OAM Protected APEX Redirecting out of HTTPS (SSL) to HTTP at apex_authentication.callback
(Doc ID 1522900.1)
Last updated on MAY 08, 2020
Applies to:Oracle Application Express (APEX) - Version 4.0.1 and later
Oracle Database Exadata Express Cloud Service - Version N/A and later
Oracle Database Cloud Service - Version N/A and later
Oracle Cloud Infrastructure - Database Service - Version N/A and later
Oracle Database Cloud Schema Service - Version N/A and later
Information in this document applies to any platform.
1. Specific APEX applications have been configured with Oracle Access Manager (OAM) according per <Note 1470258.1> - Integrating APEX 4.1.1 with Oracle Access Manager 11g Using the Oracle HTTP Server (OHS).
2. The Oracle HTTP Server (OHS) serving APEX has been configured in SSL mode (port 443).
3. APEX applications that are OAM protected are redirected out of SSL when navigating to /apex_authentication.callback. The result is that the following page is displayed after OAM authentication occurs ->
4. An IEHttpHeaders trace shows the following:
Note that this has dropped from https (SSL) to http. Also, if the URL is manually modified by placing the 's' after the http, the process works.
5. Firebug shows the following:
|get portallogin.jsp||200 ok||https||<OAM Server>|
|get portallogin.jsp||302 moved temporarily||https||<APEX HTTP SERVER>|
|get f?p=<APPID>:<PAGEID>||302 moved temporarily||https||<APEX HTTP SERVER>|
|get apex_authentication.callback||200 ok||http||<APEX HTTP SERVER>|
Note the change to http at get apex_authentication.callback
6. Non-OAM protected APEX applications work in SSL mode.
7. JSPs that are OAM protected also show no issue.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document