OIDC/Oauth2 in Apex, with wallet for felf sign cert

Creating wallet for APEX with oracle client orapki

**Info** + You need to do it only if your sso server have self-signed certificate. +

Get your certs.

openssl s_client -connect sso-rho-sso-corpo-test.apps.playcloud-test.p4.int:443 -showcerts

You need full installation of oracle client to do this, instant client is not sufficent.
You can also use database instance if you have access.

cd C:\oracle\product\12.2.0\client_1\bin
set JAVA_HOME="c:\Program Files\java\jdk1.8.0_202"
orapki wallet create -wallet c:\temp\sso.wallet -auto_login
orapki wallet add -wallet c:\temp\sso.wallet -trusted_cert -cert c:\temp\sso.wallet\crt2.crt
orapki wallet add -wallet c:\temp\sso.wallet -trusted_cert -cert c:\temp\sso.wallet\crt1.crt

Now copy whole folder wallet.sso to location on oracle DB server and change it access rights to DB, for example chmod -R oracle:oracle wallet.sso

Next go to instance asmin console Manage Instance β†’ Instance Settings, there is section Wallet.
Because we used -auto_login option uppon creation, you do not need to put any password, just mark Auto-login Wallet.

Configure oracle APEX application for oidc/oauth2.

OIDC

**Info** + We are assuming that you are using keycloak and your client_id is already configured there. + You need at least point your domain. +
Go to your application in apex next Shared Components and Authentication Schemes.

  • Create authentication schema with your favorite name, adding Scheme Type β†’`Social Sign-In`.

  • In Settings chose:

    • Credential Store β†’ ss0

    • Authentication Provider β†’ OpenID Connect Provider

    • Discovery URL β†’ https://<keycloak_frontend_url>/auth/realms/<your_realm>/.well-known/openid-configuration

    • Scope β†’ openid

    • Username β†’ attribute identifing your Username

    • Convert Username To Upper Case β†’ Suggested is Yes

    • Additional User Attributes β†’ for example email,profile,picture,preferred_username,sub,user_position,first_name,last_name

    • Map Additional User Attributes To β†’ G_EMAIL,G_PROFILE,G_PICTURE,G_DOMAIN_LOGIN,G_SUB,G_USER_POSITION,G_FIRST_NAME,G_LAST_NAME

  • In Session Not Valid chose:

    • GoTo β†’ Login page

  • In Post-Logout URL set:

Now it is done

28 Oct 25 14:36 UTC
Edit this page