Use a Procedure to Configure Authentication at Runtime in Oracle APEX

Introduction
In Oracle APEX, there may be scenarios where you want to dynamically configure authentication schemes at runtime. Using a PL/SQL procedure to set the authentication scheme allows for flexible control based on specific conditions, such as user roles, environment, or custom logic. This technique enables applications to adapt authentication behavior without manual changes in the builder, improving maintainability and responsiveness.

How to Use a Procedure to Configure Authentication at Runtime in Oracle APEX

1. Understand the Use Case
   Configuring authentication at runtime is useful when you want different authentication schemes to apply dynamically—for example, switching between LDAP and social login depending on the user or environment.

2. Create a PL/SQL Procedure
   Write a procedure that sets the authentication scheme by calling the APEX API APEX_AUTHENTICATION.SET_AUTHENTICATION_SCHEME with the scheme ID you want to activate. For example:

   BEGIN
     IF some_condition THEN
       APEX_AUTHENTICATION.SET_AUTHENTICATION_SCHEME(p_scheme_id => 12345);
     ELSE
       APEX_AUTHENTICATION.SET_AUTHENTICATION_SCHEME(p_scheme_id => 67890);
     END IF;
   END;
   

   Replace 12345 and 67890 with the actual scheme IDs from your application.

3. Determine When to Call the Procedure
   You can call this procedure early in the application lifecycle, such as in a Before Header process on the login page or through an application-level initialization process.

4. Retrieve Scheme IDs
   You can find authentication scheme IDs in the database or via the Application Builder by inspecting the scheme properties or querying the APEX_APPLICATION_AUTHENTICATION view.

5. Deploy and Test
   After creating the procedure and integrating it into your application flow, test the login process thoroughly to confirm the correct scheme is selected based on your logic.

In Oracle APEX, you can dynamically configure authentication at runtime by specifying a PL/SQL procedure on the Security Attributes page. This allows you to control authentication behavior dynamically, such as switching authentication schemes based on conditions, user roles, or application settings.

Steps to Configure Authentication at Runtime

1. Navigate to the Security Attributes Page

• Log in to Oracle APEX.

• Open App Builder and select the application you want to configure.

• Click Shared Components > Security Attributes.

2. Specify a PL/SQL Procedure for Runtime Authentication

• Locate the Authentication section.

• In the Authentication Procedure Name field, enter the name of a PL/SQL procedure that will determine the authentication behavior.

3. Create the Authentication Procedure in PL/SQL

Define a PL/SQL procedure in your database schema that dynamically configures authentication. The procedure should set the authentication scheme based on conditions like the application ID, session attributes, or other logic.

CREATE OR REPLACE PROCEDURE set_authentication AS

  v_auth_scheme VARCHAR2(255);

BEGIN

  -- Example: Switch authentication based on the application ID

  IF :APP_ID = 100 THEN 

    v_auth_scheme := 'APEX_ACCOUNTS';  -- Use APEX authentication

  ELSE

    v_auth_scheme := 'LDAP_AUTH';  -- Use LDAP authentication

  END IF;

  -- Set the authentication scheme for the session

  APEX_UTIL.SET_AUTHENTICATION_SCHEME(v_auth_scheme);

END set_authentication;

/

This procedure selects an authentication scheme based on the application ID and sets it for the session.

4. Apply the Authentication Procedure

• Save the Security Attributes page.

• The authentication will now be dynamically determined based on the procedure at runtime.

5. Test the Configuration

• Run the application and verify that authentication behavior changes dynamically based on the defined procedure.

Use Cases for Runtime Authentication Configuration

• Switching authentication methods based on user roles or groups.

• Enforcing different authentication schemes for different applications.

• Enabling or disabling authentication dynamically based on security policies.

By using a PL/SQL procedure for authentication at runtime, Oracle APEX provides flexibility in managing authentication schemes dynamically, ensuring enhanced security and adaptability.

Best Practices

• Keep the logic simple and performant to avoid slowing down the login process.

• Avoid exposing sensitive information in your PL/SQL code.

• Maintain clear documentation of your dynamic authentication logic for future maintenance.

• Test different scenarios to ensure the correct scheme is selected every time.

• Use this technique only when static authentication schemes do not meet your requirements.

Oracle APEX Documentation
For additional guidance, see the official documentation on dynamic authentication configuration:
https://docs.oracle.com/en/database/oracle/apex/23.2/aeapi/APEX_AUTHENTICATION.html#GUID-5A3B0661-7C4C-4C41-B0A5-C89B06D83D3D

Conclusion
Using a PL/SQL procedure to configure authentication schemes at runtime in Oracle APEX gives you powerful flexibility to adapt user login methods dynamically. This approach supports complex business requirements and multi-environment setups. By carefully designing and testing your procedure, you can deliver a seamless and secure authentication experience tailored to your application's needs.