When creating an authentication scheme from the gallery, you can choose from a set of preconfigured options that follow standard authentication and session management practices. To link an authentication scheme to your application, start by selecting the application and then creating a new authentication scheme. Note that a newly created scheme is not automatically activated. To enable it, simply edit the scheme and click Make Current Scheme to set it as the active authentication method for your application.
This section describes all preconfigured authentication schemes that ship with Oracle APEX.
1. Oracle APEX Accounts
Oracle APEX Accounts are user accounts that are created within and managed in the APEX user repository. When you use this method, your application is authenticated against these accounts.
Oracle APEX Accounts authentication requires that a database user (schema) exists in the local database. When using this method, the user name and password of the database account is used to authenticate the user.
Oracle APEX Accounts is a good solution when:
You want control of the user account repository.
User name and password-based approach to security is sufficient.
You do not need to integrate into a single sign-on framework.
2. Custom Authentication
Creating a Custom Authentication scheme from scratch to have complete control over your authentication interface.
Custom authentication is the best approach for applications when any of the following is true:
Database authentication or other methods are not adequate.
You want to develop your own login form and associated methods.
You want to control security aspects of session management.
You want to record or audit activity at the user or session level.
You want to enforce session activity or expiry limits.
You want to program conditional one-way redirection logic before Oracle APEX page processing.
You want to integrate your application with non-APEX applications using a common session management framework.
Your application consists of multiple applications that operate seamlessly (for example, more than one application ID).
When you want your users to be able to register their own accounts.
For detailed understanding, refer Custom Auth article by Bharat.
3. Database Accounts
Database Account Credentials authentication utilizes database schema accounts to authenticate users.
4. HTTP Header Variable
Authenticate users externally by storing the username in a HTTP Header variable set by the web server.
HTTP Header Variable supports the use of header variables to identify a user and to create an Oracle APEX user session. Use HTTP Header Variable authentication scheme if your company employs a centralized web authentication solution like Oracle Access Manager which provides single sign-on across applications and technologies. User credential verification is performed by these systems and they pass the user’s name to APEX using a HTTP header variable such as “REMOTE_USER”
5. Open Door Credentials
Enable anyone to access your application using a built-in login page that captures a user name.
6. No Authentication (using DAD)
Adopts the current database user. This approach can be used in combination with a mod_plsql Database Access Descriptor (DAD) configuration that uses basic authentication to set the database session user.
7. LDAP Directory
Authenticate a user and password with an authentication request to a LDAP server.
8. Oracle Application Server Single Sign-On Server
Delegates authentication to the Oracle AS Single Sign-On (SSO) Server. To use this authentication scheme, your site must have been registered as a partner application with the SSO server.
9. SAML Sign-In
Delegates authentication to the Security Assertion Markup Language (SAML) Sign In authentication scheme.
10. Social Sign-In
Social Sign-In supports authentication with Google, Facebook, and other social networks and enterprise identity providers that support OpenID Connect or OAuth2 standards.