Using Windows Login Credentials for Single Sign On (NTLM authentication)

Most users are lacy and don’t want to enter login credentials each time they start up an Oracle APEX application. They tell you,

“Hey I have already logged in into my computer, can’t you use that information for the APEX application?”.

Sure we can! The NTLM protocol is one way to do that.

Instructions on how to integrate mod_ntlm have been around for quite some time. See the article on HTMLDB Studio and a more up-to-date version by Martin Köb of GreenIT. But that always involves installing mod_ntlm on your Apache.

Jason Straub, a member of the Oracle APEX development team did some digging and found a PL/SQL only solution which doesn’t require mod_ntlm. Have a look at his first blog posting called “NTLM HTTP Authentication and Application Express” and welcome him as new member of the Oracle APEX blogging community!

Jason, welcome and keep blogging such great articles!

6 thoughts on “Using Windows Login Credentials for Single Sign On (NTLM authentication)

  1. Patrick:

    Thanks for the plug. I have incorporated your suggestions.

    Jason

  2. Patrick you should be careful not to trick readers into thinking that the pl/sql solution actually works :)
    As I’ve commented on jason’s blog he doesn’t authenticate against a domain controller. So mod_ntlm remains the solution.
    jason’s solution is cool but as he says in response to my comment:
    “The example posted here was meant as a PL/SQL only solution for tricking the browser into providing an NTLM token, and the decoding that token and using that value as the user in an Application Express application. It was meant to be used in some Intranet scenarios, and is obviously not meant to be a security solution.”
    So if you really want ntlm + apex you should go the mod_ntlm way. That’s what I did.
    Martin Köb also has a really good tutorial but he doesn’t include a way to have group membership checking against active directory.
    I know I’ve struggled enough with dbms_ldap to achieve it.
    I’ve written a tutorial that explains everything – from what active directory is – to how to have group membership.
    For those interested: http://withasmiletomeltathousandhearts.wordpress.com/2009/01/29/apex-windows-integrated-authentication/

  3. Hi,

    you are right. BTW, really nice article explaining Active directory and what’s going on with mod_plsql.

    Patrick

  4. I’ve just stumbled upon your site while searching for a tutorial on an related subject. Glad I did too. There’s a lot I like. Anyway, you’ve been bookmarked and I’ll be back soon. :)

  5. jhonny,

    The links you provided don’t work, could you PLEASE update as I am working on the same exact thing for a client and would love to read your tutorial…..

Comments are closed.