Previous
Previous 		 Next
Next

Using Preconfigured Authentication Schemes

When you select a preconfigured authentication scheme, Oracle Application Express creates an authentication scheme for your application that follows a standard behavior for authentication and session management.

Topics:

Open Door Credentials

Open Door Credentials enables anyone to access your application using a built-in login page that captures a user name. This authentication method is useful during application development.

Setting Up Open Door Credentials

To set up Open Door Credentials:

  1. On the Workspace home page, click the Application Builder icon.

  2. Select an application.

  3. On the Application home page, click Shared Components.

    The Shared Components page appears.

  4. Under Security, select Authentication Schemes.

  5. On the Authentication Schemes page, click Create.

  6. Select Based on a pre-configured scheme from the gallery.

  7. From Gallery, select Show Login Page and Use Open Door Credentials.

  8. Specify a login page and click Next.

  9. Enter a name and click Create Scheme.

Oracle Application Express Account Credentials

Oracle Application Express Account Credentials are internal user accounts (also known as "cookie user" accounts) that are created within and managed in the Oracle Application Express user repository. When you use this method, your application is authenticated against these accounts.


See Also:

"Managing Application Express Users" in Oracle Application Express Administration Guide

Application Express Account Credentials is a good solution when:

This is an especially good approach when you need to get a group of users up and running on a new application quickly.

Setting Up Application Express Account Credentials

To set up Application Express Account Credentials:

  1. On the Workspace home page, click the Application Builder icon.

  2. Select an application.

  3. On the Application home page, click Shared Components.

    The Shared Components page appears.

  4. Under Security, select Authentication Schemes.

  5. On the Authentication Schemes page, click Create.

  6. Select Based on a pre-configured scheme from the gallery.

  7. From Gallery, select Show Login Page and Use Application Express Account Credentials.

  8. Specify a login page and click Next.

  9. Enter a name and click Create Scheme.

Database Account Credentials

Database Account Credentials utilizes database schema accounts. This authentication scheme requires that a database user (schema) exist in the local database. When using this method, the user name and password of the database account is used to authenticate the user.

Database Account Credentials is a good choice if having one database account for each named user of your application is feasible and account maintenance using database tools meets your needs

Setting Up Database Account Credentials

To set up Database Account Credentials:

  1. On the Workspace home page, click the Application Builder icon.

  2. Select an application.

  3. On the Application home page, click Shared Components.

    The Shared Components page appears.

  4. Under Security, select Authentication Schemes.

  5. On the Authentication Schemes page, click Create.

  6. Select Based on a pre-configured scheme from the gallery.

  7. From Gallery, select Show Login Page and Use Database Account Credentials.

  8. Specify a login page and click Next.

  9. Enter a name and click Create Scheme.

LDAP Credentials Verification

You can configure any authentication scheme that uses a login page to use Lightweight Directory Access Protocol (LDAP) to verify the user name and password submitted on the login page.

Application Builder includes wizards and edit pages that explain how to configure this option. These wizards assume that an LDAP directory accessible to your application for this purpose already exists and that it can respond to a SIMPLE_BIND_S call for credentials verification. When you create an LDAP Credentials authentication scheme, the wizard requests and saves the LDAP host name, LDAP port, DN string, whether or not to use SSL, exact DN, and optionally a search filter if not using exact DN. An optional preprocessing function can be specified to adjust formatting of the user name passed to the API.

Setting Up LDAP Credentials Verification

To set up LDAP credentials verification:

  1. On the Workspace home page, click the Application Builder icon.

  2. Select an application.

  3. On the Application home page, click Shared Components.

    The Shared Components page appears.

  4. Under Security, select Authentication Schemes.

  5. On the Authentication Schemes page, click Create.

  6. Select Based on a pre-configured scheme from the gallery.

  7. From Gallery, select Show Login Page and Use LDAP Directory Credentials.

  8. Specify a login page and click Next.

  9. Specify the following and click Next.

    1. LDAP Host

    2. LDAP Port

    3. Use SSL

    4. Use Exact DN

    5. LDAP Distinguished Name (DN) String

    6. (Optional) Search Filer

    7. (Optional) LDAP Username Edit Function

    To view help for a specific item, click the item label. When help is available, the item label changes to red when you pass your cursor over it and the cursor changes to an arrow and question mark. See "About Field-Level Help".

  10. Enter a name and click Create Scheme.


Note:

If you choose SSL with Authentication as the SSL mode, a wallet must be set up using the Oracle Application Express instance settings. Additionally, the root certification from the LDAP server must be imported into that wallet as a trusted certificate. See "Configuring Wallet Information" in Oracle Application Express Administration Guide and "Using Oracle Wallet Manager" in Oracle Database Advanced Security Administrator's Guide.

DAD Credentials Verification

Database Access Descriptor (DAD) database authentication uses the Oracle database native authentication and user mechanisms to authenticate users using a basic authentication scheme. This authentication scheme gets the user name from the DAD either as the value stored in the DAD configuration or, if the account information is not stored in the DAD configuration, as the user name captured using the basic authentication challenge.

To use DAD credentials verification:

DAD database authentication is useful when you need to implement an authentication method that requires minimal setup for a manageable number of users. Ideally these users would have self-managed accounts in the database and your use of this authentication method would be short lived (for example, during the demonstration or prototyping stages of development).

The main drawback of this approach is burdensome account maintenance, especially if users do not administer their own passwords, or if their database accounts exist only to facilitate authentication to your application.

Setting Up DAD Credentials Verification

To set up DAD Credentials Verification:

  1. On the Workspace home page, click the Application Builder icon.

  2. Select an application.

  3. On the Application home page, click Shared Components.

    The Shared Components page appears.

  4. Under Security, select Authentication Schemes.

  5. On the Authentication Schemes page, click Create.

  6. Select Based on a pre-configured scheme from the gallery.

  7. From Gallery, select No Authentication (using DAD).

  8. Enter a name and click Create Scheme.

Single Sign-On Server Verification

Oracle Application Server Single Sign-On verification delegates authentication to the Oracle AS Single Sign-On (SSO) Server. To use this authentication scheme, your site must have been registered as a partner application with the SSO server.

Oracle Application Express applications can operate as partner applications with Oracle Application Server's Single Sign-On (SSO) infrastructure. To accomplish this, you must register your application (or register the Application Express engine) as the partner application. To do so, follow the Oracle Application Server instructions for registering partner applications and install the Oracle 9iAS SSO Software Developer Kit (SDK).

If you choose this approach, your application will not use an integrated login page. Instead, when a user accesses your application in a new browser session, the Application Express engine redirects to the Single Sign-On login page. After the user is authentication by SSO, the SSO components redirect back to your application, passing the user identity and other information to the Application Express engine. The user can then continue to use the application until they log off, terminate their browser session, or until some other session-terminating event occurs.

Setting Up Oracle Application Server Single Sign-On

To set up Oracle Application Server Single Sign-On:

  1. On the Workspace home page, click the Application Builder icon.

  2. Select an application.

  3. On the Application home page, click Shared Components.

    The Shared Components page appears.

  4. Under Security, select Authentication Schemes.

  5. On the Authentication Schemes page, click Create.

  6. Select Based on a pre-configured scheme from the gallery.

  7. From Gallery, select one of the following:

    • Oracle Application Server Single Sign-On (Application Express engine as Partner App) delegates authentication to the Oracle AS Single Sign-On (SSO) Server. To use this authentication scheme, your site must have been registered as a partner application with the SSO server.

    • Oracle Application Server Single Sign-On (My application as Partner App) delegates authentication to the SSO server. Requires that you register an application with SSO as a partner application.

  8. Enter a name and click Create Scheme.


 Previous
Previous 		 Next
Next