Let me explain what is happening:
Database: Oracle 19c
Apex: 19.1.0.00.15
ORDS standalone is 19.1.0.r0921545
I did the tasks to configure an Apex Social Sign In to Microsoft AAD without almost any issue:
I created the authentication method in Apex.
I register my application and get the web credentials in Azure.
I created a wallet in my database with the root CA Microsoft certificates and configured the instance settings to usee that wallet.
My wallet in the database server contains the property auto_login to avoid using passwords.
I created the ACEs entries to allow connection to the login.microsoftonline.com in the port 443
Although it is not important for the purpose of the question itself and the error that is producing, just comment that I configured the wallet settings in the internal workspace in order to provide access to the wallet to the apex applications.
For some weeks the process was working fine, I was having a perfect Single Sing on mechanism for all my apex applications in the different workspaces. However, since some days ago, I am getting always the same error:
ORA-29024: Certificate validation failure
After some digging I realise that someone has configured a PROXY for outgoing traffic. Before even trying in Apex, I tried in SQL using APEX_WEB_SERVICE
Request with proxy settings to login.microsoftonline.com
select apex_web_service.make_rest_request(
p_url => 'https://login.microsoftonline.com',
p_http_method => 'GET',
p_wallet_path => 'file:/home/oracle/wallet',
p_wallet_pwd => 'MyPassword' ,
p_proxy_override => 'http://myproxy:myport'
7 ) from dual;
ERROR:
ORA-29273: HTTP request failed
ORA-06512: at "APEX_190100.WWV_FLOW_WEB_SERVICES", line 1035
ORA-29024: Certificate validation failure
ORA-06512: at "SYS.UTL_HTTP", line 380
ORA-06512: at "SYS.UTL_HTTP", line 1148
ORA-06512: at "APEX_190100.WWV_FLOW_WEB_SERVICES", line 934
ORA-06512: at "APEX_190100.WWV_FLOW_WEB_SERVICES", line 1580
ORA-06512: at "APEX_190100.WWV_FLOW_WEBSERVICES_API", line 408
ORA-06512: at line 1
Request without proxy settings, just to see if I can get there
SQL> select apex_web_service.make_rest_request(
2 p_url => 'https://login.microsoftonline.com',
3 p_http_method => 'GET',
4 p_wallet_path => 'file:/home/oracle/wallet'
5* ) from dual
SQL> /
ERROR:
ORA-29273: HTTP request failed
ORA-06512: at "APEX_190100.WWV_FLOW_WEB_SERVICES", line 1035
ORA-29024: Certificate validation failure
ORA-06512: at "SYS.UTL_HTTP", line 380
ORA-06512: at "SYS.UTL_HTTP", line 1148
ORA-06512: at "APEX_190100.WWV_FLOW_WEB_SERVICES", line 934
ORA-06512: at "APEX_190100.WWV_FLOW_WEB_SERVICES", line 1580
ORA-06512: at "APEX_190100.WWV_FLOW_WEBSERVICES_API", line 408
ORA-06512: at line 1
Request to google using Proxy settings
select apex_web_service.make_rest_request(
p_url => 'https://google.com',
p_http_method => 'GET',
p_wallet_path => 'file:/home/oracle/wallet',
p_wallet_pwd => 'MyPassword' ,
6 p_proxy_override => 'http://myproxy:myport'
7 ) from dual ;
ERROR:
ORA-29273: HTTP request failed
ORA-06512: at "APEX_190100.WWV_FLOW_WEB_SERVICES", line 1035
ORA-29024: Certificate validation failure
ORA-06512: at "SYS.UTL_HTTP", line 380
ORA-06512: at "SYS.UTL_HTTP", line 1148
ORA-06512: at "APEX_190100.WWV_FLOW_WEB_SERVICES", line 934
ORA-06512: at "APEX_190100.WWV_FLOW_WEB_SERVICES", line 1580
ORA-06512: at "APEX_190100.WWV_FLOW_WEBSERVICES_API", line 408
ORA-06512: at line 1
Request to google without proxy settings
SQL> select apex_web_service.make_rest_request(
2 p_url => 'https://google.com',
3 p_http_method => 'GET',
4 p_wallet_path => 'file:/home/oracle/wallet'
5* ) from dual
SQL> /
ERROR:
ORA-29273: HTTP request failed
ORA-06512: at "APEX_190100.WWV_FLOW_WEB_SERVICES", line 1035
ORA-12535: TNS:operation timed out
ORA-06512: at "SYS.UTL_HTTP", line 380
ORA-06512: at "SYS.UTL_HTTP", line 1148
ORA-06512: at "APEX_190100.WWV_FLOW_WEB_SERVICES", line 934
ORA-06512: at "APEX_190100.WWV_FLOW_WEB_SERVICES", line 1580
ORA-06512: at "APEX_190100.WWV_FLOW_WEBSERVICES_API", line 408
ORA-06512: at line 1
My questions are the following:
It is a network problem or a proxy issue regarding inbound/outbound
traffic ? I can reach Microsoft but not Google in the port 443 when I don't specify proxy.
Why am I getting invalid certificate when it has nothing to do with
the certificates ?
How can I setup my APEX to use authentication on Azure or any other
provider for that matter when I have a proxy in the middle ?
As I use ORDS standalone, am I allow to keep using it or I need a
reverse proxy with Tomcat ?
I tried to configure the ACE to use HTTP_PROXY in the ports by running
begin
sys.dbms_network_acl_admin.append_host_ace(
host => 'myproxyserver'
,lower_port => 8080
,upper_port => 8080
,ace => xs$ace_type(
privilege_list => xs$name_list('http_proxy')
,granted => true
,principal_name => 'MY_PRINCIPAL'
,principal_type => XS_ACL.PTYPE_DB
)
);
end;
/
Even I grant to the ACE privileges over the wallet
SET SERVEROUTPUT ON
BEGIN
DBMS_NETWORK_ACL_ADMIN.APPEND_WALLET_ACE
(
WALLET_PATH => 'file:/home/oracle/wallet',
ACE => XS$ACE_TYPE(
PRIVILEGE_LIST => XS$NAME_LIST('use_passwords','use_client_certificates'),
PRINCIPAL_NAME => 'MY_PRINCIPAL',
PRINCIPAL_TYPE => XS_ACL.PTYPE_DB
)
);
EXCEPTION WHEN OTHERS THEN
DBMS_OUTPUT.PUT_LINE('Error while configuring ACL for wallet: '|| SQLERRM);
END;
/
but I am still getting the same error all over.
Any help would be appreciated!
Thank you
I had issue like this, it seems Oracle SSL library has some bugs. Finally I implemented some Java Source for OJVM, please read my answer here: https://stackoverflow.com/a/60152830/11272044
Thank you to all who post answers, but finally, after struggling for a while, I found the root cause. Actually Oracle was right after all, as Microsoft has changed the way the authentication is handled, either you are using Oauth2 or OpenID, when you use Office365 and Azure Active Directory.
In this case, my organisation is using Office 365 and at the beginning was enough with importing the PKI certificates from :
https://www.microsoft.com/pki/mscorp/cps/default.htm
After a change done in Azure Active Directory (AAD), you now need also the Global Sign certificates from office.com
I hope it clarifies to other users who got in the same problem trying to authenticate with Azure Active Directory using Apex Social sign in.
You can download the certificates directly from office365.com
After adding the new two certificates to the wallet, you can now enter without issues:
select apex_web_service.make_rest_request(
p_url => 'https://login.microsoftonline.com',
p_http_method => 'GET',
4 p_wallet_path => 'file:/home/oracle/wallet' ) from dual ;
APEX_WEB_SERVICE.MAKE_REST_REQUEST(P_URL=>'HTTPS://LOGIN.MICROSOFTONLINE.COM',P_
--------------------------------------------------------------------------------
<!-- Copyright (C) Microsoft Corporation. All rights reserved. -->
<!DOCTYP
SQL>
In my understanding,you will need to do following(in addition to what you did) :
login to Apex as administrator
From settings, go to 'Wallet'
Add Wallet path(absolute path with prefix 'file://' and password you used for creating wallet
Now, your problem should be solved.
Related
SQLcl: Release 22.3 Production auf Fr. Nov. 04 17:19:43 2022
SQL> apex export -applicationid 1681
Exporting Application 1681
java.sql.SQLException: ORA-06502: PL/SQL: numeric or value error
ORA-06512: in "APEX_220100.WWV_FLOW_EXPORT_API", row 143
ORA-06512: in "APEX_220100.WWV_FLOW_GEN_API2", row 10218
ORA-06512: in "SYS.DBMS_ASSERT", row 493
ORA-06512: in "SYS.DBMS_ASSERT", row 583
ORA-06512: in "APEX_220100.WWV_FLOW_GEN_API2", row 10194
ORA-06512: in "APEX_220100.WWV_FLOW_EXPORT_INT", row 1234
ORA-06512: in "APEX_220100.WWV_FLOW_EXPORT_API", row 81
I did not find anything related to APEX export and ORA-06502 on the web.
Tried switching to SQLcl version to 20.3 and from 21.4
That didn't change anything and I got the same error in these version, too.
It seems to be some environment problem, as co-workers are able to export applications from the same database. When I try to export this application from the APEX App Builder it is working.
The problem is caused by the NLS parameter NLS_NUMERIC_CHARACTERS.
For switzerland this is ".'", so I guess the ' is the problem here.
This will resolve the problem:
alter session set NLS_NUMERIC_CHARACTERS = ',.';
When I change my Oracle connectionstring provider from "OraOLEDB.Oracle" to "MSDAORA.1"
it's not connecting and giving "ORA-01017: invalid username/password; logon denied" error.
For example:
Provider=OraOLEDB.Oracle;Data Source=XXX;User ID=YYY;Password=ZZZ; => connecting
Provider=MSDAORA.1;Data Source=XXX;User ID=YYY;Password=ZZZ; => ORA-01017: invalid username/password; logon denied
I read old articles about ORA-01017 errors in this forum.
I tried change sqlnet.ora "ALLOWED_LOGON_VERSION_SERVER" parametr.
I set SEC_CASE_SENSITIVE_LOGON= false.
But still not connecting
What is the problem?
Sample Screenshoot
We are running 12.1.0.2 OEE
We are Getting intermittent Ora error while executing a rest call from SP
[Error] Execution (124: 1): ORA-29273: HTTP request failed
ORA-29276: transfer timeout
ORA-06512: at "SYS.UTL_HTTP", line 1258
ORA-06512: at "EDB.GET_EXPECTED_VALUES_914", line 57
ORA-06512: at line 12
What we tried:
We changed default timeout to:
UTL_HTTP.SET_TRANSFER_TIMEOUT(896000);
It worked for sometime and now we started getting this time_our error again.
The time_out occurs in 1.5 minute that means it does not respect the parameter in UTL_HTTP.SET_TRANSFER_TIMEOUT(896000).
The issue was in the network performance that fluctuated.
UTL_HTTP.SET_TRANSFER_TIMEOUT(896000) - modify default 60 sec timeout
and must be set before initiating rest call, other wise the following notation:
UTL_HTTP.SET_TRANSFER_TIMEOUT(req,896000).
I've oracle 11g R2 11.2.0.4.0 64 bit Standard edition one installed over linux centos 7, it work fine, Oracle Apex 20.2 is also installed and working fine.
I've added on my wallet the certifcate of of https://api.pagos360.com, my problem is the error get when I call the site:
begin
UTL_HTTP.set_wallet('file:/path/to/wallet', '******');
end;
SELECT utl_http.request('https://api.pagos360.com') FROM dual;
When run the select statement I get the next error:
ORA-29273: HTTP request failed
ORA-06512: en "SYS.UTL_HTTP", line 1720 ORA-28860:
Error SSL fatal ORA-06512: line 1
I also trie calling from apex procedure apex_web_service.make_rest_request but get similar error
ORA-29273: HTTP request failed
ORA-06512: "SYS.UTL_HTTP", line 1339
ORA-29261: bad argument
ORA-06512: en "APEX_200200.WWV_FLOW_WEB_SERVICES", line 1156
ORA-29273: HTTP request failed
ORA-06512: en "SYS.UTL_HTTP", line 1130
ORA-28860: Error SSL fatal
ORA-06512: en "APEX_200200.WWV_FLOW_WEB_SERVICES", line 1346
ORA-06512: en "APEX_200200.WWV_FLOW_WEBSERVICES_API", line608
ORA-06512: en line38
I think that the problem is cause of my older oracle 11 version because if I test the same procedure on Oracle 19c it work fine.
Have you idea if there are any patch for this? or another via to solve.
regards
I'm unable to successfully run dbca silently in a docker container.
First, I installed the Oracle software using runInstaller, then root.sh, and netca. When I run dbca, I always get the following error:
DBCA_PROGRESS : 50%
[ 2017-12-21 21:49:18.914 UTC ] ORA-29283: invalid file operation
ORA-06512: at "SYS.DBMS_QOPATCH", line 1547
ORA-06512: at "SYS.UTL_FILE", line 536
ORA-29283: invalid file operation
ORA-06512: at "SYS.UTL_FILE", line 41
ORA-06512: at "SYS.UTL_FILE", line 478
ORA-06512: at "SYS.DBMS_QOPATCH", line 1532
ORA-06512: at "SYS.DBMS_QOPATCH", line 1417
ORA-06512: at line 1
The alert log says
QPI : Found directory objects and ORACLE_HOME out of sync
QPI : Trying to patch with the current ORACLE_HOME
QPI: ------QPI Old Directories -------
QPI: OPATCH_SCRIPT_DIR:/ade/b/2717506464/oracle/QOpatch
QPI: OPATCH_LOG_DIR:/ade/b/2717506464/oracle/QOpatch
QPI: OPATCH_INST_DIR:/ade/b/2717506464/oracle/OPatch
QPI: op_scpt_path /u01/app/oracle/product/12.2.0/dbhome_1/QOpatch
QPI: Unable to find proper QPI install
QPI: [1] Please check the QPI directory objects and set them manually
QPI: OPATCH_INST_DIR not present:/ade/b/2717506464/oracle/OPatch
Unable to obtain current patch information due to error: 20013, ORA-20013: DBMS_QOPATCH ran mostly in non install area
ORA-06512: at "SYS.DBMS_QOPATCH", line 777
ORA-06512: at "SYS.DBMS_QOPATCH", line 532
ORA-06512: at "SYS.DBMS_QOPATCH", line 2247
and the trace log
[Thread-66] [ 2017-12-22 17:21:42.931 UTC ] [ClonePostCreateScripts.executeImpl:508] calling dbms_qopatch.replace_logscrpt_dirs()
[Thread-75] [ 2017-12-22 17:21:43.178 UTC ] [BasicStep.handleNonIgnorableError:509] oracle.sysman.assistants.util.SilentMessageHandler#3b2b52b7:messageHandler
[Thread-75] [ 2017-12-22 17:21:43.178 UTC ] [BasicStep.handleNonIgnorableError:510] ORA-29283: invalid file operation
ORA-06512: at "SYS.DBMS_QOPATCH", line 1547
ORA-06512: at "SYS.UTL_FILE", line 536
ORA-29283: invalid file operation
ORA-06512: at "SYS.UTL_FILE", line 41
ORA-06512: at "SYS.UTL_FILE", line 478
ORA-06512: at "SYS.DBMS_QOPATCH", line 1532
ORA-06512: at "SYS.DBMS_QOPATCH", line 1417
ORA-06512: at line 1
Then I tried to use Oracle's official images with no success.
The only thing I modified in the Oracle's image creation process is createAsContainerDatabase parameter in dbca.rsp file. The original value was true and I changed it to false because I do not want to create a CDB.
Any idea what do I do incorrectly?
EDIT:
The image build fails on docker host running on Fedora 25, Kernel Version: 4.10.10-200.fc25.x86_64.
On macOS, and Debian Jessie, Kernel Version: 3.16.0-4-amd64, the dbca runs successfully.
Which storage driver you use?
I had exactly the same issue with Solus 3, kernel 4.14.8-41.current
Docker version:
Server:
Version: 17.11.0-ce
API version: 1.34 (minimum version 1.12)
Go version: go1.9.2
Git commit: 7cbbc92838236e442de83d7ae6b3d74dd981b586
Built: Sun Nov 26 16:15:47 2017
OS/Arch: linux/amd64
Experimental: false
..
Storage Driver: overlay
Backing Filesystem: extfs
Supports d_type: true
The image i used works fine on Linux Mint (docker 11, storage driver: aufs).
So I tried to change "overlay" to "overlay2" in settings, and now it works.
Server Version: 17.11.0-ce
Storage Driver: overlay2
Backing Filesystem: extfs
...
Creating and starting Oracle instance
35% complete
40% complete
44% complete
49% complete
50% complete
53% complete
55% complete
Completing Database Creation
56% complete
57% complete
58% complete
62% complete
65% complete
66% complete
Executing Post Configuration Actions
100% complete
But I have no idea why it's not wotking with "overlay"...