Create a custom authentication

I'm plowing through the EXCELLENT paper of Raj Mattamal on it.
http://www.Oracle.com/technetwork/issue-archive/2009/09-may/o39security-101079.html

I'm missing a big piece of agreement, however. I think I have everything configured properly by article and have edited the .sql to match my own applications and tables. But I don't understand how this will be physically present to the user.

How does the user connect to the suite? The provided login application gives the administrator a place to enter all the applications in the suite, but I know that my users would not have to log in here. Is the right username to any app they want to use and connects them in the rest of the applications after that?

Looks like you have a users table and many applications, correct? There was an old APEX 2/3 days app that would allow you to have a menu application above other applications, but I don't think that he manipulated the rights... What I would do is have a built set of roles and then assign users for each application, these roles that would then be used by a set of authorisation schemes to allow users to do what they need to do on each app...

Does this sound like a plan?

Here is the article from 2008: http://www.oracle.com/technetwork/issue-archive/2006/06-may/o36apex-086847.html

Thank you

Tony Miller
Ruckersville, WILL

Tags: Database

Similar Questions

  • Custom authentication scheme

    Dear community,

    I tried to create a custom authentication scheme based on a tutorial. But seemed to fail since the tutorial works on version 4.0 and I'm working on 4.1.

    Step 1. create table user_repository)
    username varchar2 (8).
    VARCHAR2 (8) password,.
    primary key (username)
    );

    Step 2 insert into user_repository values ('John', '1234');

    Step 3.

    create or replace package pkg_auth as
    function authenticate (p_username in varchar2,
    p_password in varchar2) return Boolean;
    end;

    create or replace package body pkg_auth as
    function authenticate (p_username in varchar2,
    p_password in varchar2) return Boolean is
    v_result integer: = 0;
    Start
    Select 1
    in v_result
    of user_repository
    where username = lower (p_username)
    and password = p_password;
    Return (v_result = 1);
    exception
    When no_data_found then
    Returns false;
    end to authenticate;
    end;

    Step 4. They want to create an authentication scheme from scratch, which does not exist in 4.1 (so it fails pretty well by already). I created a (based on some configs by default) normal authentication scheme.

    Step 5 They want to fill me this service "customized to authenticate": return pkg_auth.authenticate;
    Unfortunenately this functionality is not there either.


    Theyre talking passhashing, who used to work since I don't even get the normal authentication scheme to work.
    If someone could help me to create a custom authentication scheme based on the table in * 4.1, that wouldve was awesome.

    Authentication and authorization have been cleaned up to 4.1

    Create a schema of authentication "based on a pre-configured gallery system", and then select the type of theme of "custom".
    You can place your pl/sql code in the source field, or keep it in your database.
    Set your pkg_auth.authenticate in the field "name of the function of authentication.

    Final note - you should not really store plaintext passwords - I hope that this example of coding has been for the demo only. Check the past of examples that use the custom_hash function, for example.

    Scott

  • 4.0.1 custom authentication

    Hello

    I am trying to create a custom authentication scheme based on my own auth function.
    The function already exists and works very well in APEX 3.2.1.

    4.0.1 it seems that the function is not called at all.

    If someone has recognized the same? Solved?

    Is it still 'return my_authfunction' in the schema definition?


    Thanks in advance.
    Carsten

    Hi Carsten,

    I was not able to know the workspace CPESPACE the connection and user PATRICK with the password [email protected]
    Can you reset again once, maybe someone else connected and changed the password.

    Concerning
    Patrick
    -----------
    My Blog: http://www.inside-oracle-apex.com
    APEX 4.0 Plug-Ins: http://apex.oracle.com/plugins
    Twitter: http://www.twitter.com/patrickwolf

  • CUSTOM AUTHENTICATION

    Hello
    I have a small problem concerning custom authention...

    I need to create a custom authentication which accepts 3 variables and it seems to me making a mistake... LEGAL TYPES of arguments...

    Until that moment, I felt that miss me a point... custom authentication works...
    I know that my answer will be the AUTHENTICATION SCHEME THAT the AUTHENTICATION SERVICE cannot accept that TWO variables...

    I know I've seen discussions on this, but I would like to Y?
    Y must he be alone are accepted both values? If I want to create a custom authentication which accepts 3 or 4 or 5 if I shouldn't be free to do?
    create or replace function auth_on_my_users (p_username in varchar2, p_password in varchar2)
    return a Boolean value is
    Start
    Returns true;
    end;
    Why the input variables must be fixed with these names?
    I just need some answers there as I am trying to understand the rationale.

    Another supplementary question might be...

    I have a requirement where I need to make a custom authentication and I need to use three variables, how do I make a u-turn for this...

    Sorry for my stupid questions, but I hope to have some good answers and critics also welcomed...

    Concerning
    Alex Noel, Makumuli,
    Tanzania

    Hello

    For the workaround, you can for example define application component and use it in your function as parameter 3 as

     l_local_variable := v('MY_APP_ITEM');

    BR, Jari

  • Help: creating a custom LDAP authentication

    Hi all

    For some reason I need a LDAP authentication against 2 host servers.
    For this reason that I wrote a function with 2 parameters of user and password. This function is to search on a server to which the user can find and make a simple_bind on the server, return true to bind with success and false for failure.
    FUNCTION LDAP_AUTH_GLOBAL_DOMAIN
  ( pUser     IN            VARCHAR2
  , pPassword IN            VARCHAR2 )
RETURN BOOLEAN
IS
  l_retval PLS_INTEGER;
  l_session DBMS_LDAP.session;
  l_ldap_port   VARCHAR2(256) := '123';
  l_ldap_host   VARCHAR2(256);
  l_ldap_user   VARCHAR2(256);
  l_ldap_passwd VARCHAR2(256);
  v_login       VARCHAR2(256);
  v_login_result boolean := FALSE;
  v_domain       VARCHAR2(100);
BEGIN
  BEGIN
    v_domain := GET_DOMAIN_OF_USER( pUser => pUser );
    v_login := v_domain || '\' || pUser;
  
    IF lower(v_domain) = 'mydomain' THEN
      l_ldap_host := 'host.mydomain.com';
    ELSIF lower(v_domain) = 'mydomain2' THEN
      l_ldap_host := 'host.mydomain2.com'';
    END IF;
    
    DBMS_LDAP.USE_EXCEPTION := TRUE;
    --    
    l_session := DBMS_LDAP.init( hostname => l_ldap_host, 
                                 portnum => l_ldap_port);
    l_retval  := DBMS_LDAP.simple_bind_s( ld => l_session, 
                                          dn => v_login, 
                                          passwd => pPassword );
    v_login_result := TRUE;                                      
                                          
    l_retval := DBMS_LDAP.unbind_s( ld => l_session );
    
  EXCEPTION 
    WHEN OTHERS THEN
      v_login_result := FALSE;
  END;  
    
  RETURN v_login_result;
END LDAP_AUTH_GLOBAL_DOMAIN;
    In the next step, I created a new authentication scheme "Based on the pre-setting plan of the Gallery", entered a name and selected "Custom" as the type of regime.
    The next page, I even ask some values:
    Function name Sentinel-> what I have to do or is there a default check when I leave it empty
    Name of procedure no valid Session-> y at - it a default value, when it is empty
    Name of the function of authentication-> I entered: "return my_auth (: username,: PASSWORD) ' or 'return my_auth' or 'my_auth '.
    Name of the Logoout post-> procedure y at - it a default value, when it is empty
    Activate the attributes Legacy authentication-> does this mean?

    On my login page existing I changed nothing, so I still have my processes:
    The Username Cookie value:
    begin
owa_util.mime_header('text/html', FALSE);
owa_cookie.send(
    name=>'LOGIN_USERNAME_COOKIE',
    value=>lower(:P101_USERNAME));
exception when others then null;
end;
    Login:
    wwv_flow_custom_auth_std.login(
    P_UNAME       => :P101_USERNAME,
    P_PASSWORD    => :P101_PASSWORD,
    P_SESSION_ID  => v('APP_SESSION'),
    P_FLOW_PAGE   => :APP_ID||':1'
    );
    I'm a little uncertain about this logon process, should I change this?
    I've never used custom authentication and cannot find a step-to-step tutorial, by saying what needs to be done.

    Thanks for your help
    Chrissy

    Don't know if this is the case, but I think that your authentication functio signature should be:

    FUNCTION LDAP_AUTH_GLOBAL_DOMAIN
  (p_username   IN VARCHAR2,
   p_password   IN VARCHAR2)
RETURN BOOLEAN

  • Create the custom for more than one table, and then another user authentication scheme

    Hello

    I already test to create an courable authentication scheme. It works very well!

    My problem is that I designed a database on the data requirements. So the results are two different user tables - one record data of the company and the other to consist of data from dealers. Both can register on my web application with e-mail address (Unique).

    The authentication scheme in APEX checks the table right on a data user!

    A possible solution is to call the company with the dealer table table. But in the picture of society isn't some attributes wich find no need in the dealer table and vice versa.
    Further, that it is not possible that the concessionaire may register that they self as a company with the same which e-mail they use for registration as a reseller.

    Can you give me some more ideas how slove/manage this problem...

    I am using APEX 4.0.2 on an Oracle 10 g database.

    NEDO

    Edited by: Mr.Nedo the 12.05.2011 02:16

    >
    The authentication scheme in APEX checks the table right on a data user!

    A possible solution is to call the company with the dealer table table. But in the picture of society isn't some attributes wich find no need in the dealer table and vice versa.
    Further, that it is not possible that the concessionaire may register that they self as a company with the same which e-mail they use for registration as a reseller.
    >

    Create a view which combines common elements of the user of the 2 tables and the authentication scheme based checks on the view.

  • Issue in custom authentication

    Hi all

    I created a new custom authentication. The name of the function specified in the authentication scheme. My code seems to work very well (Boolean condition works) but authentication fails. Here's the package. Is there any other condition, I need the installation when you create to authenticate.

    can someone please suggest.


    create or replace package body app_login
is
Function get_hash(p_input IN varchar2)
return varchar2
is 
begin

RETURN UPPER(DBMS_OBFUSCATION_TOOLKIT.MD5 (
                 INPUT => UTL_I18N.STRING_TO_RAW(P_INPUT)));
                    -- return p_input;
end get_hash;

FUNCTION valid_user(p_username IN VARCHAR2 ,p_password IN VARCHAR2)
return boolean
is

v_hash varchar2(200);
V_RESULT number;
v_pwd DEMO1_USER.PASSWORD%type;

begin
v_hash:=app_login.get_hash(P_USERNAME || P_PASSWORD);

SELECT COUNT(*)
         INTO V_RESULT
          FROM DEMO1_USER
            WHERE UPPER(USERNAME) = UPPER(P_USERNAME)
                        AND UPPER(PASSWORD) = UPPER(V_HASH);


 IF V_RESULT > 0 THEN
       RETURN TRUE;
    ELSE
       RETURN FALSE;
    END IF;

end valid_user;

Procedure add_user(p_username IN VARCHAR2 ,p_password IN VARCHAR2)
is 
v_pwd_hash varchar2(200);
begin
v_pwd_hash:=app_login.get_hash(P_USERNAME || P_PASSWORD);
insert into demo1_user values(APP_USER_SEQ.nextval,p_username,v_pwd_hash);
commit;
end add_user;



end app_login;
    Thank you
    REDA

    Renon wrote:
    Hi Hari,

    Thank you very much for your time this issue. His works now.
    But the add_user function and the valid_user calls the function get_hash even without stem previously so why validation fails? Is required to be capitalized?

    Concerning
    REDA

    User name will always be in uppercase letters, regardless of how the user entered in the login screen. So in fact, UPPER (P_USERNAME) based on authentication valid_user is not necessary. However I have just kept it so that it returns the correct value when you run it go back. (for the objective test) etc.

    Value of variable binding that app_user will always be as HIGH of breakage.

    Kind regards
    Hari

  • Apex 4.1 - Websheets with the custom authentication scheme

    Apex v4.1 (as seen on the hosted apex.oracle.com) - Websheets do not always seem to work with a custom authentication scheme. Database applications work very well with a function of sentry page, but when the same page sentry function is used for a websheet, running, it gives an error the requested page was not found

    One of the Apex team can consult? Thank you

    Hi Vikas,

    Websheet Sentinels have slight differences of sentinels of the application.
    I created a sentinel websheet for you which should operate (see below).

    Christian

    create or replace function sample_page_sentry return boolean
is
    l_username   varchar2(512);
    l_session_id number;
    l_ws_app_id  number;
begin
    -- check to ensure that we are running as the correct database user.
    if user != 'APEX_PUBLIC_USER' then
        return false;
    end if;
    -- get sessionid in cookie
    l_session_id := wwv_flow_custom_auth_std.get_session_id_from_cookie;
    if wwv_flow_custom_auth_std.is_session_valid then
        -- the session still exists. we configure the APEX engine to use
        -- this session id and the session's username.
        --
        -- NOTE: it is more secure to also check if this is the session id from
        --       the URL!
        --
        apex_application.g_instance := l_session_id;
        l_username                  := wwv_flow_custom_auth_std.get_username;
        if nvl(l_username,'nobody') != 'nobody' then
            wwv_flow_custom_auth.define_user_session(
                p_user       => l_username,
                p_session_id => l_session_id);
            return true;
        end if;
    else
        -- session can not be reused, create a new one
        l_session_id := apex_custom_auth.get_next_session_id;
    end if;                                                                                 

    -- the current session is unauthenticated. we have to determine the user
    -- and log in.                                                                          

    -- get the username from somewhere, e.g. a cgi variable. it is hard-coded
    -- here for simplification.
    l_username := 'VANJ';
    -- configure the engine to use this username and session.
    apex_custom_auth.define_user_session(
         p_user       => l_username,
         p_session_id => l_session_id );
    -- build a deep link to the websheet start page
    l_ws_app_id  := apex_util.get_session_state ('WS_APP_ID');
    wwv_flow_custom_auth.remember_deep_link (
         p_url=>'ws?p='||l_ws_app_id||'::'||l_session_id );
    -- register the session in apex sessions table, set cookie, redirect back.
    apex_authentication.login(
         p_username => l_username,
         p_password => null );
    return true;
end sample_page_sentry;
/

    Published by: Christian Neumueller November 15, 2011 07:07 (a wiki format error corrected)

  • Need help-> custom authentication scheme

    Hey,.

    I am working on a custom authentication scheme.

    First, I create a test table:
    CREATE TABLE TBL_USER
  (
    USR_EMAIL VARCHAR2(40 BYTE) NOT NULL ENABLE,
    USR_ID    NUMBER NOT NULL ENABLE,
    USR_PW    VARCHAR2(255 BYTE) NOT NULL ENABLE,
    USR_ROLLE VARCHAR2(20 BYTE),
CONSTRAINT "TBL_USER_PK" PRIMARY KEY ("USR_ID")
);
    Then a function to hash the email and pw: 
    create or replace
function app_hash_test (p_email in varchar2, p_passwort in varchar2)
return varchar2
is
  l_passwort varchar2(4000);
  l_salt varchar2(4000) := 'DFS2J3DF4S5HG666IO7S8DJGSDF8JH';
                            
begin
  l_passwort := utl_raw.cast_to_raw(dbms_obfuscation_toolkit.md5
  (input_string => p_passwort || substr(l_salt,10,13) || p_email ||
    substr(l_salt, 4,10)));
  return l_passwort;
end;
    Then, a function of authentication: 
    create or replace
function app_auth_test (p_email in VARCHAR2, p_passwort in VARCHAR2)
return number
is
  l_passwort varchar2(4000);
  l_stored_passwort varchar2(4000);
  l_expires_on date;
  l_count number;
begin
  select count(*) 
    into l_count 
    from tbl_user 
   where upper(usr_email) = upper(p_email);

  if l_count > 0 
  then
    select usr_pw 
      into l_stored_passwort
      from tbl_user 
      where upper(usr_email) = upper(p_email);

    l_passwort := app_hash_test(p_email, p_passwort);

    if l_passwort = l_stored_passwort 
    then
      return 1;
    else
      return 0;
    end if;
  else
    return 0;
  end if;
end;
    After this, I create a form on the table tbl_user to insert the users by e-mail, password and rol (drop-down).

    On this Page (3), I create a new process to generate the hash value.
    begin
:P3_usr_email := upper(:P3_usr_email);
:P3_usr_pw := app_hash_test(:P3_usr_email,:P3_usr_pw);
:P3_usr_email := lower(:P3_usr_email);
end;
    After completing my page reg., I insert some users to test it later.

    The next step was to create a new authentication scheme in the shared components.
    Share components
    1. create
    2 starting at zero
    3. name-> TBL_USER
    4 JUMP
    5 JUMP
    6. the Page of this Application-> Page 1
    7 JUMP
    8 use my custom function to authenticate. -> return app_auth_test
    9 JUMP
    10 JUMP
    11 LOGOUT URL-> wwv_flow_custom_auth_std.logout? p_this_flow = APP_ID. & amp; p_next_flow_page_sess = & APP_ID.:1
    12. create schema

    My next step is to set the new regime as current-> current change

    I'm trying to open a session to my existing page with an e-mail and password in the tbl_user table.

    But all I got, is an error message:

    ORA-06550: line 2, column 8: PLS-00306: wrong Anzahl oder Typen von illuminated by von call 'APP_AUTH_TEST' ORA-06550: 2 line, column 1: PL/SQL: statement ignored

    ERR Fehler - 10460 implement von Funktion zum Prufen der Authentifizierungs-ID-Daten nicht possible.

    Translattion:
    Wrong number or type of argument in the call to 'APP_AUTH_TEST' ORA-06550: 2 line, column 1: PL/SQL: statement ignored

    Error ERR-10460 perform the function of evidence authentication-ID data - is not possible.

    I have check the operation, but it seems ok!
    does anyone know, what I forgot? Perhaps some parameters in the Login Page?

    NEDO

    Edited by: Mr.Nedo the 12.04.2011 07:55

    Your authentication (app_auth_test) matching mist signature exactly as shown in the window help or documentation.

    function app_auth_test (p_email in VARCHAR2, p_passwort in VARCHAR2) RETURN NUMBER

    differs from the documentation

    (p_username in varchar2, p_password in varchar2) return a Boolean value

    Change function app_auth_test so that it matches with the signature expected (return type and the parameter names and types) or write a wrapper for him with this signature and use that work more like authentication.

  • Custom authentication fails with PLS-00306: wrong number or types of argume

    Hello

    I wrote a custom authentication scheme. I have a function that returns a BOOLEAN. Now, when I tried to test it, he throwed the following error.

    < pre >
    ORA-06550: line 2, column 8: PLS-00306: wrong number or types of arguments in the call to 'AUTH_ON_MY_USERS' ORA-06550: line 2, column 1: PL/SQL: statement ignored
    ERR-10460 error cannot perform the function of verification of the authentication credentials.
    Ok
    < / pre >

    The function is
    < pre >
    create or replace function auth_on_my_users (p_username_in in varchar2
    p_password_in in varchar2)
    return a Boolean value
    is
    Start
    Returns true;
    end;
    < / pre >

    I have an Oracle 10 g XE on windows. Apex 3.2.1. When I tried the same thing in apex.oracle.com, it worked. Is there something to do with XE and 3.2.1?

    Any idea? Thanks in advance.

    Concerning
    Guru

    Published by: guru Perrin on November 23, 2009 19:44 - Typo

    Hello

    Try

    create or replace function auth_on_my_users( p_username in varchar2, p_password in varchar2)
return boolean is
begin
 return true;
end;

    The engine requires Express provides this function to have the signature (p_username in varchar2, p_password in varchar2) return a Boolean value.
    >

    BR, Jari

  • Change password with a custom authentication

    Hello

    I use a custom authentication scheme, which is a combination of authentication, ldap and apex. I created a function that checks in a user table to see if authentication_type is 'LDAP' or ' APEX. Depending on the type, be it authenticate against ldap or apex. It works very well. No problem.

    I also created a page for the password change functionality. This page has "new password" and "Confirm password" fields and a "submit" button. He also ' send' process that calls apex_util. CHANGE_CURRENT_USER_PW(:P43_NEWPASSWORD); to change the password for users of the apex.

    To change the password, the page gives the message that the password was changed successfully, but it actually doesn't change anything. I don't understand why?

    Help, please.

    Thnx
    Milan

    The user name is stored in uppercase in the user account. So what you could do is:

    declare l_user varchar2 (30);
    Start
    l_user: = v ('APP_USER');
    apex_application. G_user: = upper (l_user);
    apex_util. CHANGE_CURRENT_USER_PW(:P43_NEWPASSWORD);
    apex_application. G_user: = l_user;
    end

    Scott

  • Custom authentication not found

    Hello

    My application is called APPEVT2TAB.
    I created a packaged function to test custom authentication:

    create or replace package pkg_appevt2tab as
    function f_authenticate (p_username in varchar2, p_password in varchar2) return Boolean;
    end pkg_appevt2tab;
    /
    create or replace package body pkg_appevt2tab as
    function f_authenticate (p_username in varchar2, p_password in varchar2) return Boolean is
    Start
    insert into test_table values ('start');
    commit;
    Returns true;
    exception
    while others then
    Insert values into table_test ('exception');
    commit;
    Returns true;
    end pkg_appevt2tab;
    /
    create public synonym pkg_appevt2tab for pkg_appevt2tab;
    Grant execute on pkg_appevt2tab to public;

    In the authentication box, I "return pkg_appevt2tab.f_authenticate;" (without the quotes, of course) and I made sure that the custom authentication process is underway.

    When I run my application, I can't connect (I get "Invalid Login Credentials").
    When you check the test_table, it has no records inside.

    I tried to change the value of the field authentication for "return pkg_appevt2tab.f_authenticat;" (the last 'e' is missing, which is a name not valid) and found that the behavior is exactly the same.

    So far, my conclusion is therefore that the packaged function cannot be found.
    Is this correct? If so, why?, if not, what is the problem?

    Any help would be appreciated!

    Thank you

    Gabor

    Gabor:

    This comment

    I tried to change the value of the field authentication for "return pkg_appevt2tab.f_authenticat;" (the last 'e' is missing, which is a name not valid) and found that the behavior is exactly the same.

    leads me to suspect that your application uses a different authentication scheme somehow. Where authentication is misspelled or is unavailable, APEX triggers an appropriate error when attempting authentication.

    CITY

  • I can't create the custom toolbar

    Whenever I try to create the custom toolbar, it disappears after you restart Firefox. Can you suggest me a solution for this?

    Thank you!

    Start Firefox in Safe Mode to check if one of the extensions (Firefox/tools > Modules > Extensions) or if hardware acceleration is the cause of the problem (switch to the DEFAULT theme: Firefox/tools > Modules > appearance).

    • Do not click on the reset button on the start safe mode window or make changes.

    What security (firewall, antivirus) software do you have?

    Some security software has virtualization or sandbox features that can cause problems to protect and restore files in the Firefox profile folder.

  • I created a custom and registered with a specific name date format. However, when I open a new worksheet, my saved format does not display in the menu drop-down? Am hoping that I don't need to create the same format for each new sheet?

    I created a custom and registered with a specific name date format. However, when I open a new worksheet, my saved format does not appear in the menu drop-down? Am hoping that I don't need to create the same format for each new sheet?

    You must save the spreadsheet containing the new date as a model format and use this custom template for each new spreadsheet where you want that this date format personalized at your disposal.

  • Why is there not an option to create a custom for a simple telephone touch label?

    Why is there not an option to create a custom for a simple telephone touch label? 9. new version of iOS.

    There are. What makes you think there isn't. When you click to add a phone number, click label, and then scroll down to Custom. Type away.

Maybe you are looking for

  • I lost all my favorites after upgrading to firefox 26.0 is there a way to recover them?

    I've upgraded to firefox 26.0 and could not find my profile and none of my favorites

  • Error code 670

    Hello In vain I tried at least a dozen times to get the update for Microsoft Silverlight (KB979202). (See below for more information) Any help is greatly appreciated! Thank you Deanna UPDATE INFORMATION: "Download size: 4.7 MB. Update type: Important

  • SPAM * appearing in the subject line of incoming emails

    The word * SPAM * appears in the row object of a lot of my incoming emails... and I know that they are not spam.  How can I fix this annoying problem?

  • Recovery BIOS; follow-up

    Hello to solve my problem with my h8-1020 for which I thought that the BIOS was dead, I bought a new motherboard and my machine is back now. I installed the new motherboard and all internal components, including the Hitachi hdd for which I was gettin

  • Dev Alpha B - stuck with wifi configuration

    I don't know if this is the right forum to do this, so if not, apologies in advance. I got my Alpha B, which I think will be helpful because I have apps to fix, and it will be nice to see on a real device instead of the Simulator. Everything was good