Hi there,
I just upgraded my APEX from 19 to 24(the latest version plus latest patches), I am also trying to migrate from LDAP based authorization to Azure AD SSO, my database is 19c none container database and I am using ORDS 24 standalone.
So far I have setup:
ACL:
*.microsoftonline.com APEX_240200,ORDS_PUBLIC_USER
autologon.microsoftazureadsso.com APEX_240200,ORDS_PUBLIC_USER
graph.microsoft.com APEX_240200,ORDS_PUBLIC_USER
login.microsoftonline.com APEX_240200,ORDS_PUBLIC_USER
Certificates:
Wallet:
I have install the microsoft bundle certificate in the wallet.
All three of below sql works so I think ACL and wallet is fine:
select apex_web_service.make_rest_request(p_url => 'https://login.microsoftonline.com/xxx/v2.0/.well-known/openid-configuration',p_http_method => 'GET') from dual;
select apex_web_service.make_rest_request(p_url => 'https://graph.microsoft.com/v2.0/me/',p_http_method => 'GET') from dual;
select apex_web_service.make_rest_request(p_url => 'https://autologon.microsoftazuread-sso.com/our_compay/winauth/sso?client-request-id=xxxx',p_http_method => 'GET') from dual;
Web Credentials/Authentication Scheme (Generic OAuth2 Provider):
Setup following below document
https://oracle-base.com/articles/misc/azure-ad-authentication-for-oracle-apex-applications
now when I access my application, I got Azure AD login page(username and then password), after that the MFA code; after type in the MFA code, instead of landing on my app home page, It goes to 101 login page and also an ORA-24247: network access denied by access control list (ACL).
I have tried to ping point where that ORA error come from(enable the ORDS logs, but no ORA error), No ORA-24247 in apex_debug_messages , didn't find any ORA-24247 in database log neither
Googled this, saw some related issue but couldn't find any same cases.
I am thinking what I shall do to track where that ORA-24247 come from.. so far no progress.
Any ideas/help is welcome.
Thanks in advance
Thanks
Mike