tag:blogger.com,1999:blog-302298286928742422.post3946198074551933802..comments2024-03-27T22:52:06.600-07:00Comments on #cloud blog: Using Active Directory to control Authentication and Authorisation to ApexDBAHarrisonhttp://www.blogger.com/profile/16901239165682958859noreply@blogger.comBlogger18125tag:blogger.com,1999:blog-302298286928742422.post-48605546419428896902019-05-15T08:57:03.330-07:002019-05-15T08:57:03.330-07:00This comment has been removed by the author.Tonia Arnoldhttps://www.blogger.com/profile/15683641726154022979noreply@blogger.comtag:blogger.com,1999:blog-302298286928742422.post-79430796430702437782019-05-15T07:15:37.274-07:002019-05-15T07:15:37.274-07:00This comment has been removed by the author.Tonia Arnoldhttps://www.blogger.com/profile/15683641726154022979noreply@blogger.comtag:blogger.com,1999:blog-302298286928742422.post-21908728979802088342017-03-17T22:34:18.429-07:002017-03-17T22:34:18.429-07:00Hi ,
I have apex URL integrated within my applica...Hi ,<br /><br />I have apex URL integrated within my application.<br /><br />URL like : https://slms.ABCDEF.com/apex/f?p=107:3:::::P_USER:c2FyZ2JlaGU=<br /><br />Here from the other application we are passing :P_USER which is the user name of the current user .<br />I want to use that :P_USER variable value in my apex report for user authentication and other query operations . Please guide me how i can use the :P_USER value passed from the URL in APEX authentications .<br /><br />Issues I am facing <br />-------------------<br />1. I can't able to use the :P_USER variable value in APEX to authenticate the user so the report is open for all now .(For now i am using apex authentication for temporary).<br /><br />2. If somebody copy the URL and paste in other browser then the APEX report UI opens with out any security . How to prevent the copy paste URL working for customer ?<br /><br />3. What are the other security method i can apply in the APEX by using the variable passed in URL ? :P_USER .<br /><br />4. How i can achieve the SSO (Single sign on) APEX . We have integrated the APEX URL in other application and we have a requirement to implement the SSO . But i am new to apex and i have no idea how to implement . Could you please guide me on solving these issues .<br /><br />Please send some steps how to do that in my email: gyanabehera2013@gmail.com .<br /><br />Thank you in advance .<br /><br />Regards<br />Gyanagyanahttps://www.blogger.com/profile/17568627879548714048noreply@blogger.comtag:blogger.com,1999:blog-302298286928742422.post-58151216510414751972016-09-13T07:26:47.339-07:002016-09-13T07:26:47.339-07:00This comment has been removed by the author.bbmm7thhttps://www.blogger.com/profile/05300384035042362344noreply@blogger.comtag:blogger.com,1999:blog-302298286928742422.post-25086493675232240042015-04-16T08:05:21.337-07:002015-04-16T08:05:21.337-07:00Hi Rich,
This was just a typo. sorry
It looks l...Hi Rich, <br /><br />This was just a typo. sorry<br /><br />It looks like that the authorization is also verified when logging out. But by that time the variables are already reset to NULL. I workarounded this by checking of V_PASSWORD_AUTHTEMP and V_USERNAME_AUTHTEMP (new) to NULL. Then it's fine.<br /><br />But how have you implemented 'reconnect' in case of not authorized? I found here (https://community.oracle.com/thread/967588) an idea but it does not work so far for me<br /><br />Thanks Reinhard<br />Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-302298286928742422.post-64255801116197665032015-04-16T06:39:41.577-07:002015-04-16T06:39:41.577-07:00Hi reinhard - not sure if it's just a type in ...Hi reinhard - not sure if it's just a type in your last post - but the line<br /><br />RETURN ldap_auth(v('APP_USER',:V_PASSWORD_AUTHTEMP);<br /><br /> should be<br /><br />RETURN ldap_auth(v('APP_USER'),:V_PASSWORD_AUTHTEMP);<br /><br />Cheers,<br />Rich<br />DBAHarrisonhttps://www.blogger.com/profile/16901239165682958859noreply@blogger.comtag:blogger.com,1999:blog-302298286928742422.post-6597923962198163872015-04-16T05:24:59.999-07:002015-04-16T05:24:59.999-07:00Hi Rich,
Thanks for you reply.
Our domain setup ...Hi Rich,<br /><br />Thanks for you reply.<br /><br />Our domain setup does not look like unusal.<br /><br />Username/password hardcoded works fine:<br /><br />RETURN ldap_auth('','');<br /><br />Username/password from login page failed:<br /><br />RETURN ldap_auth(v('APP_USER',:V_PASSWORD_AUTHTEMP);<br /><br />no idea why.<br /><br />Used username/password do not contain double quotes...<br /><br />Please help.<br /><br />Regards,<br />ReinhardAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-302298286928742422.post-60441354036442937712015-04-16T00:34:41.623-07:002015-04-16T00:34:41.623-07:00Hi Reinhard,
I did a quick google on that error me...Hi Reinhard,<br />I did a quick google on that error message and there is very little on it.<br /><br />Is there anything unusual about the dn - very long or something? (see this link https://support.microsoft.com/en-gb/kb/974522)<br /><br />Does it contain double quotes?<br /><br />Have you tried hardcoding it with username/password to check nothing is going wrong there?<br /><br />Regards,<br />RichDBAHarrisonhttps://www.blogger.com/profile/16901239165682958859noreply@blogger.comtag:blogger.com,1999:blog-302298286928742422.post-41625808407089041812015-04-15T08:41:13.690-07:002015-04-15T08:41:13.690-07:00Hi,
I implemented your solution but have trouble ...Hi,<br /><br />I implemented your solution but have trouble passing username & password. <br /><br />As recommended I use <br />- v('APP_USER') and<br />- application item<br /><br />The problem is always I log out the authorization schema is executed (it looks like) and the following error will be thrown:<br /><br />"Error processing authorization.<br /><br />ORA-31202: DBMS_LDAP: LDAP client/server error: Invalid credentials. 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 57, v1db1"<br /><br />Can you help please?<br /><br />Thanks Reinhard<br /><br /><br /><br /><br />Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-302298286928742422.post-2809147541205054522015-03-23T03:12:02.261-07:002015-03-23T03:12:02.261-07:00Hi Adrita,
Sorry somehow this comment passed me by...Hi Adrita,<br />Sorry somehow this comment passed me by. I think what you want to do is possible (if i understand it correctly) - it just needs some extra effort to search for all the children of the parent group - and for all thos e groups then search for memebership of the login.<br /><br />It's not a huge amount of code i don't think but long enough that i can't really spend the time on it for you.<br /><br />You'd need to start with a different variation on dbms_ldap.search i think to identify the groups<br /><br />and then loop through the groups using the code you already have above.<br /><br />There may also be a way to just identify child memberhsip directly via some sort of different search - but I'm not sure.<br /><br />Cheers,<br />RichDBAHarrisonhttps://www.blogger.com/profile/16901239165682958859noreply@blogger.comtag:blogger.com,1999:blog-302298286928742422.post-90030165274165448562015-03-10T03:01:55.778-07:002015-03-10T03:01:55.778-07:00Hi,
I have implemented your solution.But it is not...Hi,<br />I have implemented your solution.But it is not working as i have slightly different situation. I am asked to authenticate users under group A.This group a has various groups inside it say B,C,D and the user is memeber of these child group.I need all the users to be validated who are in B,C,D.and i can not put B,C,D's name in the string match as there may be new child group added to A.<br />Please suggest how i can proceed.<br /><br />Regards<br />AdritaAnonymoushttps://www.blogger.com/profile/05608188215626810772noreply@blogger.comtag:blogger.com,1999:blog-302298286928742422.post-11332673038534050262015-03-09T08:23:39.574-07:002015-03-09T08:23:39.574-07:00Hi,
Did you do the ACL tests as a 'normal'...Hi,<br />Did you do the ACL tests as a 'normal' user - if you run it as SYS it bypasses all the security anyway.<br /><br />Try creating a basic user and then run the plsql as that user.<br /><br />Cheers,<br />RichDBAHarrisonhttps://www.blogger.com/profile/16901239165682958859noreply@blogger.comtag:blogger.com,1999:blog-302298286928742422.post-77623727905116599262015-03-09T08:06:13.631-07:002015-03-09T08:06:13.631-07:00Hi Richard!
I have tried the settings which you ga...Hi Richard!<br />I have tried the settings which you gave me on the link. But I ran into a problem. I can authenticate now from AD. I set up the ldap_auth function but when I run it, it gives me "network access denied by access control list (ACL)". I have tried the PL/SQL test codes, they run fine. Only this function gives back this error. I am running on 4.0.2.00.08.Tiborhttps://www.blogger.com/profile/04404879626039564644noreply@blogger.comtag:blogger.com,1999:blog-302298286928742422.post-52200486985434010982015-01-22T03:15:41.632-08:002015-01-22T03:15:41.632-08:00Amazing blog. If only all blogs explained so well....Amazing blog. If only all blogs explained so well. You helped me so much. Thank you for taking the time to make this.Claudiuhttps://www.blogger.com/profile/01287050152446003533noreply@blogger.comtag:blogger.com,1999:blog-302298286928742422.post-46082390455182022142014-12-09T13:32:17.033-08:002014-12-09T13:32:17.033-08:00thank you for this post...it was very helpful.thank you for this post...it was very helpful.Anonymoushttps://www.blogger.com/profile/16371582949703723130noreply@blogger.comtag:blogger.com,1999:blog-302298286928742422.post-21130944358955497322014-09-08T03:14:31.425-07:002014-09-08T03:14:31.425-07:00Hi Rahul,
I think i need a bit more to go on that ...Hi Rahul,<br />I think i need a bit more to go on that 'it doesnt work' :-)<br /><br />The most likely cause of the problem is i think -<br /><br />1) Database Network ACL is blocking the ldap port<br />2) incorrect ldap details entered in APEX<br /><br />Did you get the plsql to work OK - that needs to function before you even think about Apex<br /><br />Cheers,<br />RichDBAHarrisonhttps://www.blogger.com/profile/16901239165682958859noreply@blogger.comtag:blogger.com,1999:blog-302298286928742422.post-66360358395079793582014-09-07T03:18:20.228-07:002014-09-07T03:18:20.228-07:00HI,
I am trying to implement this at a workspace ...HI,<br /><br />I am trying to implement this at a workspace application level, not able to make it run.<br />Can someone please assist.<br /><br />Followed this blog as well as this one<br /><br />http://www.grassroots-oracle.com/2013/09/using-ldap-to-authenticate-your-apex.html<br /><br />Thanks<br />RahulRahulhttps://www.blogger.com/profile/00691256738501448427noreply@blogger.comtag:blogger.com,1999:blog-302298286928742422.post-74603232520125899732014-07-25T03:16:32.005-07:002014-07-25T03:16:32.005-07:00There is a nasty flaw with the above - please read...There is a nasty flaw with the above - please read my other post to make sure you have closed the security hole!<br /><br />http://dbaharrison.blogspot.de/2014/07/when-clever-security-ends-up-as-no.html<br /><br />DBAHarrisonhttps://www.blogger.com/profile/16901239165682958859noreply@blogger.com