Hi experts,
We're using APEX 24.2 and we're testing with Open ID authentication.
So far, tests are fine and we can login using MFA. Login is against SAP CDC (Gigya) - AaaS.
As the OIDC is returning only the email address, we have a post login procedure to query the username from the users table, searching by the email:
PROCEDURE oidc_post_auth AS
l_user_name VARCHAR2(255);
l_login_msg VARCHAR2(255);
BEGIN
BEGIN
-- Get username from email returned by OIDC
SELECT user_name
INTO l_user_name
FROM apexc_users u
WHERE lower(u.email) = lower(v('APP_USER'));
apex_custom_auth.set_user(upper(l_user_name));
EXCEPTION
WHEN no_data_found THEN
l_login_msg := 'User with email '||lower(v('APP_USER'))|| ' not found. Please contact with System Administrator.';
owa_util.redirect_url(apex_util.prepare_url('f?p=' || apex_application.g_flow_id || ':9999:::::P9999_LOGIN_MSG:'||l_login_msg));
apex_application.stop_apex_engine; -- Detener el engine tras el redirect
END;
END oidc_post_auth;
APP_USER variable is correctly updated and all privileges based in it, are working as expected.
… BUT the impersonation doesn't work anymore. We're just testing by adding a button to run:
apex_custom_auth.set_user('impersonated_user'));
APEX_UTIL.CLEAR_USER_CACHE;
APEX_UTIL.REDIRECT_URL(APEX_PAGE.GET_URL(p_page => 1));
It doesn't fail, but APP_USER variable remains like the original connected user, so privileges are not correctly applied.
Any suggestion?
Thanks,
Jose.