Copy or Subscribe to an Authentication Scheme in Oracle APEX

 Oracle APEX allows you to copy an authentication scheme from another application or within the same application. Additionally, you can subscribe to an authentication scheme, enabling centralized management of authentication settings across multiple applications.

Why Copy or Subscribe to an Authentication Scheme?

• Copying an authentication scheme creates an independent version in your application, which can be modified without affecting the source application.

• Subscribing to an authentication scheme links it to a master authentication scheme, allowing updates from the master to be applied automatically.

Steps to Copy or Subscribe to an Authentication Scheme

1. Navigate to the Authentication Schemes Page

• Log in to your Oracle APEX workspace.

• Open App Builder and select the application you want to modify.

• Click Shared Components from the application menu.

• Under Security, select Authentication Schemes.

2. Copy an Authentication Scheme

• Click Copy Authentication Scheme from the Tasks region.

• Under Copy From Application, select the source application.

• Choose the authentication scheme you want to copy.

• Enter a new Authentication Scheme Name (optional).

• Click Copy Authentication Scheme.

3. Subscribe to an Authentication Scheme

• During the copy process, enable the Subscribe option.

• Select the source application and the authentication scheme to subscribe to.

• Click Copy and Subscribe to establish a subscription.

4. Manage Subscriptions

• If you subscribed to an authentication scheme, updates made to the master scheme can be applied to all subscribed applications.

• You can refresh the authentication scheme from the master or unsubscribe if you want to manage it independently.

5. Test Authentication

• Run the application and verify that the authentication scheme is working correctly.

• If issues occur, review authentication settings, credentials, and integration configurations.

By copying or subscribing to an authentication scheme, Oracle APEX developers can streamline authentication management across multiple applications, ensuring consistency and reducing administrative overhead.

Change the Authentication Scheme Associated with an Application in Oracle APEX

 Oracle APEX allows you to change the authentication scheme of an application to switch between different authentication methods. This is useful when updating security policies, integrating with external identity providers, or testing different authentication approaches.

Steps to Change the Authentication Scheme

1. Navigate to the Authentication Schemes Page

• Log in to your Oracle APEX workspace.

• Open App Builder and select the application you want to modify.

• Click Shared Components from the application menu.

• Under Security, select Authentication Schemes.

2. Select a Different Authentication Scheme

• The Authentication Schemes page displays all available authentication schemes for the application.

• Locate the authentication scheme you want to set as the new default.

• Click on the scheme name to open its Edit Authentication Scheme page.

3. Make the Authentication Scheme Current

• Click the Make Current button to activate the selected authentication scheme for the application.

• This will replace the previously active authentication scheme.

4. Verify Authentication Settings

• Ensure that the newly selected authentication scheme is configured correctly.

• If using a custom authentication scheme, verify the PL/SQL function for user validation.

• If integrating with external providers (e.g., LDAP, SAML, Social Sign-In), ensure the necessary credentials and API settings are correctly configured.

5. Test the New Authentication Scheme

• Run the application and attempt to log in with valid credentials to confirm authentication is working as expected.

• If issues arise, review the authentication scheme settings or check error logs for troubleshooting.

By changing the authentication scheme in Oracle APEX, you can adapt your application to new authentication methods, enhance security, or integrate with enterprise identity providers.

Configure an Existing Authentication Scheme in Oracle APEX

 After creating an authentication scheme in Oracle APEX, you may need to modify its settings to adjust authentication behavior, session management, and custom logic. You can configure various settings and program hooks to customize the login and logout processes.

Steps to Configure an Existing Authentication Scheme

1. Access the Authentication Scheme

• Log in to your Oracle APEX workspace.

• Click on App Builder and select the application you want to modify.

• Click on Shared Components in the application menu.

• Under Security, click Authentication Schemes to view all available authentication schemes.

2. Select an Authentication Scheme

• Locate the authentication scheme you want to modify.

• Click on its name to open the Edit Authentication Scheme page.

3. Modify Authentication Settings

• Scheme Name: Update the name of the authentication scheme if needed.

• Scheme Type: The authentication type cannot be changed directly. If you need a different authentication type, create a new scheme.

• Authentication Function Name (for Custom Authentication): Modify the PL/SQL function that validates user credentials.

4. Configure Session Management

• Session Timeout: Set the timeout duration for user sessions.

• Session Timeout URL: Define a URL where users will be redirected after session timeout.

• Rejoin Sessions: Enable or disable users from automatically rejoining an existing session.

5. Set Up Program Hooks

• Post-Authentication Procedure: Define a PL/SQL procedure that runs after successful authentication (e.g., logging login attempts, setting user roles).

• Post-Logout Procedure: Specify a procedure that executes when a user logs out (e.g., clearing session variables, redirecting to a different page).

6. Control Public Access

• Run on Public Pages: Choose whether authentication should be enforced on public pages.

• If set to On, authentication will be checked even on pages marked as public.

7. Apply and Test Changes

• Click Apply Changes to save the modifications.

• Run the application and test the authentication process to ensure the changes work correctly.

By configuring an existing authentication scheme, you can fine-tune access control, session handling, and authentication logic to meet your application's security requirements.

Creating an Authentication Scheme in Oracle APEX

 In Oracle APEX, an Authentication Scheme defines how users log in and how their identities are verified. By creating a custom or alternate authentication scheme, you can connect your APEX app to various identity providers like APEX accounts, LDAP, Social Sign-In, or use a completely custom method (such as a PL/SQL function or REST-based service). Below is a detailed step-by-step guide on how to create an Authentication Scheme in Oracle APEX.

How to Create an Authentication Scheme in Oracle APEX

Step 1: Log in to Oracle APEX

• Open your web browser and navigate to your APEX workspace.

• Enter your Workspace, Username, and Password, then click Sign In.

Step 2: Open the Application

• From the APEX home page, click App Builder.

• Select the application you want to add or modify the authentication scheme for.

Step 3: Navigate to Shared Components

• Inside the application dashboard, click Shared Components in the side or top navigation bar.

• Under the Security section, click Authentication Schemes.

Step 4: Create a New Authentication Scheme

• Click the Create button on the Authentication Schemes page.

• You’ll be guided through a wizard with the following options:

Step 5: Choose a Scheme Type

You will see a list of available scheme types. Choose one based on your needs:

• APEX Accounts: Uses APEX workspace users (default development login).

• Database Account: Authenticates using Oracle database user credentials.

• LDAP Directory: Connects to corporate directory services like Active Directory.

• Social Sign-In: Allows login via Google, Facebook, or other OAuth2 providers.

• Custom: Uses your own PL/SQL function to validate users.

• Oracle Cloud Identity: Uses Oracle Cloud Identity Services.

• HTTP Header Variable: For reverse proxy SSO environments.

Click Next after selecting your preferred scheme.

Step 6: Configure Scheme Attributes

Depending on the type selected, you will be prompted to configure additional settings. Examples:

A. For APEX Accounts:

• No additional configuration is required.

• You can simply name the scheme and proceed.

B. For LDAP:

• Enter LDAP host, port, base DN, and login attributes.

• Test the connection using a sample user.

C. For Custom (PL/SQL Function Returning Boolean):

• Enter the name of your custom PL/SQL function that returns TRUE if the username/password is valid.

• Example function:

  RETURN my_auth_pkg.authenticate(p_username => :USERNAME, p_password => :PASSWORD);
  

D. For Social Sign-In (OAuth2):

• Choose provider (e.g., Google, Facebook).

• Provide Client ID and Secret.

• Define Redirect URI and Scope.

Step 7: Configure Post-Authentication Behavior

On this page, set:

• Post-Authentication Procedure (optional PL/SQL block executed after login)

• Session Timeout settings

• Logout URL (if you want to redirect users on logout)

Step 8: Review and Create

• Review all settings on the final screen.

• Click Create Authentication Scheme.

Step 9: Make it Current

After creation, you'll return to the Authentication Schemes list.

• Locate your new scheme and click Make Current to activate it.

• Only one scheme can be active at a time, but multiple can be defined.

Step 10: Test the Login

• Run your application.

• You should see the new login behavior depending on the scheme used.

• If needed, update authorization and session handling based on :APP_USER.

Additional Notes

• You can clone and customize an existing scheme.

• You can export/import schemes between applications.

• For enhanced security, always use HTTPS and avoid exposing sensitive login logic directly.

In Oracle APEX, an authentication scheme controls how users log in to an application. To associate an authentication scheme with an application, you must create one in the Shared Components section.

Steps to Create an Authentication Scheme

1. Open the App Builder

• Log in to your Oracle APEX workspace.

• Click on App Builder to view your applications.

2. Select an Application

• Click on the application where you want to set up authentication.

• This will take you to the application's home page.

3. Navigate to Authentication Schemes

• Click on Shared Components under the application menu.

• Under the Security section, select Authentication Schemes.

4. Create a New Authentication Scheme

• Click Create to add a new authentication scheme.

• Choose one of the predefined authentication schemes or create a custom one.

5. Select the Authentication Type

• Oracle APEX offers several authentication methods, including: 

• APEX Accounts – Uses Oracle APEX workspace credentials.

• Database Accounts – Uses database schema user credentials.

• LDAP Directory – Connects to an LDAP authentication server.

• Social Sign-In – Supports authentication via Google, Facebook, or other OpenID Connect/OAuth2 providers.

• Custom Authentication – Allows you to define your own authentication logic using PL/SQL.

6. Configure Authentication Settings

• Depending on the authentication type selected, provide the necessary credentials, URLs, or connection details.

• If using Custom Authentication, enter the PL/SQL function or process that validates users.

7. Save and Set as Current

• Click Create Authentication Scheme to save it.

• To enable this authentication scheme for the application, click Make Current.

8. Test the Authentication Scheme

• Run your application and attempt to log in to verify that authentication works as expected.

By following these steps, you can successfully create and configure an authentication scheme in Oracle APEX, ensuring secure access to your application.

Creating an authentication scheme in Oracle APEX gives you the flexibility to control how users are identified and verified. Whether you're integrating with enterprise systems like LDAP, enabling Social Sign-In, or building custom logic with PL/SQL, APEX offers a powerful interface to manage user access securely and efficiently. By following the steps above, you can confidently implement the authentication mechanism that best suits your application's needs.