Skip to Main Content
Forums

APEX

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Not able to get SSL related CGI Environment Variables?

746268Jan 13 2010 — edited Jan 15 2010
We are currently using APEX 3.2.0.x, OHS 10.1.3.x, and 11gR1 on linux. The APEX application we've been developing will be accessed via SSL and x509 certificates such that a client certificate is passed from a user's browser to the OHS, the information will be read from the certificate, and if the user's cert information exists in a user table associated with the application, they will have the role they've been assigned as an existing user within the application. Otherwise, the user will be a guest and have a minimum role accessing the application.

We are certainly not guru's when it has come to setting up and configuring SSL and certs, but we have gotten to the point where we have all of the required certs created and installed, and the client cert passes it's information successfully to the OHS to get to the "home" page of the application via the Rewrite statement in the httpd.conf/ssl.conf that points to the appropriate https url. We are now at the point where we need the APEX application page to read the cert information, and this is where we are having problems.

We have created an "On Load - Before Header" process and temporary item on the "home" page to display CGI environment variables to see what we're getting. It's a PLSQL Anonymous block like this:

DECLARE
lUserName VARCHAR2(100);
BEGIN
SELECT NVL(owa_util.get_cgi_env('REMOTE_USER'),'NOT POPULATED') INTO lUserName FROM DUAL;
:P1_REMOTE_USERNAME := lUserName;
END;

We can grab any of the cgi environment variables that are listed in the OHS mod_plsql User's Guide. We cannot seem to be able to get any of the SSL CGI environment variables though. We are adding the SSL variables to the dads.conf via the PlsqlCGIEnvironmentList parameter (ex: PlsqlCGIEnvironmentList SSL_CLIENT_S_DN_CN) and bouncing the OHS as needed. Unfortunately, we have not been successful in getting any of them to show up in the item on the APEX page.

As far as we can tell, we have the SSL/OHS/Certs configured, but may be there is another SSL directive or some other configuration item that we've missed that needs to be set in order for SSL CGI environment variables to be available to the owa_util.get_cgi_env function. If anyone can tell us what we may have missed, it would be appreciated.

thanks
bob
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Feb 12 2010
Added on Jan 13 2010
#apex-discussions, #ssl
5 comments
1,364 views