My Oracle Support Banner

OAM Protected APEX Redirecting out of HTTPS (SSL) to HTTP at apex_authentication.callback (Doc ID 1522900.1)

Last updated on FEBRUARY 09, 2023

Applies to:

Oracle Application Express (APEX) - Version 4.0.1 and later
Oracle Database Exadata Express Cloud Service - Version N/A and later
Oracle Database Cloud Service - Version N/A and later
Oracle Cloud Infrastructure - Database Service - Version N/A and later
Oracle Database Cloud Schema Service - Version N/A and later
Information in this document applies to any platform.


1.  Specific APEX applications have been configured with Oracle Access Manager (OAM) according per <Note 1470258.1> - Integrating APEX 4.1.1 with Oracle Access Manager 11g Using the Oracle HTTP Server (OHS).

2.  The Oracle HTTP Server (OHS) serving APEX has been configured in SSL mode (port 443).

3.   APEX applications that are OAM protected are redirected out of SSL when navigating to /apex_authentication.callback.  The result is that the following page is displayed after OAM authentication occurs ->


4. An IEHttpHeaders trace shows the following:

Note that this has dropped from https (SSL) to http. Also, if the URL is manually modified by placing the 's' after the http, the process works.

5.  Firebug shows the following:

get portallogin.jsp 200 ok https <OAM Server>
get portallogin.jsp 302 moved temporarily https <APEX HTTP SERVER>
get f?p=<APPID>:<PAGEID> 302 moved temporarily https <APEX HTTP SERVER>
get apex_authentication.callback 200 ok http <APEX HTTP SERVER>

 Note the change to http at get apex_authentication.callback

6.  Non-OAM protected APEX applications work in SSL mode.

7. JSPs that are OAM protected also show no issue.




To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.