1. App Builder User's Guide
  2. Managing Application Security
  3. Establishing User Identity Through Authentication

20.4 Establishing User Identity Through Authentication

Use authentication to establish a user's identity to control access to an application. Authentication may require a user identify a user name and password or could involve the use of digital certificates or a secure key.

Parent topic: Managing Application Security

20.4.1 Using a Procedure to Configure Authentication at Runtime

Configure authentication at runtime by specifying a procedure on the Security page.

To configure authentication at runtime by specifying a procedure:

  1. On the Workspace home page, click the App Builder icon.
  2. Select an application.
    The Application home page appears.
  3. From the Application home page, you can access the Security page in two ways:
    • Edit Application Definition button:

      1. Click Edit Application Definition to the right of the application name.

      2. Click the Security tab.

    • From Shared Components:

      1. Click Shared Components.

      2. Under Security, click Security Attributes.

    The Edit Security Attributes page appears.

  4. Authentication, Configuration Procedure- Enter the name of a procedure which configures authentication at runtime. See the example that follow.

    In applications with an authentication configuration procedure, the authentication scheme cannot be changed using the URL (for example, f?p=100:1:1234:APEX_AUTHENTICATION=myauth).

    The authentication configuration procedure runs at least once per session, on the first request. However, Oracle APEX may need to also call it on other occasions. In such cases, it must set the same values on each call.

  5. Click Apply Changes to save your changes.

Example 20-1 procedure my_auth_config

This example is for an application that implements multi-tenancy and supports different variations of Social Sign-In for the tenants. This example uses the domain name in the URL to fetch configuration data (for example, https://cust-01.example.com, https://cust-02.example.com, and so on). 

procedure my_auth_config (
    p_conf in out nocopy apex_authentication.t_configuration )
is
    l_host varchar2(32767) := sys.owa_util.get_cgi_env('HTTP_HOST');
begin
    for i in ( select discovery_url,
                      auth_scheme_name,
                      credential,
                      tenant_id
                 from customer_tenants
                where hostname = l_host )
    loop
        p_conf.authentication_name := i.auth_scheme_name;
        p_conf.substitutions := apex_t_varchar2 (
                                    'DISCOVERY_URL'       , i.discovery_url,
                                    'CREDENTIAL_STATIC_ID', i.credential );
        p_conf.tenant_id := i.tenant_id;
    end loop;
end my_auth_config;

The procedure can change three attributes of the in/out parameter p_conf, all of them are optional:

  • authentication_name - Assign the name of an authentication scheme in your application, which will be used instead of the default scheme. Note that Switch In Session must be enabled for that scheme.
  • substitutions - Assign name/value pairs using apex_t_varchar2. Oracle APEX substitutes each #NAME# in the authentication scheme attributes with the associated value. The built-in Social Sign-In scheme uses CREDENTIAL_STATIC_ID to use the corresponding credential store instead of the one that was configured in the scheme.
  • tenant_id - Set this tenant id in the session (see APEX_SESSION.SET_TENANT_ID).

Note:

SET_TENANT_ID Procedure in Oracle APEX API Reference

Parent topic: Establishing User Identity Through Authentication