and Password, then click Sign In.
Step 2: Open the Application
-
From the APEX home page, click App Builder.
-
Select the application you want to add or modify the authentication scheme for.
Step 3: Navigate to Shared Components
-
Inside the application dashboard, click Shared Components in the side or top navigation bar.
-
Under the Security section, click Authentication Schemes.
Step 4: Create a New Authentication Scheme
-
Click the Create button on the Authentication Schemes page.
-
You’ll be guided through a wizard with the following options:
Step 5: Choose a Scheme Type
You will see a list of available scheme types. Choose one based on your needs:
-
APEX Accounts: Uses APEX workspace users (default development login).
-
Database Account: Authenticates using Oracle database user credentials.
-
LDAP Directory: Connects to corporate directory services like Active Directory.
-
Social Sign-In: Allows login via Google, Facebook, or other OAuth2 providers.
-
Custom: Uses your own PL/SQL function to validate users.
-
Oracle Cloud Identity: Uses Oracle Cloud Identity Services.
-
HTTP Header Variable: For reverse proxy SSO environments.
Click Next after selecting your preferred scheme.
Step 6: Configure Scheme Attributes
Depending on the type selected, you will be prompted to configure additional settings. Examples:
A. For APEX Accounts:
-
No additional configuration is required.
-
You can simply name the scheme and proceed.
B. For LDAP:
-
Enter LDAP host, port, base DN, and login attributes.
-
Test the connection using a sample user.
C. For Custom (PL/SQL Function Returning Boolean):
-
Enter the name of your custom PL/SQL function that returns TRUE if the username/password is valid.
-
Example function:
RETURN my_auth_pkg.authenticate(p_username => :USERNAME, p_password => :PASSWORD);
D. For Social Sign-In (OAuth2):
-
Choose provider (e.g., Google, Facebook).
-
Provide Client ID and Secret.
-
Define Redirect URI and Scope.
Step 7: Configure Post-Authentication Behavior
On this page, set:
-
Post-Authentication Procedure (optional PL/SQL block executed after login)
-
Session Timeout settings
-
Logout URL (if you want to redirect users on logout)
Step 8: Review and Create
-
Review all settings on the final screen.
-
Click Create Authentication Scheme.
Step 9: Make it Current
After creation, you'll return to the Authentication Schemes list.
-
Locate your new scheme and click Make Current to activate it.
-
Only one scheme can be active at a time, but multiple can be defined.
Step 10: Test the Login
-
Run your application.
-
You should see the new login behavior depending on the scheme used.
-
If needed, update authorization and session handling based on
:APP_USER.
Additional Notes
-
You can clone and customize an existing scheme.
-
You can export/import schemes between applications.
-
For enhanced security, always use HTTPS and avoid exposing sensitive login logic directly.
In Oracle APEX, an authentication scheme controls how users log in to an application. To associate an authentication scheme with an application, you must create one in the Shared Components section.
Steps to Create an Authentication Scheme
Open the App Builder
Log in to your Oracle APEX workspace.
Click on App Builder to view your applications.
Select an Application
Click on the application where you want to set up authentication.
This will take you to the application's home page.
Navigate to Authentication Schemes
Click on Shared Components under the application menu.
Under the Security section, select Authentication Schemes.
Create a New Authentication Scheme
Click Create to add a new authentication scheme.
Choose one of the predefined authentication schemes or create a custom one.
Select the Authentication Type
Oracle APEX offers several authentication methods, including:
APEX Accounts – Uses Oracle APEX workspace credentials.
Database Accounts – Uses database schema user credentials.
LDAP Directory – Connects to an LDAP authentication server.
Social Sign-In – Supports authentication via Google, Facebook, or other OpenID Connect/OAuth2 providers.
Custom Authentication – Allows you to define your own authentication logic using PL/SQL.
Configure Authentication Settings
Depending on the authentication type selected, provide the necessary credentials, URLs, or connection details.
If using Custom Authentication, enter the PL/SQL function or process that validates users.
Save and Set as Current
Click Create Authentication Scheme to save it.
To enable this authentication scheme for the application, click Make Current.
Test the Authentication Scheme
Run your application and attempt to log in to verify that authentication works as expected.
By following these steps, you can successfully create and configure an authentication scheme in Oracle APEX, ensuring secure access to your application.
No comments:
Post a Comment