Edit D:\app\Administrator\product\11.2.0\dbhome_1\apex\images\doc\sec_auth_preconfig.htm
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=us-ascii" /> <meta http-equiv="Content-Style-Type" content="text/css" /> <meta http-equiv="Content-Script-Type" content="text/javascript" /> <title>Using Preconfigured Authentication Schemes</title> <meta name="generator" content="Oracle DARB XHTML Converter (Mode = ohj/ohw) - Version 5.1" /> <meta name="date" content="2009-04-14T16:11:31Z" /> <meta name="robots" content="noarchive" /> <meta name="doctitle" content="Using Preconfigured Authentication Schemes" /> <meta name="relnum" content="Release 3.2" /> <meta name="partnum" content="E11947-01" /> <link rel="copyright" href="dcommon/html/cpyr.htm" title="Copyright" type="text/html" /> <link rel="stylesheet" href="dcommon/css/blafdoc.css" title="Oracle BLAFDoc" type="text/css" /> <link rel="contents" href="toc.htm" title="Contents" type="text/html" /> <link rel="up" href="preface.htm" title="Home" type="text/html" /> <link rel="up" href="sec.htm" title="Managing Application Security" type="text/html" /> <link rel="up" href="sec_authentication.htm" title="Establishing User Identity ..." type="text/html" /> <link rel="up" href="sec_auth_preconfig.htm" title="Using Preconfigured Authent..." type="text/html" /> <link rel="prev" href="sec_auth_create.htm" title="Previous" type="text/html" /> <link rel="next" href="sec_auth_scratch.htm" title="Next" type="text/html" /> </head> <body> <p id="BREADCRUMBING"><a href="preface.htm" title="Home">Home</a> > <a href="sec.htm" title="Managing Application Security">Managing Application Security</a> > <a href="sec_authentication.htm" title="Establishing User Identity ...">Establishing User Identity ...</a> > Using Preconfigured Authent...</p> <table class="simple oac_no_warn" summary="" cellspacing="0" cellpadding="0" width="100%"> <col width="86%" /> <col width="*" /> <tr valign="bottom"> <td align="left"></td> <td align="center"><a href="sec_auth_create.htm"><img src="dcommon/gifs/leftnav.gif" alt="Previous" /><br /> <span class="icon">Previous</span></a> </td> <td align="center"><a href="sec_auth_scratch.htm"><img src="dcommon/gifs/rightnav.gif" alt="Next" /><br /> <span class="icon">Next</span></a></td> </tr> </table> <p><a id="BABGDGFE" name="BABGDGFE"></a></p> <div class="sect2"><!-- infolevel="all" infotype="General" --> <h1><a name="HTMDB25767" id="HTMDB25767"></a>Using Preconfigured Authentication <a id="sthref1983" name="sthref1983"></a><a id="sthref1984" name="sthref1984"></a>Schemes</h1> <p>When you select a preconfigured authentication scheme, Oracle Application Express creates an authentication scheme for your application that follows a standard behavior for authentication and session management.</p> <a id="sthref1985" name="sthref1985"></a> <p class="subhead2">Topics:</p> <ul> <li> <p><a href="#CHDDAEGJ">Open Door Credentials</a></p> </li> <li> <p><a href="#BABBCIEE">Oracle Application Express Account Credentials</a></p> </li> <li> <p><a href="#CHDBDBCH">Database Account Credentials</a></p> </li> <li> <p><a href="#CHDHFDFA">LDAP Credentials Verification</a></p> </li> <li> <p><a href="#CHDJBAIF">DAD Credentials Verification</a></p> </li> <li> <p><a href="#BABDBHJB">Single Sign-On Server Verification</a></p> </li> </ul> <a id="CHDDAEGJ" name="CHDDAEGJ"></a> <div class="sect3"><!-- infolevel="all" infotype="General" --> <h2><a name="HTMDB25950" id="HTMDB25950"></a>Open <a id="sthref1986" name="sthref1986"></a>Door Credentials</h2> <p>Open Door Credentials enables anyone to access your application using a built-in login page that captures a user name. This authentication method is useful during application development.</p> <div class="sect4"><!-- infolevel="all" infotype="General" --><a id="sthref1987" name="sthref1987"></a> <h3><a name="HTMDB25951" id="HTMDB25951"></a>Setting Up Open Door Credentials</h3> <p>To set up Open Door Credentials:</p> <ol> <li> <p>On the Workspace home page, click the <span class="bold">Application Builder</span> icon.</p> </li> <li> <p>Select an application.</p> </li> <li> <p>On the Application home page, click <span class="bold">Shared Components</span>.</p> <p>The Shared Components page appears.</p> </li> <li> <p>Under Security, select <span class="bold">Authentication Schemes</span>.</p> </li> <li> <p>On the Authentication Schemes page, click <span class="bold">Create</span>.</p> </li> <li> <p>Select <span class="bold">Based on a pre-configured scheme from the gallery</span>.</p> </li> <li> <p>From Gallery, select <span class="bold">Show Login Page and Use Open Door Credentials.</span></p> </li> <li> <p>Specify a login page and click <span class="bold">Next</span>.</p> </li> <li> <p>Enter a name and click <span class="bold">Create Scheme</span>.</p> </li> </ol> </div> <!-- class="sect4" --></div> <!-- class="sect3" --> <a id="BABBCIEE" name="BABBCIEE"></a> <div class="sect3"><!-- infolevel="all" infotype="General" --> <h2><a name="HTMDB25768" id="HTMDB25768"></a>Oracle Application Express <a id="sthref1988" name="sthref1988"></a><a id="sthref1989" name="sthref1989"></a>Account Credentials</h2> <p>Oracle Application Express Account Credentials are internal user accounts (also known as "cookie user" accounts) that are created within and managed in the Oracle Application Express user repository. When you use this method, your application is authenticated against these accounts.</p> <div align="center"> <div class="inftblnotealso"><br /> <table class="NoteAlso oac_no_warn" summary="" cellpadding="3" cellspacing="0"> <tbody> <tr> <td align="left"> <p class="notep1">See Also:</p> "Managing Application Express Users" in <a href="AEADM/aadm_users.htm"><span class="italic">Oracle Application Express Administration Guide</span></a></td> </tr> </tbody> </table> <br /></div> <!-- class="inftblnotealso" --></div> <p>Application Express Account Credentials is a good solution when:</p> <ul> <li> <p>You want control of the user account repository</p> </li> <li> <p>User name and password-based approach to security is sufficient</p> </li> <li> <p>You do not need to integrate into a single sign-on framework</p> </li> </ul> <p>This is an especially good approach when you need to get a group of users up and running on a new application quickly.</p> <div class="sect4"><!-- infolevel="all" infotype="General" --><a id="sthref1990" name="sthref1990"></a> <h3><a name="HTMDB25952" id="HTMDB25952"></a>Setting Up Application Express Account Credentials</h3> <p>To set up Application Express Account Credentials:</p> <ol> <li> <p>On the Workspace home page, click the <span class="bold">Application Builder</span> icon.</p> </li> <li> <p>Select an application.</p> </li> <li> <p>On the Application home page, click <span class="bold">Shared Components</span>.</p> <p>The Shared Components page appears.</p> </li> <li> <p>Under Security, select <span class="bold">Authentication Schemes</span>.</p> </li> <li> <p>On the Authentication Schemes page, click <span class="bold">Create</span>.</p> </li> <li> <p>Select <span class="bold">Based on a pre-configured scheme from the gallery</span>.</p> </li> <li> <p>From Gallery, select <span class="bold">Show Login Page and Use Application Express Account Credentials.</span></p> </li> <li> <p>Specify a login page and click <span class="bold">Next</span>.</p> </li> <li> <p>Enter a name and click <span class="bold">Create Scheme</span>.</p> </li> </ol> </div> <!-- class="sect4" --></div> <!-- class="sect3" --> <a id="CHDBDBCH" name="CHDBDBCH"></a> <div class="sect3"><!-- infolevel="all" infotype="General" --> <h2><a name="HTMDB25953" id="HTMDB25953"></a>Database <a id="sthref1991" name="sthref1991"></a>Account Credentials</h2> <p>Database Account Credentials utilizes database schema accounts.This authentication scheme requires that a database user (schema) exist in the local database. When using this method, the user name and password of the database account is used to authenticate the user.</p> <p>Database Account Credentials is a good choice if having one database account for each named user of your application is feasible and account maintenance using database tools meets your needs</p> <div class="sect4"><!-- infolevel="all" infotype="General" --><a id="sthref1992" name="sthref1992"></a> <h3><a name="HTMDB25954" id="HTMDB25954"></a>Setting Up Database Account Credentials</h3> <p>To set up Database Account Credentials:</p> <ol> <li> <p>On the Workspace home page, click the <span class="bold">Application Builder</span> icon.</p> </li> <li> <p>Select an application.</p> </li> <li> <p>On the Application home page, click <span class="bold">Shared Components</span>.</p> <p>The Shared Components page appears.</p> </li> <li> <p>Under Security, select <span class="bold">Authentication Schemes</span>.</p> </li> <li> <p>On the Authentication Schemes page, click <span class="bold">Create</span>.</p> </li> <li> <p>Select <span class="bold">Based on a pre-configured scheme from the gallery</span>.</p> </li> <li> <p>From Gallery, select <span class="bold">Show Login Page and Use Database Account Credentials.</span></p> </li> <li> <p>Specify a login page and click <span class="bold">Next</span>.</p> </li> <li> <p>Enter a name and click <span class="bold">Create Scheme</span>.</p> </li> </ol> </div> <!-- class="sect4" --></div> <!-- class="sect3" --> <a id="CHDHFDFA" name="CHDHFDFA"></a> <div class="sect3"><!-- infolevel="all" infotype="General" --> <h2><a name="HTMDB25955" id="HTMDB25955"></a>LDAP Credentials <a id="sthref1993" name="sthref1993"></a>Verification</h2> <p>You can configure any authentication scheme that uses a login page to use Lightweight Directory Access Protocol (LDAP) to verify the user name and password submitted on the login page.</p> <p>Application Builder includes wizards and edit pages that explain how to configure this option. These wizards assume that an LDAP directory accessible to your application for this purpose already exists and that it can respond to a <code>SIMPLE_BIND_S</code> call for credentials verification. When you create an LDAP Credentials authentication scheme, the wizard requests and saves the LDAP host name, LDAP port, and the DN string. An optional preprocessing function can be specified to adjust formatting of the user name passed to the API.</p> <div class="sect4"><!-- infolevel="all" infotype="General" --><a id="sthref1994" name="sthref1994"></a> <h3><a name="HTMDB25956" id="HTMDB25956"></a>Setting Up LDAP Credentials Verification</h3> <p>To set up LDAP credentials verification:</p> <ol> <li> <p>On the Workspace home page, click the <span class="bold">Application Builder</span> icon.</p> </li> <li> <p>Select an application.</p> </li> <li> <p>On the Application home page, click <span class="bold">Shared Components</span>.</p> <p>The Shared Components page appears.</p> </li> <li> <p>Under Security, select <span class="bold">Authentication Schemes</span>.</p> </li> <li> <p>On the Authentication Schemes page, click <span class="bold">Create</span>.</p> </li> <li> <p>Select <span class="bold">Based on a pre-configured scheme from the gallery</span>.</p> </li> <li> <p>From Gallery, select <span class="bold">Show Login Page and Use LDAP Directory Credentials</span>.</p> </li> <li> <p>Specify a login page and click <span class="bold">Next</span>.</p> </li> <li> <p>Specify the following and click <span class="bold">Next</span>.</p> <ol> <li> <p>LDAP Host</p> </li> <li> <p>LDAP Port</p> </li> <li> <p>LDAP Distinguished Name (DN) String</p> </li> <li> <p>(Optional) LDAP Username Edit Function</p> </li> </ol> <p>To view help for a specific item, click the item label. When help is available, the item label changes to red when you pass your cursor over it and the cursor changes to an arrow and question mark. See <a href="start_hlp.htm#BABDGBDB">"About Field-Level Help"</a>.</p> </li> <li> <p>Enter a name and click <span class="bold">Create Scheme</span>.</p> </li> </ol> </div> <!-- class="sect4" --></div> <!-- class="sect3" --> <a id="CHDJBAIF" name="CHDJBAIF"></a> <div class="sect3"><!-- infolevel="all" infotype="General" --> <h2><a name="HTMDB25957" id="HTMDB25957"></a>DAD Credentials <a id="sthref1995" name="sthref1995"></a>Verification</h2> <p>Database Access Descriptor (DAD) database authentication uses the Oracle database native authentication and user mechanisms to authenticate users using a basic authentication scheme. This authentication scheme gets the user name from the DAD either as the value stored in the DAD configuration or, if the account information is not stored in the DAD configuration, as the user name captured using the basic authentication challenge.</p> <p>To use DAD credentials verification:</p> <ul> <li> <p>Each application user must have a user account in the Oracle database.</p> </li> <li> <p>You must configure a PL/SQL DAD for basic authentication (without account information).</p> <p>This results in one user name/password challenge for browser session for your application users. The user identity token is then made available in the <code>APP_USER</code> item.</p> </li> </ul> <p>DAD database authentication is useful when you need to implement an authentication method that requires minimal setup for a manageable number of users. Ideally these users would have self-managed accounts in the database and your use of this authentication method would be short lived (for example, during the demonstration or prototyping stages of development).</p> <p>The main drawback of this approach is burdensome account maintenance, especially if users do not administer their own passwords, or if their database accounts exist only to facilitate authentication to your application.</p> <div class="sect4"><!-- infolevel="all" infotype="General" --><a id="sthref1996" name="sthref1996"></a> <h3><a name="HTMDB25958" id="HTMDB25958"></a>Setting Up DAD Credentials Verification</h3> <p>To set up DAD Credentials Verification:</p> <ol> <li> <p>On the Workspace home page, click the <span class="bold">Application Builder</span> icon.</p> </li> <li> <p>Select an application.</p> </li> <li> <p>On the Application home page, click <span class="bold">Shared Components</span>.</p> <p>The Shared Components page appears.</p> </li> <li> <p>Under Security, select <span class="bold">Authentication Schemes</span>.</p> </li> <li> <p>On the Authentication Schemes page, click <span class="bold">Create</span>.</p> </li> <li> <p>Select <span class="bold">Based on a pre-configured scheme from the gallery</span>.</p> </li> <li> <p>From Gallery, select <span class="bold">No Authentication (using DAD)</span>.</p> </li> <li> <p>Enter a name and click <span class="bold">Create Scheme</span>.</p> </li> </ol> </div> <!-- class="sect4" --></div> <!-- class="sect3" --> <a id="BABDBHJB" name="BABDBHJB"></a> <div class="sect3"><!-- infolevel="all" infotype="General" --> <h2><a name="HTMDB25959" id="HTMDB25959"></a>Single Sign-On Server <a id="sthref1997" name="sthref1997"></a>Verification</h2> <p>Oracle Application Server Single Sign-On verification delegates authentication to the Oracle AS Single Sign-On (SSO) Server. To use this authentication scheme, your site must have been registered as a partner application with the SSO server.</p> <p>Oracle Application Express applications can operate as partner applications with Oracle Application Server's Single Sign-On (SSO) infrastructure. To accomplish this, you must register your application (or register the Application Express engine) as the partner application. To do so, follow the Oracle Application Server instructions for registering partner applications and install the Oracle 9iAS SSO Software Developer Kit (SDK).</p> <p>If you choose this approach, your application will not use an integrated login page. Instead, when a user accesses your application in a new browser session, the Application Express engine redirects to the Single Sign-On login page. After the user is authentication by SSO, the SSO components redirect back to your application, passing the user identity and other information to the Application Express engine. The user can then continue to use the application until they log off, terminate their browser session, or until some other session-terminating event occurs.</p> <div class="sect4"><!-- infolevel="all" infotype="General" --><a id="sthref1998" name="sthref1998"></a> <h3><a name="HTMDB25960" id="HTMDB25960"></a>Setting Up Oracle Application Server Single Sign-On</h3> <p>To set up Oracle Application Server Single Sign-On:</p> <ol> <li> <p>On the Workspace home page, click the <span class="bold">Application Builder</span> icon.</p> </li> <li> <p>Select an application.</p> </li> <li> <p>On the Application home page, click <span class="bold">Shared Components</span>.</p> <p>The Shared Components page appears.</p> </li> <li> <p>Under Security, select <span class="bold">Authentication Schemes</span>.</p> </li> <li> <p>On the Authentication Schemes page, click <span class="bold">Create</span>.</p> </li> <li> <p>Select <span class="bold">Based on a pre-configured scheme from the gallery</span>.</p> </li> <li> <p>From Gallery, select one of the following:</p> <ul> <li> <p><span class="bold"><a id="sthref1999" name="sthref1999"></a>Oracle Application Server Single Sign-On</span> <span class="bold">(Application Express engine as Partner App)</span> delegates authentication to the Oracle AS Single Sign-On (SSO) Server. To use this authentication scheme, your site must have been registered as a partner application with the SSO server.</p> </li> <li> <p><span class="bold"><a id="sthref2000" name="sthref2000"></a><a id="sthref2001" name="sthref2001"></a>Oracle Application Server Single Sign-On</span> <span class="bold">(My application as Partner App)</span> delegates authentication to the SSO server. Requires that you register an application with SSO as a partner application.</p> </li> </ul> </li> <li> <p>Enter a name and click <span class="bold">Create Scheme</span>.</p> </li> </ol> </div> <!-- class="sect4" --></div> <!-- class="sect3" --></div> <!-- class="sect2" --> <!-- Start Footer --> <div class="footer"> <table class="simple oac_no_warn" summary="" cellspacing="0" cellpadding="0" width="100%"> <col width="86%" /> <col width="*" /> <tr> <td align="left"><span class="copyrightlogo">Copyright © 2003, 2009, Oracle and/or its affiliates. All rights reserved.</span><br /> <a href="dcommon/html/cpyr.htm"><span class="copyrightlogo">Legal Notices</span></a></td> <td align="center"><a href="sec_auth_create.htm"><img src="dcommon/gifs/leftnav.gif" alt="Previous" /><br /> <span class="icon">Previous</span></a> </td> <td align="center"><a href="sec_auth_scratch.htm"><img src="dcommon/gifs/rightnav.gif" alt="Next" /><br /> <span class="icon">Next</span></a></td> </tr> </table> </div> <!-- class="footer" --> </body> </html>
Ms-Dos/Windows
Unix
Write backup
jsp File Browser version 1.2 by
www.vonloesch.de