About Preconfigured Authentication Schemes

When you select a preconfigured authentication scheme, Oracle Application Express creates an authentication scheme for your application that follows a standard behavior for authentication and session management. The following list describes available preconfigured authentication schemes:

Open Door Credentials enables anyone to access your application using a built-in login page that captures a user name. This can be useful during application development.
Oracle Application Express Account Credentials refers to the internal user accounts (also known as "cookie user" accounts) created and managed in the Oracle Application Express user repository. Using this method, your application can easily authenticate against these accounts. See "Application Express Account Credentials".
Database Account Credentials refers to the use of database schema accounts. When using this method, the user name and password of the database account is used to authenticate the user. See "Database Account Credentials".
LDAP Credentials Verification requires that you specify configuration parameters about the external Lightweight Directory Access Protocol (LDAP) directory you will be using. See "LDAP Credentials Verification".
No Authentication (using DAD) gets the user name from the Database Access Descriptor (DAD), either as the value stored in the DAD configuration or, if the account information is not stored in the DAD configuration, as the user name captured using the basic authentication challenge. See "DAD Credentials Verification".
Oracle Application Server Single Sign-On (Application Express engine as Partner App) delegates authentication to the Oracle AS Single Sign-On (SSO) Server. To use this authentication scheme, your site must have already been registered as a partner application with the SSO server. For more information, contact your administrator. See "About Single Sign-On Server Verification".
Oracle Application Server Single Sign-On (My application as Partner App) delegates authentication to the SSO server. Requires that you register an application with SSO as a partner application. See "About Single Sign-On Server Verification".

Application Express Account Credentials

Application Express Account Credentials authentication uses internal user accounts (also known as "cookie user" accounts). These user accounts are created and managed in the Oracle Application Express user repository.

Database Account Credentials

Database Account Credentials requires that a database user (schema) exist in the local database for the user to be authenticated. When using this method, the user name and password of the database account is used to authenticate the user.

Database Account Credentials is a good choice if having one database account for each named user of your application is feasible and account maintenance using database tools meets your needs.

LDAP Credentials Verification

Any authentication scheme that uses a login page may be configured to use Lightweight Directory Access Protocol (LDAP) to verify the user name and password submitted on the login page. Application Builder includes wizards and edit pages that explain how to configure this option. These wizards assume that an LDAP directory accessible to your application for this purpose already exists and that it can respond to a SIMPLE_BIND_S call for credentials verification. When you create an LDAP Credentials authentication scheme, the wizard requests and saves the LDAP host name, LDAP port, and the DN string. An optional preprocessing function can be specified to adjust formatting of the user name passed to the API.

DAD Credentials Verification

Database Access Descriptor (DAD) database authentication uses the Oracle database native authentication and user mechanisms to authenticate users using a basic authentication scheme. To use DAD credentials verification:

Each application user must have a user account in the Oracle database.
You must configure a PL/SQL DAD for basic authentication (without account information).

This results in one user name/password challenge for browser session for your application users. The user identity token is then made available in the APP_USER item.

DAD database authentication is useful when you need to implement an authentication method that requires minimal setup for a manageable number of users. Ideally these users would already have self-managed accounts in the database and your use of this authentication method would be short lived (for example, during the demonstration or prototyping stages of development).

The main drawback of this approach is burdensome account maintenance, especially if users do not administer their own passwords, or if their database accounts exist only to facilitate authentication to your application.

About Single Sign-On Server Verification

Oracle Application Server Single Sign-On verification delegates authentication to the Oracle AS Single Sign-On (SSO) Server. To use this authentication scheme, your site must have already been registered as a partner application with the SSO server.

Oracle Application Express applications can operate as partner applications with Oracle Application Server's Single Sign-On (SSO) infrastructure. To accomplish this, you must register your application (or register the Application Express engine) as the partner application. To do so, follow the Oracle Application Server instructions for registering partner applications and install the Oracle 9iAS SSO Software Developer Kit (SDK).

If you choose this approach, your application will not use an integrated login page. Instead, when a user accesses your application in a new browser session, the Application Express engine redirects to the Single Sign-On login page. After the user is authentication by SSO, the SSO components redirect back to your application, passing the user identity and other information to the Application Express engine. The user can then continue to use the application until they log off, terminate their browser session, or until some other session-terminating event occurs.