Home > Managing Application Security > Establishing User Identity ... > Using Preconfigured Authent...
Previous |
Next |
When you select a preconfigured authentication scheme, Oracle Application Express creates an authentication scheme for your application that follows a standard behavior for authentication and session management.
Topics:
Open Door Credentials enables anyone to access your application using a built-in login page that captures a user name. This authentication method is useful during application development.
To set up Open Door Credentials:
On the Workspace home page, click the Application Builder icon.
Select an application.
On the Application home page, click Shared Components.
The Shared Components page appears.
Under Security, select Authentication Schemes.
On the Authentication Schemes page, click Create.
Select Based on a pre-configured scheme from the gallery.
From Gallery, select Show Login Page and Use Open Door Credentials.
Specify a login page and click Next.
Enter a name and click Create Scheme.
Oracle Application Express Account Credentials are internal user accounts (also known as "cookie user" accounts) that are created within and managed in the Oracle Application Express user repository. When you use this method, your application is authenticated against these accounts.
Application Express Account Credentials is a good solution when:
You want control of the user account repository
User name and password-based approach to security is sufficient
You do not need to integrate into a single sign-on framework
This is an especially good approach when you need to get a group of users up and running on a new application quickly.
To set up Application Express Account Credentials:
On the Workspace home page, click the Application Builder icon.
Select an application.
On the Application home page, click Shared Components.
The Shared Components page appears.
Under Security, select Authentication Schemes.
On the Authentication Schemes page, click Create.
Select Based on a pre-configured scheme from the gallery.
From Gallery, select Show Login Page and Use Application Express Account Credentials.
Specify a login page and click Next.
Enter a name and click Create Scheme.
Database Account Credentials utilizes database schema accounts.This authentication scheme requires that a database user (schema) exist in the local database. When using this method, the user name and password of the database account is used to authenticate the user.
Database Account Credentials is a good choice if having one database account for each named user of your application is feasible and account maintenance using database tools meets your needs
To set up Database Account Credentials:
On the Workspace home page, click the Application Builder icon.
Select an application.
On the Application home page, click Shared Components.
The Shared Components page appears.
Under Security, select Authentication Schemes.
On the Authentication Schemes page, click Create.
Select Based on a pre-configured scheme from the gallery.
From Gallery, select Show Login Page and Use Database Account Credentials.
Specify a login page and click Next.
Enter a name and click Create Scheme.
You can configure any authentication scheme that uses a login page to use Lightweight Directory Access Protocol (LDAP) to verify the user name and password submitted on the login page.
Application Builder includes wizards and edit pages that explain how to configure this option. These wizards assume that an LDAP directory accessible to your application for this purpose already exists and that it can respond to a SIMPLE_BIND_S
call for credentials verification. When you create an LDAP Credentials authentication scheme, the wizard requests and saves the LDAP host name, LDAP port, and the DN string. An optional preprocessing function can be specified to adjust formatting of the user name passed to the API.
To set up LDAP credentials verification:
On the Workspace home page, click the Application Builder icon.
Select an application.
On the Application home page, click Shared Components.
The Shared Components page appears.
Under Security, select Authentication Schemes.
On the Authentication Schemes page, click Create.
Select Based on a pre-configured scheme from the gallery.
From Gallery, select Show Login Page and Use LDAP Directory Credentials.
Specify a login page and click Next.
Specify the following and click Next.
LDAP Host
LDAP Port
LDAP Distinguished Name (DN) String
(Optional) LDAP Username Edit Function
To view help for a specific item, click the item label. When help is available, the item label changes to red when you pass your cursor over it and the cursor changes to an arrow and question mark. See "About Field-Level Help".
Enter a name and click Create Scheme.
Database Access Descriptor (DAD) database authentication uses the Oracle database native authentication and user mechanisms to authenticate users using a basic authentication scheme. This authentication scheme gets the user name from the DAD either as the value stored in the DAD configuration or, if the account information is not stored in the DAD configuration, as the user name captured using the basic authentication challenge.
To use DAD credentials verification:
Each application user must have a user account in the Oracle database.
You must configure a PL/SQL DAD for basic authentication (without account information).
This results in one user name/password challenge for browser session for your application users. The user identity token is then made available in the APP_USER
item.
DAD database authentication is useful when you need to implement an authentication method that requires minimal setup for a manageable number of users. Ideally these users would have self-managed accounts in the database and your use of this authentication method would be short lived (for example, during the demonstration or prototyping stages of development).
The main drawback of this approach is burdensome account maintenance, especially if users do not administer their own passwords, or if their database accounts exist only to facilitate authentication to your application.
To set up DAD Credentials Verification:
On the Workspace home page, click the Application Builder icon.
Select an application.
On the Application home page, click Shared Components.
The Shared Components page appears.
Under Security, select Authentication Schemes.
On the Authentication Schemes page, click Create.
Select Based on a pre-configured scheme from the gallery.
From Gallery, select No Authentication (using DAD).
Enter a name and click Create Scheme.
Oracle Application Server Single Sign-On verification delegates authentication to the Oracle AS Single Sign-On (SSO) Server. To use this authentication scheme, your site must have been registered as a partner application with the SSO server.
Oracle Application Express applications can operate as partner applications with Oracle Application Server's Single Sign-On (SSO) infrastructure. To accomplish this, you must register your application (or register the Application Express engine) as the partner application. To do so, follow the Oracle Application Server instructions for registering partner applications and install the Oracle 9iAS SSO Software Developer Kit (SDK).
If you choose this approach, your application will not use an integrated login page. Instead, when a user accesses your application in a new browser session, the Application Express engine redirects to the Single Sign-On login page. After the user is authentication by SSO, the SSO components redirect back to your application, passing the user identity and other information to the Application Express engine. The user can then continue to use the application until they log off, terminate their browser session, or until some other session-terminating event occurs.
To set up Oracle Application Server Single Sign-On:
On the Workspace home page, click the Application Builder icon.
Select an application.
On the Application home page, click Shared Components.
The Shared Components page appears.
Under Security, select Authentication Schemes.
On the Authentication Schemes page, click Create.
Select Based on a pre-configured scheme from the gallery.
From Gallery, select one of the following:
Oracle Application Server Single Sign-On (Application Express engine as Partner App) delegates authentication to the Oracle AS Single Sign-On (SSO) Server. To use this authentication scheme, your site must have been registered as a partner application with the SSO server.
Oracle Application Server Single Sign-On (My application as Partner App) delegates authentication to the SSO server. Requires that you register an application with SSO as a partner application.
Enter a name and click Create Scheme.