Custom authentication scheme, problem with LOGOUT_URL

Hi all
I use a custom database of authentication scheme in a 4.1 application. I have a problem when I logout, I use jQuery mobile because it is a tablet based application, and the navigation bar entry "Logout" is rendered using the following: -.

a href = "& LOGOUT_URL." data-icon = "Logout" class = "interface user-btn-right" > logout ' "

The application appears disconnected OK, I turned around to my 101 login page, but when I try to reconnect the page refreshes just, if I try again to connect, I'm connected to OK (so basically users will have to try twice to reconnect after disconnection, while the connection when the application is started first works OK).

When I logout and I return on page 101, the URL is: -.

< my host > /pls/apex/apex_authentication.logout?p_app_id=1000 & p_session_id = 882879595907101

After the first attempt to connect to the URL is (so the session ID has been updated);

< my host > / pls/apex/f? p = 1000:LOGIN:1610821365546101

Any ideas what I'm missing here?

Thank you

Mike

Published by: Mike, UK 21 June 2012 08:36

Hi Mike,.

I replied the same day. In case you have not received my mail, I'll paste it below:

What I've discovered, is that submit it on the login page seems to use the old session id:

  1. User enters http://mike/pls/apex/f?p=1150:1
     -> Apex creates a new session and redirects to
        f?p=1150:LOGIN:168921246845801
  2. User enters credentials and presses Login
     -> wwv_flow.accept with p_instance=168921246845801
     -> Apex authenticates user and redirects to page 1
        f?p=1150:1:168921246845801:::::
  3. User clicks Logout
     -> apex_authentication.logout?p_app_id=1150&p_session_id=168921246845801
     -> Apex removes session
     -> Apex redirects to home page f?p=1150:1
     -> Apex creates new session and redirects to login
        f?p=1150:LOGIN:1175456815657401
  4. User enters credentials and presses Login
     -> wwv_flow.accept with p_instance=168921246845801 -- WRONG SESSION ID!
     -> Apex sees that the session id and the session cookie value do
        not match
     -> Apex creates a new session and redirects to login
        f?p=1150:LOGIN:652507970485801

My solution to this problem was to change the page to page 1 model to
have one

data-ajax = "false".

attribute on the logout url. This seems to have done the trick, but I'm
a backend guy and certainly not an expert in the user interface. See

http://jquerymobile.com/test/docs/pages/page-links.html

for help online JQM.

See you soon,.
Christian

Tags: Database

Similar Questions

  • Apex 4.1 - Websheets with the custom authentication scheme

    Apex v4.1 (as seen on the hosted apex.oracle.com) - Websheets do not always seem to work with a custom authentication scheme. Database applications work very well with a function of sentry page, but when the same page sentry function is used for a websheet, running, it gives an error the requested page was not found

    One of the Apex team can consult? Thank you

    Hi Vikas,

    Websheet Sentinels have slight differences of sentinels of the application.
    I created a sentinel websheet for you which should operate (see below).

    Christian

    create or replace function sample_page_sentry return boolean
is
    l_username   varchar2(512);
    l_session_id number;
    l_ws_app_id  number;
begin
    -- check to ensure that we are running as the correct database user.
    if user != 'APEX_PUBLIC_USER' then
        return false;
    end if;
    -- get sessionid in cookie
    l_session_id := wwv_flow_custom_auth_std.get_session_id_from_cookie;
    if wwv_flow_custom_auth_std.is_session_valid then
        -- the session still exists. we configure the APEX engine to use
        -- this session id and the session's username.
        --
        -- NOTE: it is more secure to also check if this is the session id from
        --       the URL!
        --
        apex_application.g_instance := l_session_id;
        l_username                  := wwv_flow_custom_auth_std.get_username;
        if nvl(l_username,'nobody') != 'nobody' then
            wwv_flow_custom_auth.define_user_session(
                p_user       => l_username,
                p_session_id => l_session_id);
            return true;
        end if;
    else
        -- session can not be reused, create a new one
        l_session_id := apex_custom_auth.get_next_session_id;
    end if;                                                                                 

    -- the current session is unauthenticated. we have to determine the user
    -- and log in.                                                                          

    -- get the username from somewhere, e.g. a cgi variable. it is hard-coded
    -- here for simplification.
    l_username := 'VANJ';
    -- configure the engine to use this username and session.
    apex_custom_auth.define_user_session(
         p_user       => l_username,
         p_session_id => l_session_id );
    -- build a deep link to the websheet start page
    l_ws_app_id  := apex_util.get_session_state ('WS_APP_ID');
    wwv_flow_custom_auth.remember_deep_link (
         p_url=>'ws?p='||l_ws_app_id||'::'||l_session_id );
    -- register the session in apex sessions table, set cookie, redirect back.
    apex_authentication.login(
         p_username => l_username,
         p_password => null );
    return true;
end sample_page_sentry;
/

    Published by: Christian Neumueller November 15, 2011 07:07 (a wiki format error corrected)

  • Need help-&gt; custom authentication scheme

    Hey,.

    I am working on a custom authentication scheme.

    First, I create a test table:
    CREATE TABLE TBL_USER
  (
    USR_EMAIL VARCHAR2(40 BYTE) NOT NULL ENABLE,
    USR_ID    NUMBER NOT NULL ENABLE,
    USR_PW    VARCHAR2(255 BYTE) NOT NULL ENABLE,
    USR_ROLLE VARCHAR2(20 BYTE),
CONSTRAINT "TBL_USER_PK" PRIMARY KEY ("USR_ID")
);
    Then a function to hash the email and pw: 
    create or replace
function app_hash_test (p_email in varchar2, p_passwort in varchar2)
return varchar2
is
  l_passwort varchar2(4000);
  l_salt varchar2(4000) := 'DFS2J3DF4S5HG666IO7S8DJGSDF8JH';
                            
begin
  l_passwort := utl_raw.cast_to_raw(dbms_obfuscation_toolkit.md5
  (input_string => p_passwort || substr(l_salt,10,13) || p_email ||
    substr(l_salt, 4,10)));
  return l_passwort;
end;
    Then, a function of authentication: 
    create or replace
function app_auth_test (p_email in VARCHAR2, p_passwort in VARCHAR2)
return number
is
  l_passwort varchar2(4000);
  l_stored_passwort varchar2(4000);
  l_expires_on date;
  l_count number;
begin
  select count(*) 
    into l_count 
    from tbl_user 
   where upper(usr_email) = upper(p_email);

  if l_count > 0 
  then
    select usr_pw 
      into l_stored_passwort
      from tbl_user 
      where upper(usr_email) = upper(p_email);

    l_passwort := app_hash_test(p_email, p_passwort);

    if l_passwort = l_stored_passwort 
    then
      return 1;
    else
      return 0;
    end if;
  else
    return 0;
  end if;
end;
    After this, I create a form on the table tbl_user to insert the users by e-mail, password and rol (drop-down).

    On this Page (3), I create a new process to generate the hash value.
    begin
:P3_usr_email := upper(:P3_usr_email);
:P3_usr_pw := app_hash_test(:P3_usr_email,:P3_usr_pw);
:P3_usr_email := lower(:P3_usr_email);
end;
    After completing my page reg., I insert some users to test it later.

    The next step was to create a new authentication scheme in the shared components.
    Share components
    1. create
    2 starting at zero
    3. name-> TBL_USER
    4 JUMP
    5 JUMP
    6. the Page of this Application-> Page 1
    7 JUMP
    8 use my custom function to authenticate. -> return app_auth_test
    9 JUMP
    10 JUMP
    11 LOGOUT URL-> wwv_flow_custom_auth_std.logout? p_this_flow = APP_ID. & amp; p_next_flow_page_sess = & APP_ID.:1
    12. create schema

    My next step is to set the new regime as current-> current change

    I'm trying to open a session to my existing page with an e-mail and password in the tbl_user table.

    But all I got, is an error message:

    ORA-06550: line 2, column 8: PLS-00306: wrong Anzahl oder Typen von illuminated by von call 'APP_AUTH_TEST' ORA-06550: 2 line, column 1: PL/SQL: statement ignored

    ERR Fehler - 10460 implement von Funktion zum Prufen der Authentifizierungs-ID-Daten nicht possible.

    Translattion:
    Wrong number or type of argument in the call to 'APP_AUTH_TEST' ORA-06550: 2 line, column 1: PL/SQL: statement ignored

    Error ERR-10460 perform the function of evidence authentication-ID data - is not possible.

    I have check the operation, but it seems ok!
    does anyone know, what I forgot? Perhaps some parameters in the Login Page?

    NEDO

    Edited by: Mr.Nedo the 12.04.2011 07:55

    Your authentication (app_auth_test) matching mist signature exactly as shown in the window help or documentation.

    function app_auth_test (p_email in VARCHAR2, p_passwort in VARCHAR2) RETURN NUMBER

    differs from the documentation

    (p_username in varchar2, p_password in varchar2) return a Boolean value

    Change function app_auth_test so that it matches with the signature expected (return type and the parameter names and types) or write a wrapper for him with this signature and use that work more like authentication.

  • Custom authentication scheme

    Dear community,

    I tried to create a custom authentication scheme based on a tutorial. But seemed to fail since the tutorial works on version 4.0 and I'm working on 4.1.

    Step 1. create table user_repository)
    username varchar2 (8).
    VARCHAR2 (8) password,.
    primary key (username)
    );

    Step 2 insert into user_repository values ('John', '1234');

    Step 3.

    create or replace package pkg_auth as
    function authenticate (p_username in varchar2,
    p_password in varchar2) return Boolean;
    end;

    create or replace package body pkg_auth as
    function authenticate (p_username in varchar2,
    p_password in varchar2) return Boolean is
    v_result integer: = 0;
    Start
    Select 1
    in v_result
    of user_repository
    where username = lower (p_username)
    and password = p_password;
    Return (v_result = 1);
    exception
    When no_data_found then
    Returns false;
    end to authenticate;
    end;

    Step 4. They want to create an authentication scheme from scratch, which does not exist in 4.1 (so it fails pretty well by already). I created a (based on some configs by default) normal authentication scheme.

    Step 5 They want to fill me this service "customized to authenticate": return pkg_auth.authenticate;
    Unfortunenately this functionality is not there either.


    Theyre talking passhashing, who used to work since I don't even get the normal authentication scheme to work.
    If someone could help me to create a custom authentication scheme based on the table in * 4.1, that wouldve was awesome.

    Authentication and authorization have been cleaned up to 4.1

    Create a schema of authentication "based on a pre-configured gallery system", and then select the type of theme of "custom".
    You can place your pl/sql code in the source field, or keep it in your database.
    Set your pkg_auth.authenticate in the field "name of the function of authentication.

    Final note - you should not really store plaintext passwords - I hope that this example of coding has been for the demo only. Check the past of examples that use the custom_hash function, for example.

    Scott

  • external authentication scheme forms with OAM 11 GR 2

    Hello

    I set up my own login page for the basic form authentication scheme.

    I mentioned below fields in the authentication scheme:

    --------------------------------------------------------------------------------------------------------------------------------

    Challenge the method: form

    Redirect challenge URL: / oam/Server

    Challenge URL: http://loginpage_host:loginpage_port/app_pages/login.jsp

    Context type: external

    --------------------------------------------------------------------------------------------------------------------------------

    My jsp Page Login:

    --------------------------------------------------------------------------------------------------------------------------------

    < div id = "CPP" >
    < % @ page contentType = text/html"; charset = iso-8859-1 "language ="java"% >"
    < %
    String error = request.getParameter ("error");
    If (error == null | error == "null") {}
    error =' ';
    }
    String paramName = "request_id";
    String reqId = request.getParameter (paramName);
    % >
    < html >
    < head >
    < title > user login JSP < /title >
    < / head >
    < body >
    External Login screen < p > < /p >
    < p >
    < /p >
    < div > < % = error % > < / div >
    " < name of the form ="frmLogin' action = ' http://oam_host:oam_port / oam/Server/auth_cred_submit "method ="post"> "
    < p >
    User name < input type = "text" name = "user name" / >
    Password < input type = "password" name = "password" / >
    < input name = "request_id" value = "< % = reqId % >" type = "hidden" > "
    < /p >
    < p >
    < input type = "submit" name = "sSubmit" value = "Submit" / >
    < /p >
    < / make >
    < / body >
    < / html >
    < / div >

    It worked fine before.

    But today all of a sudden when I accessed the page, he started giving me the error:

    oam_server4-diagnostic-21.log:[2013-09-12T03:50:08.921-06:00] [oam_server4] [WARNING] [OAM-02074] [oracle.oam.controller] [tid: [ASSETS].] [ExecuteThread: '0' for the queue: "(self-adjusting) weblogic.kernel.Default"] [username: < anonymous >] [ecid: c72ab7e1931dad2b:-66f2a9eb:141117ad9a7:-8000-000000000000005e, 0] [APP: oam_server #11.1.2.0.0] error checking if the null of the resource is protected or not.

    And when I access the protected page, it shows the page of connection correctly but when I submit the credentials, the URL is blocked at http://oam_host:oam_port / oam/Server/auth_cred_submit and displays the error message on the page.

    Pointers?

    Thank you

    Hi idmuser,

    If you are running multiple OAM managed servers (and you have a called oam_server4) then it could be that the authentication flow is allocated on the managed servers, and query information are not kept. Please see Doc ID 1281026.1 for a discussion on the cache of the server request type connection setting and custom forms. If this is the cause of the problems you see, you should probably use "FORM" for the type of cache. If this is not the case, this isn't the cause of the problem, perhaps a trace of the HTTP header will give some advice.

    Kind regards

    Colin

  • Error after implementing the custom authentication scheme

    I have reproduced this time a workspace (GOGGINSCRATCH to apex.oracle.com) running 4.2.1.00.08 and a workspace 4.1.1.00.23 running

    Error: ORA-06550: line 4, column 23: PLS-00306: wrong number or types of arguments in the call to "AUTHENTICATOR" ORA-06550: line 4, column 1: PL/SQL: statement ignored

    PL/SQL in my workspace

    create or replace PACKAGE REPORTINGAUT AS

    function authenticator (user_name in VARCHAR2, pwd in VARCHAR2)
    return a Boolean value;

    END REPORTINGAUT;

    create or replace PACKAGE BODY REPORTINGAUT AS

    function authenticator (user_name in VARCHAR2, pwd in VARCHAR2)
    return a Boolean value AS
    BEGIN
    / * Implementation of necessary TODO * /.
    RETURN TRUE;
    END authenticator;

    END REPORTINGAUT;

    ------------------------------------
    APEX Builder Application steps
    (1) the shared components
    (2) the authentication schemes
    (3) create
    4.a) based on a system preconfigured Gallery
    4.b) name fred
    4.c) Type == custom
    Name of the function of authentication 4.d) = ReportingAut.authenticator
    4.e) activate the legacy of authentication attributes == Yes + (I've tried it both ways).

    So... this plan is underway, but when I try to connect, I get the above error... Driving me crazy... Thanks for any help...

    The parameter name is important. This should work:

    CREATE OR REPLACE PACKAGE reportingaut
AS
   FUNCTION authenticator (p_username IN VARCHAR2, p_password IN VARCHAR2)
      RETURN BOOLEAN;
END reportingaut;

CREATE OR REPLACE PACKAGE BODY reportingaut
AS
   FUNCTION authenticator (p_username IN VARCHAR2, p_password IN VARCHAR2)
      RETURN BOOLEAN
   AS
   BEGIN
      RETURN TRUE;
   END authenticator;
END reportingaut;

    Denes Kubicek
    -------------------------------------------------------------------
    http://deneskubicek.blogspot.com/
    http://www.Apress.com/9781430235125
    http://Apex.Oracle.com/pls/Apex/f?p=31517:1
    http://www.Amazon.de/Oracle-Apex-XE-Praxis/DP/3826655494
    -------------------------------------------------------------------

  • Custom bitmap focus problem with toolbar

    Hi all

    I'm new development of BB.

    I have screen with the title bar and after a toolbar customized

    The custom toolbar contains 3 bitmaps in the side chain and the left text right.

    Logo 'text'---> title bar

    Image1 image2, image3 "screenName"---> toolbar custom

    ListField

    Three images are created using the bitmap.

    I get the focus on the full range.

    But I want to focus on the first image, image1 when the application runs.

    If the user navigates the screen using the keyboard, change of focus to the next image, which is image2 and so on.

    How can I do that.

    I use the Blackberry API 4.2.1

    My current code for the toolbar is like that

    package com.pebbletalk.blackberry.ui;

import com.pebbletalk.blackberry.defines.PTDefines;
import com.pebbletalk.blackberry.utils.CustomFont;

import net.rim.device.api.system.Bitmap;
import net.rim.device.api.system.Display;
import net.rim.device.api.ui.DrawStyle;
import net.rim.device.api.ui.Field;
import net.rim.device.api.ui.Font;
import net.rim.device.api.ui.Graphics;
import net.rim.device.api.ui.component.BitmapField;

public class ToolBar extends Field implements DrawStyle
{
    private int fieldWidth;
    private int fieldHeight;
    private int backgroundColor;
    private String toolBarName = "";

    private Bitmap homeIcon = Bitmap.getBitmapResource("go-home-1_16x16.png");
    private Bitmap searchIcon = Bitmap.getBitmapResource("search-1_16x16.png");
    private Bitmap refreshIcon = Bitmap.getBitmapResource("reload-1_16x16.png");

    public ToolBar(String toolbarName)
    {
        super(Field.FOCUSABLE);
        fieldHeight = Display.getHeight()/10;
        fieldWidth = Display.getWidth();

        // Setting background color to white
        backgroundColor = Color.BLACK;

        toolBarName = toolbarName;

    }

    public Bitmap getHomeIcon() {
        return homeIcon;
    }

    public int getPreferredHeight()
    {
        return fieldHeight;
    }

    public int getPreferredWidth()
    {
        return fieldWidth;
    }

    protected void layout(int arg0, int arg1)
    {
        setExtent(getPreferredWidth(), getPreferredHeight());
    }

    protected void paint(Graphics graphics)
    {
        int height = this.getPreferredHeight();
        int width = this.getPreferredWidth();

        int left = this.getLeft();
        int top = this.getTop();

        graphics.setColor(backgroundColor);
        graphics.fillRect(0, 0, width, height);

        //graphics.drawBitmap(left, top, width, height, homeIcon, 0, 0);
        graphics.drawBitmap(left, 5, width, height, homeIcon, 0, 0);
        //int currentX = graphics.getTranslateX();
        //int currentY = graphics.getTranslateY();
        int homeIconWidth = homeIcon.getWidth() + 5;
        graphics.drawBitmap(homeIconWidth, 5, width, height, searchIcon, 0, 0);
        int searchIconWidth = homeIconWidth + searchIcon.getWidth() + 5;
        graphics.drawBitmap(searchIconWidth, 5, width, height, refreshIcon, 0, 0);
        int refreshIconWidth = searchIconWidth + refreshIcon.getWidth() + 5;

        CustomFont titleFont = new CustomFont(Defines.TOOLBAR_DASHBOARD_TITLE_FONT_FACE, Defines.TOOLBAR_DASHBOARD_TITLE_FONT_SIZE, Defines.TOOLBAR_DASHBOARD_TITLE_FONT_STYLE);
        graphics.setFont(titleFont.changeFont());

        Font currentFont = graphics.getFont();
        int textLength = currentFont.getAdvance(toolBarName, 0, toolBarName.length());
        textLength += 5;
        System.out.println("width : "+ width);
        System.out.println("refreshIconWidth : "+ refreshIconWidth);
        System.out.println("textLength : "+ textLength);
        int remainingWidth = width - refreshIconWidth;
        System.out.println("remainingWidth : "+ remainingWidth);
        int startPosition = remainingWidth - textLength;
        System.out.println("startPosition : "+ startPosition);
        int newX = refreshIconWidth + startPosition;
        System.out.println("newX : "+ newX);
        //int xPosition = width - refreshIconWidth;
        //System.out.println("tool x : "+ xPosition);

        graphics.setColor(PTDefines.TOOLBAR_DASHBOARD_TITLE_COLOR);
        graphics.drawText(toolBarName, newX, 5, (DrawStyle.RIGHT | DrawStyle.LEADING) );
    }
}

    and my toolbarScreen code is

    MainScreen mainScreen = new MainScreen(Screen.NO_VERTICAL_SCROLL);

        //MainScreen mainScreen = new MainScreen();

        // add custom title bar
        mainScreen.add(titleBar);

        VerticalFieldManager verticalFieldManager = new VerticalFieldManager(Manager.VERTICAL_SCROLL | Manager.VERTICAL_SCROLLBAR)
        {
            public void paint(Graphics graphics)
            {
                graphics.setBackgroundColor(Color.WHITE);
                graphics.clear();
                super.paint(graphics);
            }
            protected void sublayout(int maxWidth, int maxHeight)
            {
                int displayWidth = Display.getWidth();
                int displayHeight = Display.getHeight() - titleBarHeight;
                super.sublayout(displayWidth, displayHeight);
                setExtent(displayWidth, displayHeight);

            }
        };

        //now add everything in the verticalManager

        // add custom toolbar
        mainScreen.add(toolBar);
        mainScreen.add(new SeparatorField());

    Please help me to solve my problem.

    Remember that the BlackBerry smartphone focuses on a field, not a picture.  Your toolbar is only a field, so one thing to focus on which is the Blackberry's.

    You have two choices:

    (a) change your toolbar to be a Manager and have several fields that it contains.  You can make a HorizontalFieldManager and assuming that the other things are set correctly (in particular the width of the fields that you add) this will do what you want.

    (b) substitute events in development movement in your toolbar to make it appear focus is moved.

    I think the second option is more difficult, especially when you start to take the touch screen into consideration.  However, with the second option, you get a much easier control over the look of your toolbar.  But I'd go with the first one, as I think it is easier for new programmers.  Initially, I wouldn't get to hung up on the appearance of the toolbar, get it works the way you want and then try to get it looking right.

  • Custom report model - problem with summary

    Hello

    I've created a report with the custom template.  Everything seems okay except that the 'Sum' section (marked in red below) containing the header entries.  I think, I might have placed the scripts in the wrong places bu tnot able to understand.  What I expect is, the total value of the 9,920.00 show with label - "Total: '."

    img 1.png

    Only under sections are filled in the template, the rest is blank.

    Line 1 a - model

    <tbody>
<tr> <th>Receipt No.: <td id="rpt_no" colspan="2">#RECEIPT_NO# <th id="rpt_dt">Receipt Date: <td>#RECEIPT_DATE#
<tr> <th>Description: <td colspan="4">#DESCRIPTION# </br> #CHQ_DD#
<tr> <th id="tab_head">A/c.CODE <th id="tab_head" colspan="3">HEAD OF ACCOUNT <th id="tab_head_amt">AMOUNT
<tr> <td>#ACCOUNT_CODE# <td colspan="3">#ACCOUNT_NAME# </br> #INSTALMENT# </br> #PARTICULARS# <td class="num">#AMOUNT#

    Line 2 - model

    <tr> <td>#ACCOUNT_CODE# <td colspan="3">#ACCOUNT_NAME# </br> #INSTALMENT# </br> #PARTICULARS# <td class="num">#AMOUNT#

    Front lines-

    <div class="report-1" #REPORT_ATTRIBUTES# id="report_#REGION_STATIC_ID#">
<table>
<tr>  <th id="comp-name" colspan="5">&G_COMPANY_NAME.
<tr>  <th id="comp-adr" colspan="5">&G_COMPANY_ADDRESS.
<tr>  <th id="comp-adr" colspan="5">&G_COMPANY_PHONE.  &G_COMPANY_EMAIL.

    After the lines-

    <tbody class="uReportPagination">
      #PAGINATION#
  </table>
  <div class="CSV">#EXTERNAL_LINK##CSV_LINK#</div>
</div>

    Please let me know how to solve my problem.

    Thank you and best regards,

    -Anand

    anand_gp wrote:

    And Yes, it is built in formatting of column sum-

    Who does not work with a named column template customized. You must calculate the sum in the report query and place the result in the report by using another conditional model.

    See the sample application I've created in your workspace apex.oracle.com.

  • Authentication scheme adding custom plans available

    Hello
    I have my custom authentication scheme LDAP now works with an application, but is it possible to add this game to the list of available authentication schemes? When I build a new application I have begin with authentication of the Apex, then when you are ready to publish the application to users to change the authentication scheme. But as the plans available only appearing when I go to the components shared-> authentication schemes are default ones, I end up having to recreate my custom authentication scheme. Is it possible to have my custom scheme appears in the list of available custom schemas? I know that I can copy from an existing application too, but it's a gene also.

    Thank you
    Pat

    I don't think that there is a way to do this currently. Copying from one other application is not a problem for me. Other than that sound you like you would be to produce new applications on a belt conveyor :) In this case, I would create a kind of application of model with a minimum of a preset used in all of your applications - including the authentication scheme. If already seen your authentication custom y at - it a particular reason to use built in authentication for your applications?

    Denes Kubicek
    ------------------------------------------------------------------------------
    http://deneskubicek.blogspot.com/
    http://www.Opal-consulting.de/training
    http://Apex.Oracle.com/pls/OTN/f?p=31517:1
    ------------------------------------------------------------------------------

  • Custom authentication fails with PLS-00306: wrong number or types of argume

    Hello

    I wrote a custom authentication scheme. I have a function that returns a BOOLEAN. Now, when I tried to test it, he throwed the following error.

    < pre >
    ORA-06550: line 2, column 8: PLS-00306: wrong number or types of arguments in the call to 'AUTH_ON_MY_USERS' ORA-06550: line 2, column 1: PL/SQL: statement ignored
    ERR-10460 error cannot perform the function of verification of the authentication credentials.
    Ok
    < / pre >

    The function is
    < pre >
    create or replace function auth_on_my_users (p_username_in in varchar2
    p_password_in in varchar2)
    return a Boolean value
    is
    Start
    Returns true;
    end;
    < / pre >

    I have an Oracle 10 g XE on windows. Apex 3.2.1. When I tried the same thing in apex.oracle.com, it worked. Is there something to do with XE and 3.2.1?

    Any idea? Thanks in advance.

    Concerning
    Guru

    Published by: guru Perrin on November 23, 2009 19:44 - Typo

    Hello

    Try

    create or replace function auth_on_my_users( p_username in varchar2, p_password in varchar2)
return boolean is
begin
 return true;
end;

    The engine requires Express provides this function to have the signature (p_username in varchar2, p_password in varchar2) return a Boolean value.
    >

    BR, Jari

  • Change password with a custom authentication

    Hello

    I use a custom authentication scheme, which is a combination of authentication, ldap and apex. I created a function that checks in a user table to see if authentication_type is 'LDAP' or ' APEX. Depending on the type, be it authenticate against ldap or apex. It works very well. No problem.

    I also created a page for the password change functionality. This page has "new password" and "Confirm password" fields and a "submit" button. He also ' send' process that calls apex_util. CHANGE_CURRENT_USER_PW(:P43_NEWPASSWORD); to change the password for users of the apex.

    To change the password, the page gives the message that the password was changed successfully, but it actually doesn't change anything. I don't understand why?

    Help, please.

    Thnx
    Milan

    The user name is stored in uppercase in the user account. So what you could do is:

    declare l_user varchar2 (30);
    Start
    l_user: = v ('APP_USER');
    apex_application. G_user: = upper (l_user);
    apex_util. CHANGE_CURRENT_USER_PW(:P43_NEWPASSWORD);
    apex_application. G_user: = l_user;
    end

    Scott

  • Problem with LOGIN_THROTTLE. COUNTER on the login page

    Hello!

    I have the page of connection (desktop, theme 25) which has been slightly modified by me. I use custom_auth on table mine of users.

    Seems I now work "strange."

    Problem seems to be LOGIN_THROTTLE. METER that shows popup but is not low count (it's freezes with numbers to started number).
    As a result, I can't connect even when the correct credentials.

    By comparing your login to app demo and mine the login page, I saw that in my login page is missing the bunch of js:
    function popupSessionInfo(){var w = open("f?p=4000:34:4600637698482:PAGE:NO:34:F4000_P34_SESSION,F4000_P34_FLOW,F4000_P34_PAGE,FB_FLOW_ID:800543776008,21299,101,21299","winLov","Scrollbars=1,resizable=1,width=700,height=450");if (w.opener == null){w.opener = self;}w.focus();}
function popupViewDebug(){var w = open("f?p=4000:19:4600637698482:::RIR,19:IR_APPLICATION_ID,IR_PAGE_ID:21299,101","winLov","Scrollbars=1,resizable=1,width=700,height=450");if (w.opener == null){w.opener = self;}w.focus();}
apex.jQuery( document ).ready( function() {
...
    until the part that begins with:
     
Apex.jQuery( document ).ready( function() {
    that is the same. Part missing is obviously part for gas meter.

    I tried all the browser and they are all the same as a result.

    I study more and discovered that mine, State of Session-> page Protection, for login page shows it's 'Dynamic form' not connect type. I'm sure that I edited the origin and after login page found this recreation (remove old and create the new login page) that somehow seems not to be the login page.
    I'm quite confused because before that this one was't of thing happened because before the introduction of "gas" I had no such a mistake... or I wasn't awre of them.
    :-)

    Any help or suggestion?

    Damir Vadas
    http://Damir-vadas.blogspot.com
    Apex 4.2.1.00.08
    Oracle 11.2.0.3 x 64
    Apex listener 2.0.0.354.17.05

    So, you changed the page of connection somehow, perhaps recreate - and now things go wrong?

    Firstly - if you want to authenticate on your own table, it is much easier to leave the single login page and use a custom authentication scheme.

    Second - if you want the user to land on their own page, I find personally much easier to define a branch that manages that decision-making - perhaps something ruled separately during after authentication.

    Scott

  • Problem with the migration of the user to a workspace to the other to pass

    Hi Experts,

    I have a problem:
    (1) I exported the users of the DEV instance using the export_users procedure.
    (2) if I import the user to another instance, the user is created but the password does not match...
    The environments are the same versions of the DB and APEX.

    I need the password to be the same on both instances without inviting users.

    Is there a problem with it? Or a hash problem?

    Example:
    wwv_flow_fnd_user_api.create_fnd_user (
  p_user_id      => '123456789',
  p_user_name    => 'XXX',
  p_first_name   => 'XXX',
  p_last_name    => 'XXX',
  p_description  => '',
  p_email_address=> '[email protected]',
  p_web_password => '3307E4D6A8F8AE7503D0DCC1EA338A31',
  p_web_password_format => 'HEX_ENCODED_DIGEST_V2',
  p_group_ids    => '',
  p_developer_privs=> '',
  p_default_schema=> 'XXXX',
  p_account_locked=> 'N',
  p_account_expiry=> to_date('201210221106','YYYYMMDDHH24MI'),
  p_failed_access_attempts=> 0,
  p_change_password_on_first_use=> 'N',
  p_first_password_use_occurred=> 'N',
  p_allow_app_building_yn=> 'N',
  p_allow_sql_workshop_yn=> 'N',
  p_allow_websheet_dev_yn=> 'N',
  p_allow_team_development_yn=> 'N',
  p_allow_access_to_schemas => '');
    Data sheet: DB 11 g, APEX 4.1

    Kind regards.
    J :D

    Hi Jozef,

    I understand your dilemma, if it's any help, but I can't tell you how Apex crypt passwords, which would be a security problem.

    There is always the possibility to reset the passwords to the new random values and send the new password to the users.

    If these are end users and you need to keep 2 or more spaces to work in sync, maybe you should switch to a custom authentication scheme where you have more control. I just posted an example of an authentication plugin function in another thread:

    Re: Display of custom on the Login Page Messages

    Kind regards
    Christian

  • Custom authentication tokens

    "Adobe Flash Access Overview on protected streaming" white paper States the following:

    Flash Access supports the business logic of the licensing stage decoupling based on the chips in use with Flash Media Server deployments. For example, when users visit a web portal for rental or to subscribe to the content, they may need to authenticate by providing a user ID and password to confirm their registration. They might also need a financial transaction. The web portal enters the results of these operations in an authentication token that is sent to the client application. The customer can then include the token in the licence application. The license server checks the authenticity of the token before issuance of the licence. Check token is stateless and was completed independently by each server without reference to a database or another shared state. Token is based on a secret or public key shared infrastructure (PKI).

    This raises the following questions:

    • How the web portal must generate the token?  This is a serialized AuthenicationToken or some other binary token?
    • If it's an AuthenicationToken, then how the web portal must generate a token such as this feature is part of the license server?
    • How the chips are based on a shared secret or PKI? What is incorporated into the class AuthenticationToken ?

    As I read, the paragraph refers to the regime "of custom authentication", not the authentication scheme name of user/password supported and as such, it is not to use serialized Flash Access AuthenticationTokens.  What is meant by "custom authentication" is quite honestly, not very clear in the documentation. I believe that the following scenerios should work, if I would be interested in your comments from anyone:

    In the first scenario, the "portal" should generate a custom binary token and pass this token to the client flash in response. How the token is passed is an exercise left to the reader. It could be loaded via a cookie, JavaScript or ActionScript. It doesn't really matter. Nevertheless, the token is eventually read by the Flash client and applied using the DRMManager.setAuthenticationToken (...) method. The license server must then retrieve the token by using RequestMessageBase.getRawAuthenticationToken (...).  In this case, the token format is completely defined by the developer or provider. The flash never access client issues a query for the authentication License Server Manager (/flashaccess/authentication/v1 / *).

    A second case, which I am not sure would work, would be the flash client requests a token for authorization as usual, using DRMManager.authenticate (...), but the license server authentication requests handler returns a token custom instead of a serialized AuthenticationToken. The workflow would then proceed as described in the first case.

    A third case, the Flash client is able to authenticate with the name of user and password standard schema, but the license server may ignore the username/password real name (data can be same passwords and usernames dummy). The license server would generate an AuthenticationToken, but would benefit from ApplicationProperies to store its information "custom token. The token would be then sent back to the customer and in turn transmitted to the same license server. The license server then inspect AuthenticationToken.getCustomProperties to determine the appropriate course of action.

    No matter what scenario is used, I have a few concerns with custom authentication tokens:

    First of all, this forum has several questions about custom authentication tokens. The documentation is not clear on what is intended and how exactly these tokens must be produced, transferred and consumed. It would be very useful for Adobe to provide an example with its reference implementation code.

    Second, as developers of server Flash Access License remain to design their own authentication scheme customized, there is a real concern that the invented approach can be precarious, allowing re-use of authentication tokens. A published set of best practices would help to ensure custom tokens are generated in a way that does not leak the information, allow attacks by replay or session hijacking.

    Finally, there seems to be some confusion about the use of tokens for authentication and authorization. The reference implementation clearly only use them for authentication, as the RefImplLicenseReqHandler makes additional checks the database for the authenticated user is allowed (subscriber) to access the content.  However, the paragraph quoted above suggests using these tokens for authentication and authorization. At least, that's what I understand by the notion that "audit token is stateless and was completed independently by each server without referring to a database or other shared state. I don't see how that's possible, unless the token contains authentication and authorization information. I'm wrong?

    I appreciate the thoughts of someone else on the custom authentication tokens. Thank you.

    -Aaron J

    The workflow for "custom authentication" is exactly what you described in your first scenario.  Namely, the client application gets a token through certain channels and calls DRMManager.setAuthenticationToken (...) to provide the token. When the client requests a license from the license server, this token is included in the request. The server application calls RequestMessageBase.getRawAuthenticationToken (...) for the access token and perform any validation is required for this type of token before issuing the permit. With a custom authentication, the SDK AuthenticationToken class is not used - this class is only used to represent the authentication tokens issued by using the name of user and password Flash Access authentication scheme.  A custom authentication token can be binary data - the Flash Access SDK is not involved in the generation or to consume these chips - it's your server implementation to manage the following steps.

    The motivation behind the 'custom authentication' scheme is not to force content providers to invent a new way to authenticate users, but to allow you to take advantage of all infrastructure you already have in place.  For example, if you are already running the SAML tokens to authenticated users, you can continue to do so, and you would just plug the SAML validation code in your license server. As a general rule, an authentication token is signed to prevent tampering. It would be possible to generate a signature using a symmetric key or with a private key. Then, checking on the server would involve checking the signature, either by using the same shared symmetric key or with the public key corresponding to the private key. (This is what is meant by 'token is based on a secret or public key shared infrastructure (PKI) ")

    Although the API reference to "authentication tokens", it would also be possible to take advantage of this authorization mechanism. For example, if you have a web portal to access the information on which a user is allowed to access the content, the Portal could issue an authorization token that says that the user X is allowed to play the content Y and Z. When the license server receives this token in a license application for content, simply, check the token is still valid and that the token States it is allowed to grant access to the content Y. This workflow, the license server doesn't have access to the database that contains authorization information, making it easier to deploy the server in a highly scalable way.

    Is this address your questions and concerns?

  • 4.0.1 custom authentication

    Hello

    I am trying to create a custom authentication scheme based on my own auth function.
    The function already exists and works very well in APEX 3.2.1.

    4.0.1 it seems that the function is not called at all.

    If someone has recognized the same? Solved?

    Is it still 'return my_authfunction' in the schema definition?


    Thanks in advance.
    Carsten

    Hi Carsten,

    I was not able to know the workspace CPESPACE the connection and user PATRICK with the password [email protected]
    Can you reset again once, maybe someone else connected and changed the password.

    Concerning
    Patrick
    -----------
    My Blog: http://www.inside-oracle-apex.com
    APEX 4.0 Plug-Ins: http://apex.oracle.com/plugins
    Twitter: http://www.twitter.com/patrickwolf

Maybe you are looking for

  • 2 pre not giving his load of notification

    I just opted for a new pre 2 of my Pixi Plus old who died.   When my Pixi has been placed on the Touchstone charger, he would give a sound signal.  The new Pre 2 does not have a sound notification although it gives a visual indication that he is in c

  • Server 2008 R2 DataCenter keepts restart - HELP!

    Server keeps on restarting all the 1-2 hours, the event logs show consistent errors... "The process C:\Windows\system32\winlogon.exe (NAS03)" launched the computer restart NAS03 on behalf of the user RMS\camuser1 for the following reason: no title fo

  • "A" floppy drive internal on pavilion a6838f

    I installed a floppy drive internal on my pavilion a6838f. Floppy drive has worked UNTIL I installed all updates from update driver HP for my model on the HP site. Will not work little matter what I try! BIOS will not accept the diskette as installed

  • Links of Windows Messaging does not

    I'm using Windows Vista (SP2).  When I try to use a link in my email I get a message saying "Application not found".  I went into the control panel "set Associations". In the 'protocols', I found that the FTP, HTTP and HTTPS was "Unknown Application"

  • Can not find information about CSCtf98962 in Bug Toolkit

    Hi all We found the CSCtf98962 in the Release Notes for Cisco Unified CCX and Cisco Unified IP IVR 8.0 (2) SU1 in the section warnings resolved. However we have found no information on Bug Toolkit. It shows below when we tried to find CSCtf98962: Dea