My Oracle Support Banner

Primary Note for Oracle Application Express (APEX) Authentication (Doc ID 1094413.1)

Last updated on SEPTEMBER 10, 2021

Applies to:

Oracle Application Express (APEX) - Version 1.5 and later
Oracle Database Cloud Exadata Service - Version N/A and later
Gen 1 Exadata Cloud at Customer (Oracle Exadata Database Cloud Machine) - Version N/A and later
Oracle Database Exadata Express Cloud Service - Version N/A and later
Oracle Database Cloud Service - Version N/A and later
Information in this document applies to any platform.

Details

This note answers or addresses the most common questions or issues encountered about Oracle Application Express (APEX) and authentication. In addition to the Support Notes below, supplemental information can be found here:

Discussion Forum
Certification
Documentation, White Papers and Demos

Documentation and downloads for earlier releases of Application Express (formerly known as HTML DB) can be found here.

Audience

The information contained in this article targets product administrators, installers and developers alike. 

NOTE
Please do not confuse APEX Authentication with APEX Authorization. These are independant of each other and
should not be treated as one. Authentication is 'can I access the APEX development / runtime instance'. Whereas
Authorization is 'is this APEX user authorized to perform this action in an APEX application'

 

 

Actions

Different methods of Authentication at runtime.

When accessing an  APEX application at runtime, the default method of authentication is to use the APEX 'out the box' authentication. This type of authentication validates against APEX user credentials stored in an internal repository.

In most cases, APEX 'out the box' authentication will suit most people. However this is not to say other types of authentication methods can be used. This section will give references to 'How To' documents of the popular non 'out the box' authentication methods.

Single Sign On (SSO)

<Note 562807.1> Configuring an APEX Application to Use SSO With SDK in Separate Schema.
<Note 1233515.1> Troubleshooting and Verifying APEX SSO Configuration Setup Steps.
<Note 562840.1> Troubleshooting Apex SSO Related Error ERR-7620.
Configure an Application as an External Application in Oracle AS Single Sign-On click here
Configure an Application as a Partner Application in Oracle AS Single Sign-On click here

 

Currently, these are the supported / Certified Identity Management combination for using SSO with APEX

Oracle Access Manager

Oracle Access Manager 11g is supported with APEX 4.1 and above. See the Integrating Oracle Application Express with Oracle Access Manager whitepaper for details.

<Note 1480284.1> Integrating APEX 4.1.1 with Oracle Access Manager 11g Using the APEX Listener with Weblogic Server

 

LDAP

LDAP authentication can be configured using the LDAP Directory authentication scheme provided wth APEX.

 

Database username / password

This method will authenticate an APEX application with database username/password (eg scott/tiger) credentials

<Note 456482.1> How to Create an Authentication Scheme to Use a Database Userid / Password for APEX Applications

However, this would mean that ANY database user can access the APEX application, therefore giving access to the application to any database user regardless of if they are allowed to access it or not. Should you want to be more restrictive in this method, then this can be achieved by the following

<Note 428124.1> How To Use Database Authentication And Login Only With One specific Database User?

Public. No authentication required.


There maybe a requirement that NO authentication is required for the APEX application. Therefore,  making it a public application. This can be achieved by the following

<Note 565396.1> How to Access Apex Application Without Defining Any User and Without Prompting for Login Credentials
Make an Application Public click here

Social Sign-In

Starting with APEX 18.1, Social Sign-in is available:
<Note 2430891.1> How To Authenticate APEX Application Using Google?
<Note 2693906.1> Trouble shooting APEX Social Sign-In Problems in APEX

The following Ask Tom video also demonstrates multiple connection methods:
https://asktom.oracle.com/pls/apex/f?p=100:551::::RP,551:P551_CLASS_ID:5861&cs=142E2BBE9302CEF3B4DA3ADE23EB366E7

Problems Accessing the APEX development Environment.

The above section has given ways on how to configure an APEX application to use different methods of authentication . However, there can be times when you can run into problems when trying to access the APEX development environment. The following section goes over the most common problems faced accessing the development environment with authentication problems.

Cannot Access APEX Instance after a new Install.

One of the most common problems is that after a new install, trying to access the APEX instance be it runtime or development,  fails with the browser showing the message "

In the default profile in an Oracle Database 11g, the parameter PASSWORD_LIFE_TIME is set to 180. If you are using Oracle Database 11g with Oracle Application Express, this causes the password for APEX_PUBLIC_USER to expire in 180 days. As a result, your Oracle Application Express instance will become unusable until you change the password. As the password has expired, a new password needs to be set and this can be done by following <Note 283234.1> Receiving Failed to Login to APEX / HTMLDB Page - You Don't Have Permission to Access /pls/apex.

To prevent this behavior happening again, create another profile in which the PASSWORD_LIFE_TIME parameter is set to unlimited and alter the APEX_PUBLIC_USER account and assign it the new profile.

Cannot Login as APEX Internal ADMIN user.

There are occasions when the Internal APEX Administrator (admin) user password has been forgotten and therefore the ability to log into the APEX admin pages are lost. The following notes guides you in how to reset the APEX admin user. 

<Note 361581.1> How to Change the ADMIN User Password for the Workspace INTERNAL

 

 



Contacts

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Details
Actions
 Different methods of Authentication at runtime.
 Single Sign On (SSO)
 Oracle Access Manager
 LDAP
 Database username / password
 Public. No authentication required.
 Social Sign-In
 Problems Accessing the APEX development Environment.
 Cannot Access APEX Instance after a new Install.
 APEX Instance no long accessible.
 Cannot Login as APEX Internal ADMIN user.
 

Contacts
 References
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.