IRM 11 g and weblogic custom authentication provider

Similar Questions

• Custom RoleMapping provider required or not

  I have all the roles stored in my database schema, user and pwd. I developed the authentication provider that is customized to authenticate the user. Now I am confused if I needed to develop my own rolemapping provider to retrieve the roles of database or there is already a that I can use. If I have to develop my own, weblogic provided samples for it or not? Kindly help me

  Hello

  In the custom authentication provider in the login()) method you add role entities to the subject. It is to you about how you get that information (from DB or something else). The security of ADF then maps all business roles (which are the authentication provider) for application roles, using jazn-"Data.xml".
  Application roles allows you to secure workflows and/or pages.
  You probably already know, but WLS comes with a few suppliers for DB (ReadOnlySQLAuthenticator) authentication, you can use it if it meets your needs.

  Pedja

• How to use my own LoginModule with an authentication provider in Weblogic

  Hello
  I wrote a Web Service within my application and I want to validate the name of user and password passed before calling the Web Service API.
  I wrote a LoginModule (that implements the javax.security.auth.spi.LoginModule).
  SV, it's very simple. I just need to choose 'Custom Security Provider' (for the deployed application) and set my own LoginModule implementation such as the JAAS login Module class.
  In the logic of the Web, it seems to be quite different.
  I understand that I must use an authentication provider (cannot use the right, a flaw?) first and map my LoginModule to it somehow.
  I'd appreciate if someone will let me know how doing this (and what must be configured through the Console of Administration Weblogic).
  Thanks in advance,
  Arik

  No, you don't have to implement UsernamePasswordLoginModule.

  Hope that answers.

• Urgent - Custom authentication and authorization for the application of the ADF

  Hi friends,
  
  Custom implementation for authentication and authorization for the application of the ADF
  
  My project to use the OID , authentication and authorization, we will need to support both OAM and DB tables ( according to the preferences of the client during the installation ).
  
  I am new to this and do not have a clue about the same.
  
  Please guide me how to set up both in JDeveloper 11 g + ADF
  
  Thanks in advance.

  The answers you got up to present every point in the right direction. ADF security see the authentication of WLS, even for business authorization with respect to user roles defined on the WLS server. During the deployment, ADF security defined application roles are mapped to the user enterprise groups

  Application developed using Jdeveloper ADF +.

  This would use WLS for authentication

  Users of authentication - LDAP (OID) - are stored in LDAP

  Use the OID authentication provider in WLS

  Authorization - OAM or database (authorization details are stored in the DB or OAM tables)

  You can't allow users without authentication. If you need create authentication providers additional if they exist for OAM and RDBMS (there is a supplier of existing RDBMA, that you can use to identify users and to assign membership user groups). Then, you set the optional flag so that when authentication fails for additional providers you can always start the application.

  When running Admin users - create users from roles to create and assign permission privileges to the role (for pages and workflows)
  assign (or remove) the roles to/to leave users.

  ADF security uses JAAS to permissions that you can change using Enterprise Manager when running. Permissions are granted to the application roles and application roles are granted to business roles that which then has users become members of the. If you want to change the status of user account, then you don't do this the ADF or EM, but use a direct access to the provider of the user (for example, access OID, RDBMS access etc.) There is no unified administration API available that would allow you to do this via WLS (which uses OPSS).

  If your question is in the context of the ADF, the documentation, with that you should follow is OPSS and WLS authentication providers.

  Frank

• Mix of custom authentication and database account

  We have a client-server application (let's call it app_1) with the database authentication account. To be able to connect to the new APEX (app_2), the user application must be if the user of app_1 (so having an account of DB) or app_2 user (authentication customized table of users with uid and password hash).
  
  Separately, I can implement each of these authentication schemes. However, I could not imagine how combine them (to include authentication account DB in my custom schema).
  
  Any idea?
  
  Igor

  Igor,

  I wrote on this subject some time ago... See if this helps:
  http://www.danielmcghan.us/2008/08/custom-authentication-via-DB.html

  Kind regards
  Dan

  http://danielmcghan.us
  http://sourceforge.NET/projects/tapigen

  You can reward this answer by marking as being useful or correct ;-)

• IRM 11 g and the credentials of the AD

  Hello
  
  I have configured an AD authentication provider in WebLogic in order to AD users can use IRM. But I would like to know if the credentials of the user to the AD are stored in Weblogic or users must authenticate to AD when using Oracle IRM.
  
  If this is the first case, how these credentials are stored? And where? I'm a little concerned about safety. I searched in the WebLogic documentation, but I have not seen this clear.
  
  Thanks in advance.

  Hello

  I am an engineer of MRI my information is therefore a small 2nd hand but as far as I know (and I did some checking so I'm pretty sure about that), the server never WebLogic retrieves passwords from the provider of the user. He can get other information such as username, email or even custom metadata but I understand that it does not store the password. The cache is used to store the user information after a successful authentication happened so that additional information can be used if necessary.

  At least, that is my understanding.

  Kind regards
  Frank.

• Custom security provider exception

  Good day, colleagues. I want to raise an old topic.

  I use custom security provider exceptions:

  -AccountExpiredException

  -AccountLockedException

  However, the login()) method captures only FailedLoginException

  Try

  {

  CallbackHandler pwcall = new weblogic.security.URLCallbackHandler (user, pass.getBytes("UTF-8"));

  subject = weblogic.security.services.Authentication.login (pwcall);

  weblogic.servlet.security.ServletAuthentication.runAs (object, request);

  }

  catch (javax.security.auth.login.LoginException e) { }

  e.printStackTrace ();

  }

  javax.security.auth.login.FailedLoginException: [Security: 090304] authentication failed: User...

  at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:240)

  to com.bea.common.security.internal.service.LoginModuleWrapper$ 1.run(LoginModuleWrapper.java:110)

  at java.security.AccessController.doPrivileged (Native Method)

  I found similar questions IdentityAssertion custom exception, FailedLoginException asked for many years for WLS 9.2

  Their solution (wlp.propogate.login.exception.cause = true) does not work for WLS 10.3.

  How to propagate original LoginException?

  Or the exception message.

  I did it! Look carefully at the source code:

  javax.security.auth.login.LoginContext:875

  If (moduleStack [i].entry.getControlFlag () == AppConfigurationEntry.LoginModuleControlFlag.REQUISITE) {}

  ..

  If NECESSARY, then immediately throw an exception

  If (methodName.equals (ABORT_METHOD): methodName.equals (LOGOUT_METHOD)) {}

  If (firstRequiredError is nothing)

  firstRequiredError =;

  } else {}

  throwException (firstRequiredError, the);

  }

  } ElseIf (moduleStack [i].entry.getControlFlag () == AppConfigurationEntry.LoginModuleControlFlag.REQUIRED) {}

  ..

  mark only one MANDATORY module is not

  If (firstRequiredError is nothing)

  firstRequiredError =;

  } else {}

  ..

  mark down that one OPTIONAL module failed

  If (firstError is nothing)

  firstError =;

  }

  javax.security.auth.login.LoginContext:922

  We went through all the LoginModules.

  If (firstRequiredError! = null) {}

  a MANDATORY module failed - returns the error

  throwException (firstRequiredError, null);

  } Else if (success == false & firstError! = null) {}

  No module managed - returns the first error

  throwException (firstError, null);

  } else...

  I put the flag of control: OPTION to DefaultAuth (is REQUIRED)

  and order after my LoginModule. (reboot required)!

  Now, I get my % of exceptions)

• Log in via the custom identity provider

  Hey, I have an HTML article that will use the new setAuthToken API to provide custom user authentication, and I can call it with an authToken is allowed on the right to connect the user to the article.

  However, I am having a problem to set up the custom identity provider required for this API working. I set the project settings to use a custom IdP and created a page which checks the credentials and retrieve an authToken. Now the user selects sign to from the account model a web view appears with the IDP login page. Once the user logs were can I redirect to return the authToken to the APP? I can see the https://es.publish.adobe.com/oauth2 URL in the case of the mouth, but don't see any for the Custom POI... This was again set up?

  Thanks in advance,

  Alex

  Hi Alex,

  The authentication URL should be in your generic identity provider, implemented, the page that you created to verify the credentials. When this page is launched from the Viewer, there are several query parameters that are passed with her. This includes:

  redirectUri: the recall of generic URI authentication.

  projectId: ID of the application project

  appId: ID of the application of the observer.

  appVersion: the version of the application of the observer.

  UUID: the identifier of the device.

  Your page should analyze the redirectUri on URL parameters and redirect it when your authentication is complete. When this redirectUri forwarding, you can include the following information in the application:

  authToken: authToken to the user after the successful login.

  expiresIn: optional duration in seconds before the expiration of the authToken.

  error: error after the failure of the connection. Error or authToken must be specified but not both.

  I hope this helps.

  Thank you

  Christine

• Denied weblogic user authentication

  I can't start node managerd server from the command prompt.

  I have installed the Version of the WebLogic Server: 12.1.2.0.0 on Windows 2008 R2 Sp1 EN

  I started Server Administration succesfully.

  C:\Weblogic\Oracle\config\domains\wl_server\bin\startWebLogic.cmd

  I created ihale Managed server but I could not start server managed by.

  C:\Weblogic\Oracle\config\domains\wl_server\bin

  startManagedWebLogic.cmd ihale http://192.168.1.29:7431

  I am getting following error.

  # < 25 December 2013 12:51:13 AM PST > < critical > < WebLogicServer > < umman > < ihale > < principal > < < WLS Kernel > > <><>< 1387961473813 > < BEA-000386 > < server subsystem failed. Reason: weblogic.security.SecurityInitializationException: authentication of user weblogic has denied.

  weblogic.security.SecurityInitializationException: user weblogic authentication denied.

  .....

  ....

  Caused by: javax.security.auth.login.FailedLoginException: [Security: 090303] authentication failed: user weblogic weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security: 090295] caught unexpected exception

  at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:257)

  I am able to connect console username and password administration. Username: weblogic password: xxxxx

  I changed the password to the user weblogic and tried again. He was unseccesfull.

  I created the boot.properties file in the C:\Weblogic\Oracle\config\domains\wl_server\servers\ihale\security folder.

  I put the user name and password.

  After I tried to start the managed server ihale, boot.properties file has not been quantified and managed server also did not start.

  I deleted the cache, data, records of tmp save file logs in \\192.168.1.29\c$\Weblogic\Oracle\config\domains\wl_server\servers\ihale and I tried again. He was unseccesfull.

  I found something on https://community.Oracle.com/message/10653470

  Ganesh wrote:

  Did you reboot AdminServer after deleting the LDAP authentication provider?
  I think that your managed server is always try to authenticate the user via ldap authentication provider.

  Torrado answers:

  I found that there is a definition in the security policy of the osb_server1 for a user belonging to deleted LDAP authenticator.
  I removed it and started server.
  Thank you.

  How can I delete definition in security policy of ihale for a user belonging to deleted LDAP authenticator?

  Could you please help to solve this problem?

  Best regards.

  Hi again;

  I found the problem in fact it is my mistake.

  While I said the managed server, I wrote the incorrect port number.

  Port of the server, I wrote the managed instead of the Admin Server port.

  Thank you Kal.

• Authentication provider - Active Directory - all members of the AD can connect

  Hi people,

  It is a question about the installation of an alternative authentication provider (Microsoft AD).

  We have implemented integration with AD, and now everyone in the field of the AD can authenticate with OBIEE and automatically in the BIConsumer group. Is this default behavior / scheduled? If so, is there a way to get around this?

  Thank you

  Using filters to restrict the user of your security domain store could not prevent the user to authenticate on OBIEE. I think that its still a bug to refer to:

  Bug 13892104 : USERS WHO ARE NOT FILTERED FOR WEBLOGIC from AD STILL LOGIN IN OBIEE

  The workaround to stop other groups of ads to access BI is limiting access to OBIEE for authenticated role (i.e. everyone) which is a valid user in LDAP, you can restrict the Access Home Page of the screen maintain privileges in the form of OBIEE Administration. Give access to the House only access to roles that you want to give access to OBIEE, who never does not part of these roles cannot access OBIEE.

  Refer to this note for more information:

  OBIEE 11g how to disable the connection to /analytics and /xmlpserver when the user is not in Group (Doc ID 1479004.1)

  I hope this helps.

  Thank you

  SVS

• SQL authentication provider - create table script

  Hi all!
  I would use the SQL provider for my Web application authentication. I can't find the script to create tables of users/roles used by the provider.
  Can you suggest me a link where I can download?
  Thank you
  Frank

  Hi Frank,.

  Configure the SQL authenticator:

  Start Oracle XE DB and open propmt SQL to run commands below:

  CREATE TABLE USERS)
  U_NAME VARCHAR (200) NOT NULL,
  U_PASSWORD VARCHAR (50) NOT NULL,
  U_DESCRIPTION VARCHAR (1000))
  ;
  ALTER TABLE USERS
  ADD CONSTRAINT PK_USERS
  PRIMARY KEY (U_NAME)
  ;
  CREATE TABLE GROUPS)
  G_NAME VARCHAR (200) NOT NULL,
  G_DESCRIPTION VARCHAR (1000) NULL)
  ;
  ALTER TABLE GROUPS
  ADD CONSTRAINT PK_GROUPS
  PRIMARY KEY (G_NAME)
  ;
  CREATE TABLE GROUPMEMBERS)
  G_NAME VARCHAR (200) NOT NULL,
  G_MEMBER VARCHAR (200) NOT NULL)
  ;
  ALTER TABLE GROUPMEMBERS
  ADD CONSTRAINT PK_GROUPMEMS
  (PRIMARY KEY)
  G_NAME,
  G_MEMBER
  )
  ;
  ALTER TABLE GROUPMEMBERS
  ADD CONSTRAINT FK1_GROUPMEMBERS
  FOREIGN KEY (G_NAME)
  REFERENCE (G_NAME) GROUPS
  ON DELETE CASCADE

  Generally, customers can add users directly in DB with help commands below:

  insert into USERS (U_NAME, U_PASSWORD, U_DESCRIPTION) values ('system', 'weblogic', 'user admin');
  insert into GROUPS (G_NAME, G_DESCRIPTION) values ('Administrators', 'Administrators');
  insert into values('Administrators','system') GROUPMEMBERS (G_NAME, G_MEMBER);

  But in this case is not encrypted password then, either you can add users via the console or WLST script to be stored in encrypted form.

  We had performed above commands just to check that the user that is stored directly in the DB gets properly authenticated or not configured SQL authenticator as below

  Now start weblogic admin server and console access to create the data source by the navigation Services-> JDBC-> data sources

  Create the data source named SqlDS

  JNDI: SqlDS

  Type of DB: Oracle

  : DB driver Oracle Thin XA

  Name of the data base: XE

  DB host:

  Port: 1521

  DB user:

  DB password:

  Even the rest of the configuration and click test Configuration. If its success click on next and it targets to "AdminServer.

  Click Finish and activate chnages

  Now navigate to the areas of security-> myrealm-> suppliers

  Click new and supply the names of SqlAuthenticator and select Type of SQLAuthenticator

  Now click on newly created provider and make the indicator of control as "sufficient".

  Go to the specific page of provider:

  1. check on cleartext passwords enabled.

  2. provide a data name source: SqlDS

  Keep the rest of the parameters it is and save this configuration. It will ask you to restart the management server.

  Now, again navigate areas of security-myrealm-> users & groups >

  User created directly in the DB control is listed in the table with SqlAuthenticator, once its list, go ahead and add users as below

  B. Cretae users using the administration console:

  Sign in to the administration console

  Access areas of security-myrealm-> users & groups >

  Click the users tab and try to create the new user

  User name:

  Select authentication provider: SqlAuthenticator

  User password:

  Once the table DB check creating user, this user added with password encypted musted

  C. create multiple users using WLST script:

  File Navigave of $DOMAIN_HOME/bin and run the file setDomainEnv as below:

  UNIX:. ./setDomainEnv.sh (don't forget to put two points before /)

  Windows: setDomainEnv.cmd

  Now, change script depending on your environment below and run as suggested in step 3:

  Connect('weblogic','weblogic123','t3://localhost:7001')
  Edit()
  startEdit(-1,-1,'false')
  serverConfig()
  CD('/SecurityConfiguration/base_domain/Realms/MYREALM/AuthenticationProviders')
  ls()
  CD ('SqlAuthenticator')
  cmo.createUser ('vaishali', 'weblogic123', 'SQLuser')

  cmo.createUser ('pavashe', 'weblogic123', 'SQLuser')
  Edit()
  stopEdit('y')

  NOTE: Change username, password, and ADMIN_URL in 1st line.

  Replace the domain name "base_domain" by your domain online no.: 5

  Authenticator name change SQL online no: 6 by your authenticator name

  Next lines create users. You need to add however to users, you need to create programmatically.

  Syntax: cmo.createUser ('user_name', 'user_password', 'user_description')

  Now, to save these commands in a file with the extension .py and run as below:

  # java weblogic. WLST create_user.py

  If your script does not have to try running each command separately. For this session WLST beginning as below:

  # java weblogic. WLST

  Now run above commands in the script. You will be able to debug if something went wrong during execution of script.

  Kind regards
  Kal

• 11g BPM workspace don't Show no user of OVD - highest authentication provider page

  Hello
  We have added OVD connecting to LDAP as an authentication provider above for myrealm. The order of the providers are:
  
  (1) TPM (control indicator: ENOUGH)
  (2) DefaultAuthenticator(control Flag: REQUIRED)
  (3) DefaultIdentityAsserter
  
  Users and groups of the OVD are displayed in the weblogic console and are available in OEM when I want to add the user/group to the application role, but not in the BPM workspace. I find a related thread:
  WebLogic administrator account is inactive after activating the authenticator DB
  
  It seems that I did the same thing, but I'm still able to workspace bpm connect you with the id of weblogic. I guess my BPM does not use the OVD for the authenticator at all and it is always using DefaultAuthenticator. Can anyone please help and let me know what I missed to the setting? Should I put DefaultIdentityAsserter on the 2nd in the provider list to fix this?
  
  
  Thank you
  
  Helen
  
  Published by: Helen on March 22, 2011 07:31

  Hi Helen
  Yes. Even if you do all providers as SUFFICIENT, your username "weblogic" still works fine when you start the servers, weblogic and em consoles. It won't have a problem. Infact it is always good to have all the flags for all providers as sufficient if you have more then another provider.

  Yes, it's only bpm/workspace for which weblogic will not work means that it will look at users/groups in the first authentication configured providers. But EM/Console, you see users from all providers.

  No, this isn't a bug. But a limitation of bpm/workspace web module specially the application connection module. That's what I think.

  Thank you
  Ravi Jegga

• LDAP Authentication Provider examples of 10.3

  Hi all
  
  Sorry for the double post. didn't know that there was a security group.
  
  I keep seeing on google some references to examples of the old dev2dev authentication provider.
  I have 10.3 samples that come with the download and I see no auth provider examples.
  
  Someone knows or has some examples?
  
  Thanx
  Fred

  Let me a test mail, to hurt you send a simple custom authenticator.

  [email protected]

• Custom authentication tokens

  "Adobe Flash Access Overview on protected streaming" white paper States the following:

  Flash Access supports the business logic of the licensing stage decoupling based on the chips in use with Flash Media Server deployments. For example, when users visit a web portal for rental or to subscribe to the content, they may need to authenticate by providing a user ID and password to confirm their registration. They might also need a financial transaction. The web portal enters the results of these operations in an authentication token that is sent to the client application. The customer can then include the token in the licence application. The license server checks the authenticity of the token before issuance of the licence. Check token is stateless and was completed independently by each server without reference to a database or another shared state. Token is based on a secret or public key shared infrastructure (PKI).

  This raises the following questions:

  • How the web portal must generate the token?  This is a serialized AuthenicationToken or some other binary token?
  • If it's an AuthenicationToken, then how the web portal must generate a token such as this feature is part of the license server?
  • How the chips are based on a shared secret or PKI? What is incorporated into the class AuthenticationToken ?

  As I read, the paragraph refers to the regime "of custom authentication", not the authentication scheme name of user/password supported and as such, it is not to use serialized Flash Access AuthenticationTokens.  What is meant by "custom authentication" is quite honestly, not very clear in the documentation. I believe that the following scenerios should work, if I would be interested in your comments from anyone:

  In the first scenario, the "portal" should generate a custom binary token and pass this token to the client flash in response. How the token is passed is an exercise left to the reader. It could be loaded via a cookie, JavaScript or ActionScript. It doesn't really matter. Nevertheless, the token is eventually read by the Flash client and applied using the DRMManager.setAuthenticationToken (...) method. The license server must then retrieve the token by using RequestMessageBase.getRawAuthenticationToken (...).  In this case, the token format is completely defined by the developer or provider. The flash never access client issues a query for the authentication License Server Manager (/flashaccess/authentication/v1 / *).

  A second case, which I am not sure would work, would be the flash client requests a token for authorization as usual, using DRMManager.authenticate (...), but the license server authentication requests handler returns a token custom instead of a serialized AuthenticationToken. The workflow would then proceed as described in the first case.

  A third case, the Flash client is able to authenticate with the name of user and password standard schema, but the license server may ignore the username/password real name (data can be same passwords and usernames dummy). The license server would generate an AuthenticationToken, but would benefit from ApplicationProperies to store its information "custom token. The token would be then sent back to the customer and in turn transmitted to the same license server. The license server then inspect AuthenticationToken.getCustomProperties to determine the appropriate course of action.

  No matter what scenario is used, I have a few concerns with custom authentication tokens:

  First of all, this forum has several questions about custom authentication tokens. The documentation is not clear on what is intended and how exactly these tokens must be produced, transferred and consumed. It would be very useful for Adobe to provide an example with its reference implementation code.

  Second, as developers of server Flash Access License remain to design their own authentication scheme customized, there is a real concern that the invented approach can be precarious, allowing re-use of authentication tokens. A published set of best practices would help to ensure custom tokens are generated in a way that does not leak the information, allow attacks by replay or session hijacking.

  Finally, there seems to be some confusion about the use of tokens for authentication and authorization. The reference implementation clearly only use them for authentication, as the RefImplLicenseReqHandler makes additional checks the database for the authenticated user is allowed (subscriber) to access the content.  However, the paragraph quoted above suggests using these tokens for authentication and authorization. At least, that's what I understand by the notion that "audit token is stateless and was completed independently by each server without referring to a database or other shared state. I don't see how that's possible, unless the token contains authentication and authorization information. I'm wrong?

  I appreciate the thoughts of someone else on the custom authentication tokens. Thank you.

  -Aaron J

  The workflow for "custom authentication" is exactly what you described in your first scenario.  Namely, the client application gets a token through certain channels and calls DRMManager.setAuthenticationToken (...) to provide the token. When the client requests a license from the license server, this token is included in the request. The server application calls RequestMessageBase.getRawAuthenticationToken (...) for the access token and perform any validation is required for this type of token before issuing the permit. With a custom authentication, the SDK AuthenticationToken class is not used - this class is only used to represent the authentication tokens issued by using the name of user and password Flash Access authentication scheme.  A custom authentication token can be binary data - the Flash Access SDK is not involved in the generation or to consume these chips - it's your server implementation to manage the following steps.

  The motivation behind the 'custom authentication' scheme is not to force content providers to invent a new way to authenticate users, but to allow you to take advantage of all infrastructure you already have in place.  For example, if you are already running the SAML tokens to authenticated users, you can continue to do so, and you would just plug the SAML validation code in your license server. As a general rule, an authentication token is signed to prevent tampering. It would be possible to generate a signature using a symmetric key or with a private key. Then, checking on the server would involve checking the signature, either by using the same shared symmetric key or with the public key corresponding to the private key. (This is what is meant by 'token is based on a secret or public key shared infrastructure (PKI) ")

  Although the API reference to "authentication tokens", it would also be possible to take advantage of this authorization mechanism. For example, if you have a web portal to access the information on which a user is allowed to access the content, the Portal could issue an authorization token that says that the user X is allowed to play the content Y and Z. When the license server receives this token in a license application for content, simply, check the token is still valid and that the token States it is allowed to grant access to the content Y. This workflow, the license server doesn't have access to the database that contains authorization information, making it easier to deploy the server in a highly scalable way.

  Is this address your questions and concerns?

• Custom authentication fails with PLS-00306: wrong number or types of argume

  Hello
  
  I wrote a custom authentication scheme. I have a function that returns a BOOLEAN. Now, when I tried to test it, he throwed the following error.
  
  < pre >
  ORA-06550: line 2, column 8: PLS-00306: wrong number or types of arguments in the call to 'AUTH_ON_MY_USERS' ORA-06550: line 2, column 1: PL/SQL: statement ignored
  ERR-10460 error cannot perform the function of verification of the authentication credentials.
  Ok
  < / pre >
  
  The function is
  < pre >
  create or replace function auth_on_my_users (p_username_in in varchar2
  p_password_in in varchar2)
  return a Boolean value
  is
  Start
  Returns true;
  end;
  < / pre >
  
  I have an Oracle 10 g XE on windows. Apex 3.2.1. When I tried the same thing in apex.oracle.com, it worked. Is there something to do with XE and 3.2.1?
  
  Any idea? Thanks in advance.
  
  Concerning
  Guru
  
  Published by: guru Perrin on November 23, 2009 19:44 - Typo

  Hello

  Try

  create or replace function auth_on_my_users( p_username in varchar2, p_password in varchar2)
  return boolean is
  begin
   return true;
  end;
  

  The engine requires Express provides this function to have the signature (p_username in varchar2, p_password in varchar2) return a Boolean value.
  >

  BR, Jari