Thursday, March 6, 2025

Integrate Oracle APEX with OCI Identity and Access Management

Integrate Oracle APEX with OCI Identity and Access Management

Configure APEX with OCI Identity and Access Management. Here are simple steps.
First I will create a demo application i.e. Sales App in APEX and then will configure the IAM to integrated with APEX.

I am dividing this in two parts.
Part 1: Create application in APEX
Part 2: Integrate Oracle APEX with OCI IAM.

Part 1: Create application in APEX

1) Login to your APEX Application
2) Click on App Builder -> Click on create button.


3) Select option "Create App From a File".

4) Click on "Copy and Paste" tab. Then click on drop down button and select "Sales" application

5) Provide appropriate table name. I have given "SALESTB" in my example. And click on "Load Data" button below the screen.

6) It will load data. Once data loading completed click on "Create Application" button given below the screen.

7) Provide name of you application i.e. "SalesApp". Select Apperance style.

8) Select all the features of the application and click "Create Application" button.


Application creation will be done in 1-2 miniutes.

Once it is completed, you will see the screen as below.


Part 2: Integrate Oracle APEX with OCI IAM.

Once you install/create application in APEX. Now it's time to configure OCI IAM.

1) Navigate to "Identity & Security" -> Under Identity click on "Domains"




2) Here you will see the default domain created for you while you had provisioned the OCI Tenancy.
Click on "Default" domain.


3) Click on "Integrated Applications" and then -> "Add Application" button.


4) Select "Confidential Application" and click "Launch workflow" button. 

5) Provide appropriate application name. Here in my example it is "ApexSalesApp". 
Do not modify any other values and click "Next"


6) Skip the server configuration. For Client configuration click on "Configure this application as a client now" radio button.
Select the "Authorization code" check box and click "Next".


7) Provide Redirect URL and Post-logout redirect URL.

    Here is the syntax of the URLs.
    Redirect URL: https://<myadb>.eu-frankfurt-1.oraclecloudapps.com/ords/apex_authentication.callback
Post-logout redirect URL (optional): https://<myadb>.adb.eu-frankfurt-1.oraclecloudapps.com/ords/home

    In my case Redirect URL is
    https://geb397a43cf343c-cbtapexprod.adb.ap-mumbai-        1.oraclecloudapps.com/ords/apex_authentication.callback

    Post-logout redirect URL is https://geb397a43cf343c-cbtapexprod.adb.ap-mumbai-    1.oraclecloudapps.com/ords/r/cbtapex/salesapp/home



8) We will not configure web tier policy so select "Skip and do later".
    Click on "Finish" button below the screen.


9) After finishing this, you will see the "ApexSalesApp" detail page as below. Application is in INACTIVE state.



10) Click on "Edit application" button.

    Below the edit page, under "Authentication and authorization" click check box of "Enforce Grants as     Authorization" and then Save Changes button.


11) Now click on the "Activate" button 

    Click on Activate application button on confirmation screen

    In no time the application will be activated.

12) Please do note down the Client ID and Secrete code somewhere in your notepad or copy directly from this screen. This will be used to configure the credentials in APEX.


13) Now, come back to the APEX application i.e. "SalesApp", Navigate to "Shared Components"

14) Right hand side below, you will see the "Credential" link, click on that link.


15) Click on "Create" button


16) Now Provide below infomation,
    Name - OCI IAM Sales App Credentials
    Static ID - OCI_IAM_Sales_App_Credentials
    Authentication Type - Basic Authentication
    Client ID or Username- This is the same we collected in previous step of OCI IAM of Client ID.
    Client Secret or Password - This is the same we collected in previous step of OCI IAM of Client Secret.
    Verify Client Secret or Password - This is the same we collected in previous step of OCI IAM of     Client Secret.

    Click Create button to create the credentials.

    You can see the credentials are created.

17) Now go back to the OCI IAM - > ApexSalesApp details page.
      Click on the Users -> Add Users -> select the available Users from the list to whom you want to               grant access to the APEX application. Clicl Assign button.


    In my example I have given access to one user only.


18) Now, Go back to your APEX application -> Shared Components -> Under Security click on "Authentication Schemes"


19) Click on "Create" button to create new schemes.

20) Keep the default option (Based on a pre-configured scheme for the gallery) and click Next

21) Provide below parameter as shown in screenshot.

    Name - OCI IAM SalesApp Auth Scheme
    Scheme Type - Social Sign-In
    Credential Store - OCI IAM Sales App Credentials  -> This we created previously in create cedential     steps. Choose it from the drop down menu.
    Authentication Provider - OpenID Connect Provider
    Discovery URL - https://idcs-a947aa0b126a47fd84b34cc647be6e03.identity.oraclecloud.com:443/.well-known/openid-configuration/
    Scope - profile,email,groups
    Username - #sub# 
    Additional User Attributes - groups

    Click on "Create Authentication Scheme" button.


    Here discovery URL is nothing but your domain URL just append /.well-known/openid-configuration/     at the end of your domain URL.

    Where do you find the domain URL? 
    Go to the Domain - Overview section and you will find the domain URL as shown in below             screenshot.
 


22) Now "OCI IAM SalesApp Auth Scheme" is created. Click on the "OCI IAM SalesApp Auth Scheme" link to edit it.

    Click on "Post-Logout URL" and provide the Logout URL 
    The Post-Logout URL is in the form             https://<host_name>/ords/r/<alias_schema_name>/<app_name>/home and it is the IDCS (now IAM)         URL redirect after logging out (it is optional, however recommended).

    In my case https://geb397a43cf343c-cbtapexprod.adb.ap-mumbai-            1.oraclecloudapps.com/ords/r/cbtapex/salesapp/home is my logout URL which redirect to home page of     my application.

    Click on "Apply Changes" button.


23) Now Click again on the "OCI IAM SalesApp Auth Scheme" link to edit it.
      Make this Scheme as current scheme by clicking "Make Current Scheme" button.

    Click OK.

    Now you can see, "OCI IAM SalesApp Auth Scheme" is the current scheme for this application.

24) Now, go back to the Shared Component -> Under Security -> Click on "Security Attributes"


25) Provide input as follow,
    Under Authentication, 
        Authentication Scheme - OCI IAM SalesApp Auth Scheme

    Under Authorization
        Authorization Scheme - No application authorization required -
        Source for Role or Group Schemes - Custom Code

    Click "Apply Changes" button

    Now Final steps to Run the application and Test if it is working or not.
    Click Run Application button.

You will redirect to OCI Cloud Account form: insert your username and password (in my case is Oracle SSO):

    
    The Integrated Application access page shows up: on this page click Allow


    And you are Logged-In...


Thanks & Regards,
Chandan Tanwani






Posted by No comments:
Labels: , ,
Subscribe to: Posts (Atom)