Search code examples
custom-authenticationoracle-apex-18.2

Custom Authentication failed after upgrade to Oracle APEX 18.2

My environment is: Windows 10 XE 18C Apex 18.2 Ords 18.4

I upgraded from Apex 5.1 and my custom authentication no longer works. When I attempt to login to my application 104 on page 101, after I input the Username and Password and press Login I get the following error message:

start l_return = 1 After update.. Set-Cookie:ORA_WWV_APP_104=ORA_WWV-FByLiIYz0y3yltgzZGNtjgdA; HttpOnly X-Content-Type-Options:nosniff X-Xss-Protection:1; mode=block Location:f?p=104:1:12616933237063:::::

I'm not really sure that this message indicates. If I switch the authentication scheme to Application Express Authentication, the user authenticates fine. Inside my custom authentication scheme I have the following variables set:

Scheme Type = Custom
Authentication Function Name = PKG_USERS.APEX_AUTHENTICATE_USER
Enable Legacy Authentication Attributes = No
Session Not Valid / Go To: = Login Page
Switch In Session = Disabled
Post-Logout URL = Home Page
Session Sharing = Application (No Sharing)

I tested the package: PKG_USERS.APEX_AUTHENTICATE_USER with the following test code in SQLDeveloper:

declare
p_user              varchar2(512);
p_password          varchar2(512);
p_temp_boolean      boolean;
begin
p_user := '(my username)';
p_password := '(my password)';
p_temp_boolean := PKG_USERS.APEX_AUTHENTICATE_USER(p_user, p_password);
dbms_output.put_line('The return is: ' || sys.diutil.bool_to_int(p_temp_boolean));
end;

When I supply a proper Username / Password combination, the procedure returns 1. When I supply a wrong password, the procedure returns 0.

What changed from Apex 5.1 to 18 to cause an error with this authentication scheme?

Solution

  • I found the problem. It had to do with the Login page. The application was probably created in Apex 3.x. I made a new throw-away application in Apex 18.2 and then copied the new style of Login page to the migrated application.

    New APEX applications use page 9999 as a login page. There are a few new fields added to the new style of login page. Once page 9999 was copied from the "throw-away" application, I removed the page alias of "LOGIN" from page 101 and added it to page 9999. After that, I was able to login and logout using my existing custom authentication scheme with no problem.