OIDC/Oauth2 in Apex, with wallet for felf sign cert
Creating wallet for APEX with oracle client orapki
You need to do it only if your sso server have self-signed certificate.
Get your certs.
openssl s_client -connect sso-rho-sso-corpo-test.apps.playcloud-test.p4.int:443 -showcerts
You need full installation of oracle client to do this, instant client is not sufficent.
You can also use database instance if you have access.
cd C:\oracle\product\12.2.0\client_1\bin
set JAVA_HOME="c:\Program Files\java\jdk1.8.0_202"
orapki wallet create -wallet c:\temp\sso.wallet -auto_login
orapki wallet add -wallet c:\temp\sso.wallet -trusted_cert -cert c:\temp\sso.wallet\crt2.crt
orapki wallet add -wallet c:\temp\sso.wallet -trusted_cert -cert c:\temp\sso.wallet\crt1.crt
Now copy whole folder wallet.sso to location on oracle DB server and change it access rights to DB, for example chmod -R oracle:oracle wallet.sso
Next go to instance asmin console Manage Instance -> Instance Settings, there is section Wallet.
Because we used -auto_login option uppon creation, you do not need to put any password, just mark Auto-login Wallet.
Configure oracle APEX application for oidc/oauth2.
OIDC
We are assuming that you are using keycloak and your client_id is already configured there.
You need at least point your domain.
Go to your application in apex next Shared Components and Authentication Schemes.
- Create authentication schema with your favorite name, adding
Scheme Type->Social Sign-In. - In
Settingschose:Credential Store->ss0Authentication Provider->OpenID Connect ProviderDiscovery URL->https://<keycloak_frontend_url>/auth/realms/<your_realm>/.well-known/openid-configurationScope->openidUsername-> attribute identifing yourUsernameConvert Username To Upper Case-> Suggested isYesAdditional User Attributes-> for exampleemail,profile,picture,preferred_username,sub,user_position,first_name,last_nameMap Additional User Attributes To->G_EMAIL,G_PROFILE,G_PICTURE,G_DOMAIN_LOGIN,G_SUB,G_USER_POSITION,G_FIRST_NAME,G_LAST_NAME
- In
Session Not Validchose:GoTo->Login page
- In
Post-Logout URLset:Go To->URLURL->https://<keycloak_backend_url>/auth/realms/ssopm/protocol/openid-connect/logout
Now it is done