Using custom authentication

Similar Questions

• Customized using WebService authentication

  Hello
  I am trying to create a way to authenticate my users after the call to a Web service using authentication custom so that they have no newspaper twice (SSO).
  Here is a brief description of what I'm trying to do:
  
  -End users and get authenticated in an iPlanet Portal Login.
  -Once in - they hit a link that calls my APEX application in a new window.
  -J' I call the Web Service that returns a response telling me that if they have a valid session of portal with username etc.
  S ' they are connected to our portal - I authenticate by their SUMMIT with custom authentication and allow them to continue.
  
  I've done so far:
  -Created a process of footer after the Login (101) Page that calls the Web Service.
  -Creates automatically a Page submit on page 101 with Javascript.
  -Changed after submit process 'Username Cookie Set' use the connection is returned in the Web Service.
  -Changed after submit process 'Login' to use the connection is returned in the Web Service.
  -Custom authentication is performed once the Page is sent.
  -L' user can then run the Application.
  
  Everything worked very well when I was already connected to the APEX as a developer, but when I tried to run the application as a non-developer I get the error:
  ORA-01400: cannot insert NULL into ("FLOWS_030100". «WWV_FLOW_COLLECTIONS$ '.» (' ' USER_ID ')
  
  Now, I realize that my Webservice process tries to store the result of the Web Service call until the connection has occurred - so there is no APEX users at this stage.
  
  Someone at - it a way to accomplish what I'm doing?
  
  Thank you
  Bill

  Bill,

  To determine whether a valid session, I have to call the Web Service - where I provide the ID of session as an input parameter.

  Well, then you will need to code a PL/SQL function to do this.

  Then I ask the wwv_flow_collections view to retrieve the user name and a Boolean value to tell me if this is a session valid portal.

  Where to get filled this collection?

  Did I miss something related to the solution of ntlm?

  Do not confuse this solution "ntlm" as one who is related to NTLM, in itself. It is generic.

  Do you know if it is possible to call a Web Service and retrieve the response without storing the answer in a collection?

  I don't know anything, but I do not know how a collection is used in your current implementation.

  Scott

• Adding a custom authenticator: could not find sawobisauthenticatorproxy3r.dll

  Gentlemen.

  I need to integrate Oracle BI EE 10.1.3.4.1 with workspace 11.1.2. To offer the opportunity to work with some BI stuff in Hyperion Workspace to my users.

  Has studied two documents:

  (1) including Oracle BI EE 10.1.3.4.1 Workspace 11.1.2

  http://www.Oracle.com/WebFolder/technetwork/tutorials/OBE/Hyp/WS11.1.2_OBIEE/WS11.1.2_OBIEE.htm?cid=4675 & SSID = 0

  (2) oracle® Business Intelligence News Guide Release 10.1.3.4.2

  http://docs.Oracle.com/CD/E10415_01/doc/bi.1013/e10416/general_10134.htm

  There is a 'Configuration Repository to use a Custom Authenticator' step, and I am confused with it.

  It is said:

  ~~
  

  In the Oracle's administrator of BI tool, open the file appropriate to the RPD and follow these steps:

  ...

  In the custom authenticator dialog box, click Browse to specify the next value for the Authenticator plugin file:

  sawobisauthenticatorproxy3r.dll

  Note: This file is in the OracleBI\web\bin directory

  ~~

  My BI environment is installed on the server, RHEL. So I installed Oracle BI Administrator Tool on Windows laptop, copied the RHEL server on cell repository, will update the repository and copy it then. But there is no file sawobisauthenticatorproxy3r.dll under the C:\OracleBI\web\bin directory. How could it be? Where can I get this file? Well Google, no option to enter on the internet. I'm sure that this step cannot be ignored.

  Guys, please advice how to solve this problem. Or maybe someone might want to send me this file sawobisauthenticatorproxy3r.dll plugin (if it's can't apply an env).

  Kind regards

  Victor.

  Phew. I found the solution. Uninstalled Oracle BI laptop computer administrator tool and installed OBI EE. Now I see

  sawobisauthenticatorproxy3r.dll in C:\OracleBI\web\bin

  and can process my deposit.

• Custom authentication scheme

  Dear community,
  
  I tried to create a custom authentication scheme based on a tutorial. But seemed to fail since the tutorial works on version 4.0 and I'm working on 4.1.
  
  Step 1. create table user_repository)
  username varchar2 (8).
  VARCHAR2 (8) password,.
  primary key (username)
  );
  
  Step 2 insert into user_repository values ('John', '1234');
  
  Step 3.
  
  create or replace package pkg_auth as
  function authenticate (p_username in varchar2,
  p_password in varchar2) return Boolean;
  end;
  
  create or replace package body pkg_auth as
  function authenticate (p_username in varchar2,
  p_password in varchar2) return Boolean is
  v_result integer: = 0;
  Start
  Select 1
  in v_result
  of user_repository
  where username = lower (p_username)
  and password = p_password;
  Return (v_result = 1);
  exception
  When no_data_found then
  Returns false;
  end to authenticate;
  end;
  
  Step 4. They want to create an authentication scheme from scratch, which does not exist in 4.1 (so it fails pretty well by already). I created a (based on some configs by default) normal authentication scheme.
  
  Step 5 They want to fill me this service "customized to authenticate": return pkg_auth.authenticate;
  Unfortunenately this functionality is not there either.
  
  
  Theyre talking passhashing, who used to work since I don't even get the normal authentication scheme to work.
  If someone could help me to create a custom authentication scheme based on the table in * 4.1, that wouldve was awesome.

  Authentication and authorization have been cleaned up to 4.1

  Create a schema of authentication "based on a pre-configured gallery system", and then select the type of theme of "custom".
  You can place your pl/sql code in the source field, or keep it in your database.
  Set your pkg_auth.authenticate in the field "name of the function of authentication.

  Final note - you should not really store plaintext passwords - I hope that this example of coding has been for the demo only. Check the past of examples that use the custom_hash function, for example.

  Scott

• Apex 4.1 - Websheets with the custom authentication scheme

  Apex v4.1 (as seen on the hosted apex.oracle.com) - Websheets do not always seem to work with a custom authentication scheme. Database applications work very well with a function of sentry page, but when the same page sentry function is used for a websheet, running, it gives an error the requested page was not found
  
  One of the Apex team can consult? Thank you

  Hi Vikas,

  Websheet Sentinels have slight differences of sentinels of the application.
  I created a sentinel websheet for you which should operate (see below).

  Christian

  create or replace function sample_page_sentry return boolean
  is
      l_username   varchar2(512);
      l_session_id number;
      l_ws_app_id  number;
  begin
      -- check to ensure that we are running as the correct database user.
      if user != 'APEX_PUBLIC_USER' then
          return false;
      end if;
      -- get sessionid in cookie
      l_session_id := wwv_flow_custom_auth_std.get_session_id_from_cookie;
      if wwv_flow_custom_auth_std.is_session_valid then
          -- the session still exists. we configure the APEX engine to use
          -- this session id and the session's username.
          --
          -- NOTE: it is more secure to also check if this is the session id from
          --       the URL!
          --
          apex_application.g_instance := l_session_id;
          l_username                  := wwv_flow_custom_auth_std.get_username;
          if nvl(l_username,'nobody') != 'nobody' then
              wwv_flow_custom_auth.define_user_session(
                  p_user       => l_username,
                  p_session_id => l_session_id);
              return true;
          end if;
      else
          -- session can not be reused, create a new one
          l_session_id := apex_custom_auth.get_next_session_id;
      end if;                                                                                 
  
      -- the current session is unauthenticated. we have to determine the user
      -- and log in.                                                                          
  
      -- get the username from somewhere, e.g. a cgi variable. it is hard-coded
      -- here for simplification.
      l_username := 'VANJ';
      -- configure the engine to use this username and session.
      apex_custom_auth.define_user_session(
           p_user       => l_username,
           p_session_id => l_session_id );
      -- build a deep link to the websheet start page
      l_ws_app_id  := apex_util.get_session_state ('WS_APP_ID');
      wwv_flow_custom_auth.remember_deep_link (
           p_url=>'ws?p='||l_ws_app_id||'::'||l_session_id );
      -- register the session in apex sessions table, set cookie, redirect back.
      apex_authentication.login(
           p_username => l_username,
           p_password => null );
      return true;
  end sample_page_sentry;
  /                                                                                           
  

  Published by: Christian Neumueller November 15, 2011 07:07 (a wiki format error corrected)

• IRM 11 g and weblogic custom authentication provider

  Hello.
  
  I'm trying to get IRM11g to work with the custom with no luck authentication provider. When I connect MRI I still get the same error (with no logs in the console): "there is a conflict with your user name in the system, contact your administrator." Click Ok to close your session. »
  Is it still possible? Or is - this MRI only works with suppliers provided with Weblogic? Or maybe there is some advice on how to implement custom authentication provider for MRI?
  
  I uses a single vendor (my custom) and it is the first in the list of providers. Provider itself seems to work (I can see the users and groups in the weblogic console).
  
  Thanks in advance!
  
  Best regards, Alexander!

  I want to emphasize that Oracle only supports authentication 6 or 7 providers that have been certified with the product. These are listed in the documentation.

  Oracle provides OVD for multiple authenticator support. You can use that?

  Frank.

• Need help-> custom authentication scheme

  Hey,.
  
  I am working on a custom authentication scheme.
  
  First, I create a test table:
  

  CREATE TABLE TBL_USER
    (
      USR_EMAIL VARCHAR2(40 BYTE) NOT NULL ENABLE,
      USR_ID    NUMBER NOT NULL ENABLE,
      USR_PW    VARCHAR2(255 BYTE) NOT NULL ENABLE,
      USR_ROLLE VARCHAR2(20 BYTE),
  CONSTRAINT "TBL_USER_PK" PRIMARY KEY ("USR_ID")
  );

  Then a function to hash the email and pw:

  create or replace
  function app_hash_test (p_email in varchar2, p_passwort in varchar2)
  return varchar2
  is
    l_passwort varchar2(4000);
    l_salt varchar2(4000) := 'DFS2J3DF4S5HG666IO7S8DJGSDF8JH';
                              
  begin
    l_passwort := utl_raw.cast_to_raw(dbms_obfuscation_toolkit.md5
    (input_string => p_passwort || substr(l_salt,10,13) || p_email ||
      substr(l_salt, 4,10)));
    return l_passwort;
  end;

  Then, a function of authentication:

  create or replace
  function app_auth_test (p_email in VARCHAR2, p_passwort in VARCHAR2)
  return number
  is
    l_passwort varchar2(4000);
    l_stored_passwort varchar2(4000);
    l_expires_on date;
    l_count number;
  begin
    select count(*) 
      into l_count 
      from tbl_user 
     where upper(usr_email) = upper(p_email);
  
    if l_count > 0 
    then
      select usr_pw 
        into l_stored_passwort
        from tbl_user 
        where upper(usr_email) = upper(p_email);
  
      l_passwort := app_hash_test(p_email, p_passwort);
  
      if l_passwort = l_stored_passwort 
      then
        return 1;
      else
        return 0;
      end if;
    else
      return 0;
    end if;
  end;

  After this, I create a form on the table tbl_user to insert the users by e-mail, password and rol (drop-down).
  
  On this Page (3), I create a new process to generate the hash value.
  

  begin
  :P3_usr_email := upper(:P3_usr_email);
  :P3_usr_pw := app_hash_test(:P3_usr_email,:P3_usr_pw);
  :P3_usr_email := lower(:P3_usr_email);
  end;

  After completing my page reg., I insert some users to test it later.
  
  The next step was to create a new authentication scheme in the shared components.
  Share components
  1. create
  2 starting at zero
  3. name-> TBL_USER
  4 JUMP
  5 JUMP
  6. the Page of this Application-> Page 1
  7 JUMP
  8 use my custom function to authenticate. -> return app_auth_test
  9 JUMP
  10 JUMP
  11 LOGOUT URL-> wwv_flow_custom_auth_std.logout? p_this_flow = APP_ID. & amp; p_next_flow_page_sess = & APP_ID.:1
  12. create schema
  
  My next step is to set the new regime as current-> current change
  
  I'm trying to open a session to my existing page with an e-mail and password in the tbl_user table.
  
  But all I got, is an error message:
  
  ORA-06550: line 2, column 8: PLS-00306: wrong Anzahl oder Typen von illuminated by von call 'APP_AUTH_TEST' ORA-06550: 2 line, column 1: PL/SQL: statement ignored
  
  ERR Fehler - 10460 implement von Funktion zum Prufen der Authentifizierungs-ID-Daten nicht possible.
  
  Translattion:
  Wrong number or type of argument in the call to 'APP_AUTH_TEST' ORA-06550: 2 line, column 1: PL/SQL: statement ignored
  
  Error ERR-10460 perform the function of evidence authentication-ID data - is not possible.
  
  I have check the operation, but it seems ok!
  does anyone know, what I forgot? Perhaps some parameters in the Login Page?
  
  NEDO
  
  Edited by: Mr.Nedo the 12.04.2011 07:55

  Your authentication (app_auth_test) matching mist signature exactly as shown in the window help or documentation.

  function app_auth_test (p_email in VARCHAR2, p_passwort in VARCHAR2) RETURN NUMBER

  differs from the documentation

  (p_username in varchar2, p_password in varchar2) return a Boolean value

  Change function app_auth_test so that it matches with the signature expected (return type and the parameter names and types) or write a wrapper for him with this signature and use that work more like authentication.

• Configure Tomcat 7 for custom authentication

  Hello

  I use Tomcat 7.0.19 for custom authentication. I followed the procedures set out in the specifications of LCDS 3.1. However, I get the following exception for TomcatValve... Please advise...

  Thank you

  Houda

  SEVERE: Error in web deployment of the directory ROOT of the application

  java.lang.VerifyError: class flex.messaging.security.TomcatValve overrides final method early. (V)

  at java.lang.ClassLoader.defineClass1 (Native Method)

  at java.lang.ClassLoader.defineClassCond(ClassLoader.java:632)

  at java.lang.ClassLoader.defineClass(ClassLoader.java:616)

  at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:141)

  at java.net.URLClassLoader.defineClass(URLClassLoader.java:283)

  to java.net.URLClassLoader.access$ 000 (URLClassLoader.java:58)

  in java.net.URLClassLoader$ 1.run(URLClassLoader.java:197)

  at java.security.AccessController.doPrivileged (Native Method)

  at java.net.URLClassLoader.findClass(URLClassLoader.java:190)

  at java.lang.ClassLoader.loadClass(ClassLoader.java:307)

  at java.lang.ClassLoader.loadClass(ClassLoader.java:248)

  at org.apache.tomcat.util.digester.ObjectCreateRule.begin(ObjectCreateRule.java:144)

  at org.apache.tomcat.util.digester.Digester.startElement(Digester.java:1282)

  at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.startElement (AbstractSAXPars er.java:501)

  to com.sun.org.apache.xerces.internal.parsers.AbstractXMLDocumentParser.emptyElement (mathematical tXMLDocumentParser.java:179)

  at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanStartElement(X MLDocumentFragmentScannerImpl.java:1343)

  to com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$ FragmentContentDri ver.next(XMLDocumentFragmentScannerImpl.java:2755)

  at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImp l.java:648)

  at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDo cumentFragmentScannerImpl.java:511)

  at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.ja goes: 808)

  at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.ja goes: 737)

  at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:119)

  at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1205)

  to com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$ JAXPSAXParser.parse (SAXParserImpl.j ava: 522)

  at org.apache.tomcat.util.digester.Digester.parse(Digester.java:1543)

  at org.apache.catalina.startup.ContextConfig.processContextConfig(ContextConfig.java:650)

  at org.apache.catalina.startup.ContextConfig.contextConfig(ContextConfig.java:587)

  at org.apache.catalina.startup.ContextConfig.init(ContextConfig.java:855)

  at org.apache.catalina.startup.ContextConfig.lifecycleEvent(ContextConfig.java:340)

  at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)

  at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:89)

  at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:379)

  at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)

  at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:136)

  at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:812)

  at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:787)

  at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:607)

  at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1055)

  at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:978)

  at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:472)

  at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1322)

  at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)

  at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)

  at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:89)

  at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:379)

  at org.apache.catalina.util.LifecycleBase.setState(LifecycleBase.java:324)

  at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:1041)

  at org.apache.catalina.core.StandardHost.startInternal(StandardHost.java:774)

  at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145)

  at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:1033)

  at org.apache.catalina.core.StandardEngine.startInternal(StandardEngine.java:291)

  at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145)

  at org.apache.catalina.core.StandardService.startInternal(StandardService.java:443)

  at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145)

  at org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:727)

  at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145)

  at org.apache.catalina.startup.Catalina.start(Catalina.java:621)

  at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)

  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)

  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

  at java.lang.reflect.Method.invoke(Method.java:597)

  at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:322)

  at org.apache.catalina.startup.Bootstrap.main (Bootstrap.java:450)

  November 22, 2011 13:09:46 org.apache.coyote.AbstractProtocol start

  Hello

  We currently do not support Data Services 3.1 on Tomcat 7.

  Kind regards

  Ashish verove

• Custom authentication tokens

  "Adobe Flash Access Overview on protected streaming" white paper States the following:

  Flash Access supports the business logic of the licensing stage decoupling based on the chips in use with Flash Media Server deployments. For example, when users visit a web portal for rental or to subscribe to the content, they may need to authenticate by providing a user ID and password to confirm their registration. They might also need a financial transaction. The web portal enters the results of these operations in an authentication token that is sent to the client application. The customer can then include the token in the licence application. The license server checks the authenticity of the token before issuance of the licence. Check token is stateless and was completed independently by each server without reference to a database or another shared state. Token is based on a secret or public key shared infrastructure (PKI).

  This raises the following questions:

  • How the web portal must generate the token?  This is a serialized AuthenicationToken or some other binary token?
  • If it's an AuthenicationToken, then how the web portal must generate a token such as this feature is part of the license server?
  • How the chips are based on a shared secret or PKI? What is incorporated into the class AuthenticationToken ?

  As I read, the paragraph refers to the regime "of custom authentication", not the authentication scheme name of user/password supported and as such, it is not to use serialized Flash Access AuthenticationTokens.  What is meant by "custom authentication" is quite honestly, not very clear in the documentation. I believe that the following scenerios should work, if I would be interested in your comments from anyone:

  In the first scenario, the "portal" should generate a custom binary token and pass this token to the client flash in response. How the token is passed is an exercise left to the reader. It could be loaded via a cookie, JavaScript or ActionScript. It doesn't really matter. Nevertheless, the token is eventually read by the Flash client and applied using the DRMManager.setAuthenticationToken (...) method. The license server must then retrieve the token by using RequestMessageBase.getRawAuthenticationToken (...).  In this case, the token format is completely defined by the developer or provider. The flash never access client issues a query for the authentication License Server Manager (/flashaccess/authentication/v1 / *).

  A second case, which I am not sure would work, would be the flash client requests a token for authorization as usual, using DRMManager.authenticate (...), but the license server authentication requests handler returns a token custom instead of a serialized AuthenticationToken. The workflow would then proceed as described in the first case.

  A third case, the Flash client is able to authenticate with the name of user and password standard schema, but the license server may ignore the username/password real name (data can be same passwords and usernames dummy). The license server would generate an AuthenticationToken, but would benefit from ApplicationProperies to store its information "custom token. The token would be then sent back to the customer and in turn transmitted to the same license server. The license server then inspect AuthenticationToken.getCustomProperties to determine the appropriate course of action.

  No matter what scenario is used, I have a few concerns with custom authentication tokens:

  First of all, this forum has several questions about custom authentication tokens. The documentation is not clear on what is intended and how exactly these tokens must be produced, transferred and consumed. It would be very useful for Adobe to provide an example with its reference implementation code.

  Second, as developers of server Flash Access License remain to design their own authentication scheme customized, there is a real concern that the invented approach can be precarious, allowing re-use of authentication tokens. A published set of best practices would help to ensure custom tokens are generated in a way that does not leak the information, allow attacks by replay or session hijacking.

  Finally, there seems to be some confusion about the use of tokens for authentication and authorization. The reference implementation clearly only use them for authentication, as the RefImplLicenseReqHandler makes additional checks the database for the authenticated user is allowed (subscriber) to access the content.  However, the paragraph quoted above suggests using these tokens for authentication and authorization. At least, that's what I understand by the notion that "audit token is stateless and was completed independently by each server without referring to a database or other shared state. I don't see how that's possible, unless the token contains authentication and authorization information. I'm wrong?

  I appreciate the thoughts of someone else on the custom authentication tokens. Thank you.

  -Aaron J

  The workflow for "custom authentication" is exactly what you described in your first scenario.  Namely, the client application gets a token through certain channels and calls DRMManager.setAuthenticationToken (...) to provide the token. When the client requests a license from the license server, this token is included in the request. The server application calls RequestMessageBase.getRawAuthenticationToken (...) for the access token and perform any validation is required for this type of token before issuing the permit. With a custom authentication, the SDK AuthenticationToken class is not used - this class is only used to represent the authentication tokens issued by using the name of user and password Flash Access authentication scheme.  A custom authentication token can be binary data - the Flash Access SDK is not involved in the generation or to consume these chips - it's your server implementation to manage the following steps.

  The motivation behind the 'custom authentication' scheme is not to force content providers to invent a new way to authenticate users, but to allow you to take advantage of all infrastructure you already have in place.  For example, if you are already running the SAML tokens to authenticated users, you can continue to do so, and you would just plug the SAML validation code in your license server. As a general rule, an authentication token is signed to prevent tampering. It would be possible to generate a signature using a symmetric key or with a private key. Then, checking on the server would involve checking the signature, either by using the same shared symmetric key or with the public key corresponding to the private key. (This is what is meant by 'token is based on a secret or public key shared infrastructure (PKI) ")

  Although the API reference to "authentication tokens", it would also be possible to take advantage of this authorization mechanism. For example, if you have a web portal to access the information on which a user is allowed to access the content, the Portal could issue an authorization token that says that the user X is allowed to play the content Y and Z. When the license server receives this token in a license application for content, simply, check the token is still valid and that the token States it is allowed to grant access to the content Y. This workflow, the license server doesn't have access to the database that contains authorization information, making it easier to deploy the server in a highly scalable way.

  Is this address your questions and concerns?

• CUSTOM AUTHENTICATION

  Hello
  I have a small problem concerning custom authention...
  
  I need to create a custom authentication which accepts 3 variables and it seems to me making a mistake... LEGAL TYPES of arguments...
  
  Until that moment, I felt that miss me a point... custom authentication works...
  I know that my answer will be the AUTHENTICATION SCHEME THAT the AUTHENTICATION SERVICE cannot accept that TWO variables...
  
  I know I've seen discussions on this, but I would like to Y?
  Y must he be alone are accepted both values? If I want to create a custom authentication which accepts 3 or 4 or 5 if I shouldn't be free to do?
  

  create or replace function auth_on_my_users (p_username in varchar2, p_password in varchar2)
  return a Boolean value is
  Start
  Returns true;
  end;

  Why the input variables must be fixed with these names?
  I just need some answers there as I am trying to understand the rationale.
  
  Another supplementary question might be...
  
  I have a requirement where I need to make a custom authentication and I need to use three variables, how do I make a u-turn for this...
  
  Sorry for my stupid questions, but I hope to have some good answers and critics also welcomed...
  
  Concerning
  Alex Noel, Makumuli,
  Tanzania

  Hello

  For the workaround, you can for example define application component and use it in your function as parameter 3 as

   l_local_variable := v('MY_APP_ITEM');
  

  BR, Jari

• Change password with a custom authentication

  Hello
  
  I use a custom authentication scheme, which is a combination of authentication, ldap and apex. I created a function that checks in a user table to see if authentication_type is 'LDAP' or ' APEX. Depending on the type, be it authenticate against ldap or apex. It works very well. No problem.
  
  I also created a page for the password change functionality. This page has "new password" and "Confirm password" fields and a "submit" button. He also ' send' process that calls apex_util. CHANGE_CURRENT_USER_PW(:P43_NEWPASSWORD); to change the password for users of the apex.
  
  To change the password, the page gives the message that the password was changed successfully, but it actually doesn't change anything. I don't understand why?
  
  Help, please.
  
  Thnx
  Milan

  The user name is stored in uppercase in the user account. So what you could do is:

  declare l_user varchar2 (30);
  Start
  l_user: = v ('APP_USER');
  apex_application. G_user: = upper (l_user);
  apex_util. CHANGE_CURRENT_USER_PW(:P43_NEWPASSWORD);
  apex_application. G_user: = l_user;
  end

  Scott

• Custom authentication not found

  Hello
  
  My application is called APPEVT2TAB.
  I created a packaged function to test custom authentication:
  
  create or replace package pkg_appevt2tab as
  function f_authenticate (p_username in varchar2, p_password in varchar2) return Boolean;
  end pkg_appevt2tab;
  /
  create or replace package body pkg_appevt2tab as
  function f_authenticate (p_username in varchar2, p_password in varchar2) return Boolean is
  Start
  insert into test_table values ('start');
  commit;
  Returns true;
  exception
  while others then
  Insert values into table_test ('exception');
  commit;
  Returns true;
  end pkg_appevt2tab;
  /
  create public synonym pkg_appevt2tab for pkg_appevt2tab;
  Grant execute on pkg_appevt2tab to public;
  
  In the authentication box, I "return pkg_appevt2tab.f_authenticate;" (without the quotes, of course) and I made sure that the custom authentication process is underway.
  
  When I run my application, I can't connect (I get "Invalid Login Credentials").
  When you check the test_table, it has no records inside.
  
  I tried to change the value of the field authentication for "return pkg_appevt2tab.f_authenticat;" (the last 'e' is missing, which is a name not valid) and found that the behavior is exactly the same.
  
  So far, my conclusion is therefore that the packaged function cannot be found.
  Is this correct? If so, why?, if not, what is the problem?
  
  Any help would be appreciated!
  
  Thank you
  
  Gabor

  Gabor:

  This comment

  I tried to change the value of the field authentication for "return pkg_appevt2tab.f_authenticat;" (the last 'e' is missing, which is a name not valid) and found that the behavior is exactly the same.

  leads me to suspect that your application uses a different authentication scheme somehow. Where authentication is misspelled or is unavailable, APEX triggers an appropriate error when attempting authentication.

  CITY

• Mix of custom authentication and database account

  We have a client-server application (let's call it app_1) with the database authentication account. To be able to connect to the new APEX (app_2), the user application must be if the user of app_1 (so having an account of DB) or app_2 user (authentication customized table of users with uid and password hash).
  
  Separately, I can implement each of these authentication schemes. However, I could not imagine how combine them (to include authentication account DB in my custom schema).
  
  Any idea?
  
  Igor

  Igor,

  I wrote on this subject some time ago... See if this helps:
  http://www.danielmcghan.us/2008/08/custom-authentication-via-DB.html

  Kind regards
  Dan

  http://danielmcghan.us
  http://sourceforge.NET/projects/tapigen

  You can reward this answer by marking as being useful or correct ;-)

• http using aaa authentication when Ganymede server is down

  I installed AAA using Ganymede and everything works well except for authentication http through a browser or a network Assistant when the RADIUS server is down. For console and telnet connections, the default authentication line when Ganymede is out of service.

  AAA new-model

  AAA authentication login default group Ganymede + line

  AAA authorization exec default group Ganymede + authenticated if

  AAA accounting update newinfo

  AAA accounting exec default start-stop Ganymede group.

  only AAA 0 default stop accounting controls group Ganymede +.

  only AAA 1 default stop accounting controls group Ganymede +.

  accounting AAA commands default 15 stop only Ganymede group.

  !

  aaa IP http authentication

  !

  radius-server host 10.161.161.20

  111111 radius-server key

  It must be something with the fact that on http or ANC, it connects to the router at level 15, but I have played with all sorts of orders of different authorization and cannot operate.

  Paul

  What you want to do for authentication if the RADIUS server is down? For telnet and console access you can use the line as a backup method because it is possible to configure a password for the line on the console and vty ports. Which type of backup method you want for HTTP? The one that seems most logical to me would be to a local authentication in order to cover the situation where the server is down.

  To use local authentication, you must do the following:

  -create a definition of the local user (maybe more if you need extended security).

  -specify a special method for authentication of the aaa.

  -specify that http, using the special method.

  The configuration might look like this:

  password user tech1 tech1

  AAA authentication login http_auth group Ganymede + local

  IP http authentication aaa - authentication of the connection http_auth

  Or you can decide to use the secret to activate (or password that is configured in office). The config might look like this:

  AAA authentication login http_auth group Ganymede + activate

  IP http authentication aaa - authentication of the connection http_auth

  If you want a different backup method, let us know what it is and we'll see how it could be implemented.

  HTH

  Rick

• Local use and authentication AD with ACS 5.6

  I have an ACS 5.6 unit configured to use AD authentication for my default network access and rules. It works very well.

  I tried to implement some features, put them in a group and give only locally defined ACS to users access to these devices.

  Problem, after you have created the local accounts on ACS creates a group of local identity, and trying to authenticate with a camera, I always get "object not found in the identity store.

  Is there a way to have the hybrid authentication like that? How do we?

  Hi Colin,

  One thing that comes to mind is "sequence of identity store. Ensure that you have "internal users" listed in there otherwise that demand would never be mapped against the internal users.

  I also want to double check the source of identity under default device admin or any service that you created. Ensure that internal users.

  Take a look at the document below for more details on the identity store sequence.

  https://supportforums.Cisco.com/document/103901/ACS-5x-identity-store-se...

  Kind regards

  Kanwal

  Note: Please check if they are useful.