Hello,
We have an Oracle Setup running Oracle APEX with ORDS. (v. 24). Right now, the apex application is secured with apex application users, so nothing special. Our goal is to authenticate the application and rest services with an IDP (Keycloak). The Token returned contains roles which in turn determines whether a page shoud be accessible or not. (same applies to Rest Services)
I have done some research and finally need help from you giving me the right direction to search:
What is generally speaking the right way to integrate into this platform:
- integrate within APEX Application as Authentication Scheme Social Login (Open Connect) ? → In this case, Im wondering how I could secure a REST Service?
- or integrate within ORDS (which seems a better aproach as it secures on a higher level). If so, where would I find examples how to integrate with the keycloak server? Also Im wondering how I would intercept the token and see whther the JWP Token returned has the correct profile.
- or even integrate one step higher within tomcat, weblogic …
It would be very helpful if you could give me some advice heading into the right decision. Its even possible none of the three points above are the right way, so Im very open to ideas.
Best Regards
Sebastian