I've managed to set up microsoft authentication on my Oracle APEX application via Social Sign in. I want to be able to pull profile information such as name,preferred_name,etc which are OpenID claims and display them on my application. I am assuming you would set it in the "Additional User Attributes" in the authentication scheme on the application however I am not sure how it works as everytime I try to set it I'm unable to connect to the application
Thanks in advance!
Please read this blog to set up Microsoft authentication:
https://fuzziebrain.com/content/id/1908/
Go under 'Shared Components' for your app, then 'Authentication Scheme', choose your scheme.
In the PL/SQL code textarea, write a procedure, which assigns values to Apex variables, such as:
:app_user := apex_json.get_varchar2('upn');
That is in case your claim has a upn for the user name...
Remember to call the procedure by adding the name in the 'Post-Authentication Procedure Name' box.
Related
I have a problem in sharepoint designer 2013, when I want to use the “send email” action, in select user window. I have two entries for one user! One in this format: “DomainName\Username”, and one of in this format: “i: 0#.w|DomainName\username”.
Only when I select the second format, send email works correctly! Why does this happen?
When you have a pure SharePoint login functionality, your environment uses "Domain/ User name" format to login in to your system.
When you integrate any third party login i.e configure FBA, SharePoint changes the format of AD users to "i: 0#.w|DomainName\username". Even if you remove your FBA, your login users has same identity further.
"i: 0 #." is used to identify the type of claim you have set up in your environment. You can get more information here.
In Adam Saxton's youtube video, he mentioned that global admin right is needed to register an App for embedding powerBI report to custom web application via REST APIs.
https://www.youtube.com/watch?v=egP0GHSOUIM&t=221s.
I tried to use the provided URL: https://dev.powerbi.com/apps, I found I can register a web app, and I can get client id and client secret.
But when I check the permission for powerbi in azure portal, I found at the top right, there is check box for application permissions not checked, also it says it requires admin. Do I really need to have global admin to make the integration work?
Thanks,
Jack
I guess global admin is not required,I made it work with C# sample codes.
I have user in wso2 Identity server , say "abcd" (In Primary domain), configured LDAP domain Also. but there is no user with "abcd" as Id.
when I try to login for Wso2 IS management console Initially it will show as Signed-in as:abcd#carbon.super , but after some time it is showing as Signed-in as: LDAP/abcd#carbon.super.
Mostly we saw when we try it from more than one console with same user name.
why this error?, any known bug or feature?, I'm using wso2 IS 4.5.
Actually we are not aware about such issue. Thanks for letting people know about this. Did you experience any issues with the functionalities? Or this is just only show in the UI... AFAIK, this Domain name append to user name, user session contains an some attribute called "DoomainName". I guess, some how this value may have been set in to the session.
I added a new user attribute to my LDAP schema, and configured user-mgt.xml to support the new custom ObjectClass.
Then I used the Claim Management UI, and managed to succesfully set the new attribute to be displayed and Supported by default.
Now it all works: I checked that the new claim is correctly setup in the registry db, and whenever I edit a user profile I can view and edit the new custom attribute.
The question is: Can I set this straight up from some xml configuration file?
My problem is that even I edit claim-config.xml and change the parameters to the corresponding claim in the http://wso2.org/claims dialect to be Supported, and give it a DisplayOrder, it has no effect.
I would like not to depend much on the GUI and registry status, but rather rely on configuration files.
Thanks
You can not edit claim-config.xml file add new claims, if the server has been started once. Only 1st startup, it would populate all claims in to the database (you can delete the database and edit the file and start, then also it would populate). Then you can only edit or add them through management console UI. However, if you know about Identity Server, all these UI functions have been exposed via web service API. If you does not like UI, you can do it using automating web service call... Basically SOAPUI can be used for this purpose.
We created 5 applications based on same schema and all in one workspace now. Actually, initially they were created on different machines. now, we have to authenticate users from AD and depending on user type, have to allow or deny some modules. i have created one pager application which have 5 buttons and can control rendering of buttons according to user logged in but...the problem is, inside the applications, i have restrictions on some reports for some users...now one way was to do that is to create a log in for every application separately and thus every application would exactly know who is logged in. but that would be impractical as we need single-sign-on kind of functionality.
please let me know how to have a single log in page work for all application inside the apex workspace so that every application would know name of the user currently logged in.
for the 5 applications, i actually use No_Authentication authentication scheme. and i use following function initially for my one pager application to render the buttons to user or deny
create or replace function getUserName return varchar2
is
userName varchar2(20);
c owa_cookie.cookie;
begin
c := owa_cookie.get('LOGIN_USERNAME_COOKIE');
userName := c.vals(1);
return trim(userName);
end;
but i cannot user this function obviously in my 5 actual applications.
help is requested please.
bundle of thanks in advance.
Check my answer here on sharing sessions: apex button to call a page in another application
What you need to do further: give each application an authentication scheme. Your non-authenticated applications need authentication too, you could copy the scheme from your main app and subscribe them to the main one, so any changes on the main would be reflected on the subscribed.
Most important: same cookie name in the auth scheme, and pass on the session when you link between applications.
If you want to redirect to your main app for each login that has to be performed, you need to add an application process to the login pages of your 'sub'-apps.
Put this in an On Load - Before Header:
htp.init();
owa_util.redirect_url('f?p=main_app:101'); --redirects
apex_application.g_unrecoverable_error := true; --stops processing
This will redirect to the login page of your main application when a user would land on a login page of your sub-applications.
You can also change the logout url of the authentication scheme. You can refer to your main page app for example.
Then you can use :APP_USER in your applications and skip the cookie method, they're the same.