OAM Protected APEX Redirecting out of HTTPS (SSL) to HTTP at apex_authentication.callback
Last updated on MAY 24, 2016
Applies to:Oracle Application Express (formerly HTML DB) - Version 4.0.1 and later
Information in this document applies to any platform.
1. Specific APEX applications have been configured with Oracle Access Manager (OAM) according per <Note 1470258.1> - Integrating APEX 4.1.1 with Oracle Access Manager 11g Using the Oracle HTTP Server (OHS).
2. The Oracle HTTP Server (OHS) serving APEX has been configured in SSL mode (port 443).
3. APEX applications that are OAM protected are redirected out of SSL when navigating to /apex_authentication.callback. The result is that the following page is displayed after OAM authentication occurs ->
4. An IEHttpHeaders trace shows the following:
Note that this has dropped from https (SSL) to http. Also, if the URL is manually modified by placing the 's' after the http, the process works.
5. Firebug shows the following:
|get portallogin.jsp||200 ok||https||<OAM Server>|
|get portallogin.jsp||302 moved temporarily||https||<apex http server>|
|get f?p=108:1||302 moved temporarily||https||<apex http server>|
|get apex_authentication.callback||200 ok||http||<apex http server>|
Note the change to http at get apex_authentication.callback
6. Non-OAM protected APEX applications work in SSL mode.
7. JSPs that are OAM protected also show no issue.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms