1. Administration Guide
  2. Oracle APEX Administration Services
  3. Configuring Security
  4. Configuring Authentication Controls for an Instance
  5. Configuring Authentication Schemes for an Instance
  6. Editing HTTP Header Variable

3.4.7.3.3 Editing HTTP Header Variable

Edit the HTTP Header Variable authentication scheme for an instance.

HTTP Header Variable supports the use of header variables to identify a user and to create an Oracle APEX user session. Use HTTP Header Variable authentication scheme if your company employs a centralized web authentication solution like Oracle Access Manager which provides single sign-on across applications and technologies. User credential verification is performed by these systems and they pass the user's name to Oracle APEX using a HTTP header variable such as "REMOTE_USER" (which is the default).

To edit HTTP Header Variable:

  1. Sign in to Oracle APEX Administration Services.
  2. Click Manage Instance.
  3. Under Instance Settings, click Security.
  4. Under Authentication Control, scroll down to Development Environment Authentication Schemes.
    The Status column indicates if the authentication scheme designated as Current.
  5. Find HTTP Header Variable and click Edit.
    The Edit Scheme page appears.
  6. Click Make Current Scheme to have applications identify and verify the user using this authentication scheme.
  7. Under Edit Authentication Scheme:
    • PL/SQL Code - Enter a PL/SQL anonymous block of code that contains procedures for pre- and post-authentication entry points. To improve performance, you can also store this code in a PL/SQL package in the database.
    • Pre-Authentication Procedure Name - Specify the name of a procedure to be executed after the login page is submitted and just before credentials verification is performed. The procedure can be defined in the PL/SQL Code attribute or within the database.

      Authentication schemes where user credentials checking is done outside of Oracle APEX typically do not execute the Pre-Authentiation procedure. Examples include HTTP Header Variable, Oracle Application Server Single Sign-On and custom authentication schemes that use APEX_AUTHENTICATION.POST_LOGIN instead of APEX_AUTHENTICATION.LOGIN.

    • Post-Authentication Procedure Name - Specify the name of a procedure to be executed by the Oracle APEX LOGIN procedure after the authentication step (login credentials verification). The LOGIN procedure will execute this code after it performs its normal duties, which include setting a cookie and registering the session, but before it redirects to the desired application page. The procedure can be defined in the PL/SQL Code attribute or within the database.
  8. Under Authentication Scheme Attributes:

    Tip:

    To learn more about an attribute, see field-level Help.
    • HTTP Header Variable Name - Specifies the name of the HTTP header variable which contains the username. The default OAM_REMOTE_USER is used by Oracle Access Manager and has to be changed if another authentication provider is used.
    • Action if Username is Empty - Specifies the action to be performed if the username stored in the HTTP header variable is empty.
    • Verify Username - Specifies how often the username stored in the HTTP header variable is verified
    • Logout URL of SSO Server - If the authentication scheme is based on Oracle Access Manager or similar servers, use this attribute to specify a URL to log out of the central single sign-on server.

      Oracle Access Manager based SSO example:

      /oamsso/logout.html?end_url=%POST_LOGOUT_URL%

      The substitution parameter %POST_LOGOUT_URL% will be replaced by an encoded URL to the login page of your application.

  9. To save your changes, click Apply Changes.

Parent topic: Configuring Authentication Schemes for an Instance