currently I am developing an application based on Oracle ApplicationExpress 18.2 connected with (only for dev) Oracle 11g XE.
One of requirements is to connect apex app with keycloack as openid provider.
I configured my application (i was basing on this tutorial: http://dgielis.blogspot.com/2018/06/facebook-google-and-custom.html ) to connect with keycloak.
The problem is: i am able to sign in (in keycloack i see new session and it is active) but apex is showing error page after redirect from keycloak. In debug log from apex i see that error:
- ora_sqlerrm:
ORA-29273: HTTP request failed ORA-06512: at "SYS.UTL_HTTP", line
1130 ORA-24247: network access denied by access control list (ACL)
What am i doing wrong? Of cource i added some ACLs by calling oracle procedures but it doesnt work.
Result of the query select * from dba_network_acls; in attachment Query Result:
Really looking forward for any help from You.
Regards,
Cezary
Related
I installed AOP and have now a little problem. I get the error
ORA-20000: AOP Server can not be found. Check if it is running at http://api.apexofficeprint.com/
when trying to create a template or report.
Oracle Database 18 XE
Apex 20.1
Apex Office Print 20.2
That's a general error you are receiving. This is more of a network issue than AOP.
The first step would be to check if you ACL has been set up properly. You could check this by executing the following through SQL Workshop -> SQL Commands:
select apex_web_service.make_rest_request('http://api.apexofficeprint.com/marco', 'GET') from dual;
if the ACL was configured properly you should get a "polo" string back.
If this does result in an error, you should be able to get the exact HTTP error by executing the following command:
select utl_http.get_detailed_sqlerrm from dual;
You should see something like this:
ORA-29273: HTTP request failed
ORA-06512: at "SYS.UTL_HTTP", line 1577
ORA-24247: network access denied by access control list (ACL)
The code to configure ACL can be found on oracle documentation for 20.1
I've pasted the code below to make it easier. You will need to connect to the database where Oracle Application Express is installed as SYS specifying the SYSDBA role.
BEGIN
DBMS_NETWORK_ACL_ADMIN.APPEND_HOST_ACE(
host => 'api.apexofficeprint.com',
ace => xs$ace_type(privilege_list => xs$name_list('connect'),
principal_name => 'APEX_200100',
principal_type => xs_acl.ptype_db));
END;
/
For completeness I am also hyperlinking it here for other versions of APEX.
: APEX 5.0, APEX 5.1, APEX 18.1, APEX 18.2, APEX 19.1, APEX 19.2
Once this has been setup, you should be able to connect to api.apexofficeprint.com without issues. However please note that you are currently using http protocol which is unsecure and we recommend you to use https.
In order for you to use https, you will have to add the root certificate of AOP server. This blog capture the method in detail.
Furthermore if you have installed the AOP sample application, you can debug connection issues from connection test page (Debugging -> Test Connection). This page will detect the URL you have used for the plugin and allow you to check the connection. This detects ACL, wallet issues, certificate validation issue and if the server is running in the provided URL.
PS: Could it be that you used other email than support#apexofficeprint.com to contact us? I see that one of your email and the feedback were both answered within an hour.
I'm looking for some help in figuring out the correct syntax to connect to Oracle from ADF using a proxy user authentication.
The setup is:
An integration runtime has been setup to connect to an on-premise Oracle instance
The connection type is on Oracle Service Name
User name and Password are provided.
When simply using the user name / password combination the connection can be established, and the tables in the (proxy) user schema can be viewed.
However, these are not the correct tables as the setup in the Oracle instance is using connect through / proxy user authentication. Usually, the syntax for login is username[schema-you-want-to-work-with] for this but this does not work in Azure Data Factory for me.
I have tried various syntax attempts in the connection JSON, using additional connection properties but not luck. The error message, when logging in with the proxy user authentication, is always
ERROR [28000] [Microsoft][ODBC Oracle Wire Protocol driver][Oracle]ORA-01017: invalid username/password; logon denied ERROR [28000] [Microsoft][ODBC Oracle Wire Protocol driver][Oracle]ORA-01017: invalid username/password; logon denied Activity ID: da224af9-16ad-4674-a4c9-4811be8f726c.
Logging in with SQL Plus or SQL Developer works with the same connection string.
Does anyone have an idea how I can log in with the proxy user and see the normal schema content? I'm thinking it may just be a syntax issue but I'm out of ideas.
Basic successful connection
Unsuccessful connection with connect through
I am getting the following error while using linked server in sql to connect and external oracle db
Cannot initialize the data source object of OLE DB provider "OraOLEDB.Oracle" for linked server "xxxx".
OLE DB provider "OraOLEDB.Oracle" for linked server "xxx" returned message "ORA-12638: Credential retrieval failed".
I am having this issue around 4 out 5 times. So it works only sometimes.
In my case, the test and live oracle DB(external) is on the same physical server with different SID/db instance.
The test connection using OraOLEDB works consistently, it's the live linked server that's the problem.
Also to take out the network from equation I tried connecting oracle live from our test environment and oracle test from our live. Connection to oracle test works fine irrespective and live doesn't.
I can connect to the application fronting the External Oracle DB fine using the live login credentials that are used for the live linked server. So that to me takes the login account out of the question.
Question 1:- Is there any other way to connect to external Oracle DB from either via sql or C#?
I used openrowset as below and get an error:
SELECT *
FROM OPENROWSET('OraOLEDB.Oracle', 'Data Source=external_Oracle_serverIP;Initial Catalog=bbinstance;User id=xxx; Password=xx;',
'SELECT * FROM dbname')
I get the following error
OLE DB provider "OraOLEDB.Oracle" for linked server "(null)" returned message "ORA-12560: TNS:protocol adapter error". Msg 7303, Level 16, State 1, Line 1 Cannot initialize the data source object of OLE DB provider "OraOLEDB.Oracle" for linked server "(null)".
Question 2: What am I doing wrong above?
When I've encountered this issue, it's because of the following line in sqlnet.ora:
SQLNET.AUTHENTICATION_SERVICES= (NTS)
This causes Oracle to attempt to use Windows Native Authentication Services.
If Oracle cannot authenticate via this method, you'll get the 12638 error. To troubleshoot, change this line to
SQLNET.AUTHENTICATION_SERVICES= (NONE)
and repeat your test to the live database.
Oracle 12c & Above:
Sometimes, there are chances that 2 Oracle Pluggable DB services running under different root databases can run with same listener creating this chaos. Check and stop (if not Prod) unwanted PDB and try connecting to the required DB.
I am currently running into issues
ORA-29273: HTTP request failed
ORA-29259: end-of-input reached
when trying to do the begin_request method:
utl_http.set_wallet('','');
v_soap_ep = WALLET_PATH;
utl_http.begin_request(v_soap_ep, 'POST', 'HTTP/1.1');
This issue just started occurring today (Worked yesterday), and no changes to the code happened, although there was a database upgrade from 11g -> 12c. The WALLET_PATH links to a valid address, but the WALLET_PATH links to a 11g database (not 12c). I have little knowledge on this subject, and was wondering if this error was possibly caused by the two different database versions trying to work together.
Note: I put an invalid address into the c_soap_ep variable, and recieved a different error. (So that is why I am thinking there might be a compatability issue). Any thoughts or areas I can check out would be helpful, thanks.
ORA-29273: HTTP request failed
ORA-12545: Connect failed because target host or object does not exist
You can't use 11g wallets in 12c. Because, wallet creation is totally different in 12c as it uses new syntax.
For example:
-- Create
ADMINISTER KEY MANAGEMENT CREATE KEYSTORE 'keystore_location'
IDENTIFIED BY software_keystore_password;
-- Open
ADMINISTER KEY MANAGEMENT SET KEYSTORE OPEN
IDENTIFIED BY software_keystore_password;
-- Close
ADMINISTER KEY MANAGEMENT SET KEYSTORE CLOSE
IDENTIFIED BY software_keystore_password;
So, try creating a new wallet/keystore in 12c then use it for utl_http
May be this is a common problems,but I have googled it and post it in some forums but I still didn't get the answer..
I have a problem with my ACL. I was following this tutorial http://dbtricks.com/?p=159 and everything works fine. But when I made REST web service in Oracle APEX 5.0 and tried to run the service, it gave me error:
ORA-29273: HTTP request failed ORA-06512: at "SYS.UTL_HTTP", line 1130
ORA-24247: network access denied
by access control list (ACL)
I have set the ACL for user APEX_050000.
If anyone has an idea about this, please help me. Thank you.
You could try configuring the ACL for the "default parsing schema" ID; generally the schema that owns the tables; not the APEX schema that contains the application. That solved the issue for us.
You should configure the ACL for the schema that owns the APEX application that you are trying to run.