Hello there, My two cents: we have ORDS 20 over tomcat 9.0.41 authenticating against keycloak IdP, however using SAML [1]. In tomcat we have the keycloak connector [2] and for the APEX integration I developed a simple valve [3] that injects a header with the username. This header is used by the APEX application for authenticating the user. A new Authentication Scheme based on that header is needed.
Hope it helps, Luis ps: thanks for the blog entry Peter, I was not aware that APEX 21.1 comes with an OpenIDConnect authentication scheme, very nice stuff! [1] https://www.keycloak.org/ [2] https://www.keycloak.org/docs/latest/securing_apps/index.html#_saml-tomcat-adapter [3] https://github.com/cerndb/tomcat-sso-integration-components/blob/master/cern-tomcat-authentication-kit/src/main/java/ch/cern/sso/tomcat/valves/SsoHeadersValve.java El vie, 25 mar 2022 a las 16:08, rupali singh (<rupali.r.si...@gmail.com>) escribió: > hi team, > > the reason im asking is we have document for apex and idcs integration > > https://www.ateam-oracle.com/post/integrating-sso-between-apex-cloud-and-identity-cloud-service-the-easy-way > > i did all the setup as per document but now the issue is apex is not > redirecting to idcs url and giving below error.when we are trying to access > the application URL. > In tomcat logs there is no trace of IDCS discover URL and oracle denying > from support coz we are using tomcat which is not supported by oracle. > > Hence trying to understand if there is anything we need on tomcat and why > apex is not redirecting to idcs url > we are not using any proxy for tomcat > > apex error : > > [image: image.png] > > On Fri, 25 Mar 2022 at 18:42, Peter Chiu <pc8...@gmail.com> wrote: > >> Hi Chris, >> >> To implement APEX SSO, that requires NO change to tomcat. That is why I >> tried not to post here. >> >> Here is the blog for starters. https://fuzziebrain.com/content/id/1908/ >> >> If tomcat is behind a proxy (apache or nginx), we might need to change a >> setting in server.xml to return the real hostname. >> >> Hope this helps. >> >> On Fri, Mar 25, 2022 at 8:54 AM Christopher Schultz < >> ch...@christopherschultz.net> wrote: >> >> > Peter, >> > >> > On 3/24/22 14:54, Peter Chiu wrote: >> > > I will email you directly. For the group knowledge, there is nothing >> > > special you need to do on Tomcat if it is not behind a proxy. >> > >> > Please post to the mailing list. It's not at all clear to me how you'd >> > get Oracle APEX to deliver authentication information to Tomcat. >> > >> > Presumably, that's what Rupali is trying to accomplish and it would be >> > helpful for the whole community to post back. >> > >> > -chris >> > >> > > On Thu, Mar 24, 2022 at 1:51 PM rupali singh < >> rupali.r.si...@gmail.com> >> > > wrote: >> > > >> > >> Hi Peter, >> > >> >> > >> Are u using apache web server with tomcat or its only tomcat . >> > >> if possible can you please share steps for azure AD with me on >> > >> rupali.r.si...@gmail.com >> > >> >> > >> >> > >> >> > >> On Thu, 24 Mar 2022 at 21:21, Peter Chiu <pc8...@gmail.com> wrote: >> > >> >> > >>> I have a working APEX SSO against Azure AD or On-Permise AD. >> > >>> >> > >>> On Thu, Mar 24, 2022 at 1:13 PM rupali singh < >> rupali.r.si...@gmail.com >> > > >> > >>> wrote: >> > >>> >> > >>>> HI Team, >> > >>>> >> > >>>> We are using apex 21.1 with tomcat 9.54. >> > >>>> we want to implement SSO for application deployed in Apex with >> IDCS >> > >>>> reference URL : >> > >>>> >> > >>>> >> > >>> >> > >> >> > >> https://www.ateam-oracle.com/post/integrating-apex-with-oracle-identity-cloud-service >> > >>>> >> > >>>> but apex is not at all redirecting to IDCS URL and as per Oracle >> issue >> > >> is >> > >>>> with tomcat . >> > >>>> >> > >>>> anyone successfully implemented APEX SSO( webserver : apache >> tomcat) >> > >>> with >> > >>>> Oracle IDCS >> > >>>> or APEX SSO( webserver : apache tomcat) with Microsoft Azure AD. >> > >>>> can you please assist us with steps. >> > >>>> >> > >>>> -- >> > >>>> Thanks and Regards, >> > >>>> Rupali >> > >>>> >> > >>> >> > >> >> > >> >> > >> -- >> > >> Thanks and Regards, >> > >> Rupali >> > >> >> > > >> > >> > --------------------------------------------------------------------- >> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> > For additional commands, e-mail: users-h...@tomcat.apache.org >> > >> > >> > > > -- > Thanks and Regards, > Rupali > -- "Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better." - Samuel Beckett
