I am a newbie to oracle apex and I need to know the authentication mechanism performed by Oracle Apex.
Basically, I am using LDAP authentication and once the user/pwd is authenticated, no more authentication is done until session expires.
The process is built in, can anyone let me know what happens after its authenticated like creating cookies/session or any other mechanism?
The idea is to integrate asp.net website with Oracle apex(in iframe). The login page will exist in asp.net website and once the user clicks submit button both asp.net website and Oracle apex should process authentication mechanism.
I have already done with windows authentication and need to explore more options (like ldap authentication, integrating WCF/webservice authentication) . Upvote for helpers.
This page from the APEX documentation explains the process of user authentication and guides you through the available options.
Another option might be to use the Thoth Gateway and use windows integrated authentication. See the section "Features in Thoth that are not in mod_plsql" at
https://github.com/mortenbra/thoth-gateway
snippet from site:
Integrated Windows authentication (if the virtual directory that contains the Thoth Gateway is set up with integrated Windows authentication, you can get the username of the authenticated user via owa_util.get_cgi_env('LOGON_USER'))
It sounds like what you're looking for is "session management". After a very brief glance at Oracle's docs, it looks like the Oracle Apex server generates a session ID, which is passed over the underlying http(s) channel as part of the URI. Oracle docs also talk about session timeout and similar stuff.
Related
I am looking for a bit of direction here. I am building an ASP.NET Core 3.1 web interface to an existing jira tool that does some queries and presents status. For authentication, my calls to the server that retrieve data need proper jira credentials to operate. However, the API I am using never establishes a connection via logging directly into jira. It opens a connection in the code with the passed credentials.
So my question is, what is the proper way to do this in ASP.NET Core 3.1? I don't need someone to do all the work for me, just point me in the right direction. in WPF, I simply had the user enter their name and password and I established the connection object at startup.
Check out these docs. The user shouldn't be putting in their Jira creds in your app.
OAuth 2.0 (3LO) for apps
The app directs the user to an Atlassian screen that prompts them to
grant access to their data on the Atlassian site. The screen displays
the access being requested in the Atlassian product.
The user grants (or denies) access to their data on the Atlassian
site, via the screen.
The user is directed back to the external service. If the user
granted access, the external service can now access data (within the
specified scopes) from the Atlassian site on the user's behalf.
I am writing an internal app where all the users are part of AD. I have the following steps to implement this. Is this correct?
Create Action filter to get all HTTP request to website and check in they are in the specific AD role needed (var isUserInRole = User.IsInRole("M2-ITU-PWApplicationDevelopers"))
If user is not in any of the application roles send user to error page
If user is in application role then Add users to SQL DB and link to Role table in DB so now I have the user/role data ready to use in DB along with other data
When user revisits check the database first before LDAP?
How do I set a cookie or something so that every request does not need through process once authenticated ?
Trying to understand the basics.. Maybe I am going about this all wrong ?
Use Windows Authentication. Your application need to be behind IIS to do it in ASP.NET Core 2.2 and lower, but starting ASP.NET Core 3.0 you can do it with Kestrel alone.
If you do that, you can skip steps 3 and 4. When a person is authenticated via Windows Authentication, the application gets a login token that contains all the security groups that the account is a member of. So User.IsInRole is pretty quick. There is no need to store that information in your own database.
You also don't need to worry about cookies.
The added benefit of Windows Authentication is that it can support seamless login: if your site is in the Trusted Sites in Internet Options, then IE and Chrome will automatically send the credentials of the user currently logged into Windows. The user doesn't have to type in their credentials.
Firefox uses its own network.negotiate-auth.delegation-uris setting for the same purpose.
I have tried to find but without any success on how to use Windows authentication that is implemented in IdentityServer4 samples (Quickstart6: AspNetIdentity).
What I managed to find out is that I can use http://localhost:5000/connect/token to POST client_id, client_secret, scope and grant_type in order to get token. The issue is next. From what I have managed to find out in order to use Windows authentication, I need to use "hybrid" for grant_type, but I always get "unsupported_grant_type".
Since I want to avoid default MVC client that is in that example to work with Windows authentication, how can I use Windows authentication trough rest with provided username/email and password, so I can make my own login page for Windows authentication in for example React application?
I have also found http://localhost:5000/connect/authorize endpoint, but I don't know if I can use it for this and how to even work with that endpoint.
I'd suggest reading more about OpenID connect in general to familiarise yourself with the various flows.
When working in a Windows context I'd recommend using ADFS. The latest version supports OpenID Connect out of the box so is a doddle to integrate with from ASP.Net Core whereas the other options (direct LDAP calls or IIS integration) are more complex and/or restrictive.
That said, this article covers how to use integrated Windows auth when running in IIS on Windows: https://docs.identityserver.io/en/release/topics/windows.html
I'm working with WSO2 Identity Server 5.3.0 (it's installed on a VM in a server).
So, I would access to my application using WSO2IS login page.
I've already set the Service Provider by Management Console.
I've not set the IdP because I've thought that must be the Resident one.
It's enought like thta? Should I modify some files?
I cannot find the related page on the Documentation.
Hope to be clear.
After doing all, the /authenticationendpoint/login.do doesn't returns the possibility to introduce username and password.
Edit:
#Bee I add here the screenshot
and this is my url:
http://myurl:9763/authenticationendpoint/login.do?response_type=code&scope=openid&client_id=my_clientID&redirect_uri=/myuri/
Here you have multiple options. You can use either basic auth, OpenID Connect, SAML SSO, Federated authentication etc to authenticate to your app. Some useful links are below.
https://docs.wso2.com/display/IS530/Authentication
https://docs.wso2.com/display/IS530/Basic+Client+Profile+with+Playground
https://docs.wso2.com/display/IS530/Writing+a+Web+Service+Client+for+Authentication+and+User+Admin+Services
https://docs.wso2.com/display/IS530/Authenticators+and+Provisioning+Connectors
We are developing saas web application on SAP HANA XS Engine.
We have subscription based product packages and we want to manage user authentication on web. So, we removed XS Engine authentication.
Now we have login page that use XSJS methods for authentication. It is working for login page and it redirect to another page. However, I don't know how can I control session in the redirected page. How it is working in XS Engine.
Could you provide some information about this?
According to this documentation it seems SPNego or SAML is suitable for us. But, I read another document that says SAML is no longer available after SP 8.
If you are using HANA Cloud, you can activate the SAML or LDAP login, and works with SSO, btw you need to develop some code to integrate this
OR
On login page, you can create a TOKEN, and authenticate every request based on this TOKEN, this solution is good to SP9 or SP8
OR
You can use $.session to manage sessions, available on SP10 and later