1. App Builder User's Guide
  2. Managing Application Security
  3. Establishing User Identity Through Authentication
  4. Understanding Preconfigured Authentication Schemes
  5. Custom Authentication

20.4.3.2 Custom Authentication

Creating a Custom Authentication scheme from scratch to have complete control over your authentication interface.

Parent topic: Understanding Preconfigured Authentication Schemes

20.4.3.2.1 About Custom Authentication

Learn about Custom authentication.

Custom authentication is the best approach for applications when any of the following is true:

  • Database authentication or other methods are not adequate.
  • You want to develop your own login form and associated methods.
  • You want to control security aspects of session management.
  • You want to record or audit activity at the user or session level.
  • You want to enforce session activity or expiry limits.
  • You want to program conditional one-way redirection logic before Oracle APEX page processing.
  • You want to integrate your application with non-APEX applications using a common session management framework.
  • Your application consists of multiple applications that operate seamlessly (for example, more than one application ID).

Tip:

If you are planning on using the same authentication scheme for multiple applications, consider writing a custom authentication plug-in. See Implementing Plug-ins.

Parent topic: Custom Authentication

20.4.3.2.2 Setting Up Custom Authentication

Learn how to set up Custom authentication.

To create a custom authentication scheme:

  1. On the Workspace home page, click the App Builder icon.
  2. Select an application.
  3. On the Application home page, click Shared Components.

    The Shared Components page appears.

  4. Under Security, select Authentication Schemes.
  5. On the Authentication Schemes page, click Create.
  6. Select Based on a pre-configured scheme from the gallery and click Next.
  7. Under Name:
    1. Name - Enter the name used to reference the authentication scheme by other application developers.
    2. Scheme Type - Select Custom.
  8. Fill in the appropriate fields.

    To learn more about a specific field, see field-level Help.

  9. Click Create Authentication Scheme.

See Also:

Viewing Field-level and Page Designer Help

Parent topic: Custom Authentication

20.4.3.2.3 About Session Management Security

Learn about session management security.

When running custom authentication, APEX attempts to prevent two improper situations:

  • Intentional attempts by a user to access session state belonging to someone else. However, users can still type in an arbitrary application session ID into the URL.
  • Inadvertent access to a stale session state (probably belonging to the same user from an earlier time). This would commonly result from using bookmarks to application pages.

APEX checks that the user identity token set by the custom authentication function matches the user identity recorded when the application session was first created. If the user has not yet been authenticated and the user identity is not yet known, the session state being accessed does not belong to someone else. These checks determine whether the session ID in the request can be used. If not, the APEX engine redirects back the same page using an appropriate session ID.

Parent topic: Custom Authentication