LDAP Configuration for Single sign-on in Oracle APEX

on
Follow the steps for LDAP Single sign-on in APEX.
Before you start working with APEX run the below Query blocks into your database.
Make sure the hostname, username and password data input are correct.

DECLARE
l_ldap_host VARCHAR2(100) := 'YOUR HOST URL';
l_ldap_port NUMBER := 389;
l_ldap_user VARCHAR2(100) := 'cn=NAME,ou=department_ABC,dc=example,dc=org';
l_ldap_passwd VARCHAR2(100) := 'welcome123';
l_session RAW(32);
l_retval NUMBER;
BEGIN
l_session := dbms_ldap.init(hostname => l_ldap_host, portnum => l_ldap_port);
BEGIN
l_retval := dbms_ldap.simple_bind_s(ld => l_session, dn => l_ldap_user, passwd => l_ldap_passwd);
dbms_output.put_line('Bind successful');
EXCEPTION WHEN OTHERS THEN
dbms_output.put_line('Bind failed: ' || sqlerrm);
END;
end;
/
Create the necessary ACL to authenticate the LDAP setup.
[oracle@apexdev ~]$ sqlplus / as sysdba
SQL> alter session set container=orclpdb;
Session altered.
SQL> begin
dbms_network_acl_admin.create_acl (
acl => 'ldap', -- or any other name
description => 'ldap host',
principal => 'YOUR WORKSPACE NAME',
is_grant => TRUE,
privilege => 'connect',
start_date => null,
end_date => null
);
end;
/
PL/SQL procedure successfully completed.
Assign ACL to the LDAP Host.
SQL> BEGIN
dbms_network_acl_admin.assign_acl (
acl => 'ldap',
host => 'YOUR HOST URL',
lower_port => 389
);
END;
/
PL/SQL procedure successfully completed.
Add Privilege to the ACL.
SQL> begin
DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(acl => 'ldap',
principal => 'YOUR WORKSPACE NAME',
is_grant => true,
privilege => 'connect');
end;
/
PL/SQL procedure successfully completed.
SQL> begin
DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(acl => 'ldap',
principal => 'PUBLIC', -- the user name trying to access the network resource
is_grant => true,
privilege => 'connect');
end;
/
PL/SQL procedure successfully completed.
Query the acl table and check the ACL is created.



After Completing above steps you can start with APEX Setup. Step 1: Login to the Oracle APEX Application.
Step 2: Navigate to App Builder -> My Application -> Shared Components -> Authentication Schemes.
Step 3: Click on the Create button.
Step 4: In the Create Authentication Scheme, Select the option “Based on a pre-configured scheme from the gallery” and click on Next.
Step 5: Enter the below details and click on Test LDAP Login.
Name: Open_LDAP
Scheme Type: LDAP_Directory
Host: Your HostName
Port: Your Port
Use SSL: No SSL
Distinguished Name (DN) String(Value Required): Pass Your DN String


Step 6: Navigate to App Builder -> My Application
Click on “Edit Application Definition” Security -> Authorization
and Set the Authorization Scheme to “-No application authorization required-“

Step 7: Now try to login with your LDAP username and password.

Comments

Post a Comment