About Preconfigured Authentication Schemes

When you select a preconfigured authentication scheme, Oracle Application Express creates an authentication scheme for your application that follows a standard behavior for authentication and session management. The following list describes available preconfigured authentication schemes:

Open Door Credentials enables anyone to access your application using a built-in login page which captures a username. This can be useful during application development.
Application Express Account Credentials refers to the internal user accounts (also known as "cookie user" accounts) created and managed in the Oracle Application Express user repository. Using method, your application can easily authenticate against these accounts. See "About Application Express Account Credentials".
Database Account Credentials refers to the use of database schema accounts. When using this method the user name and password of the database account is used to authenticate the user. See "About Database Account Credentials".
LDAP Credentials Verification requires you specify configuration parameters about the external Lightweight Directory Access Protocol (LDAP) directory you will be using. See "About LDAP Credentials Verification".
No Authentication (using DAD) gets the username from the database access descriptor (DAD), either as the value stored in the DAD configuration or, if the account information is not stored in the DAD configuration, as the username captured using the basic authentication challenge. See "About DAD Credentials Verification".

About Application Express Account Credentials

Application Express Account Credentials authentication uses internal user accounts (also known as "cookie user" accounts) created and managed in the Oracle Application Express user repository. You can create and edit database user accounts on the Manage Users page.

About Database Account Credentials

Database Account Credentials requires that a database user (schema) exist in the local database for the user to be authenticated. You can create and edit database user accounts on the Manage Users page.

About LDAP Credentials Verification

Any authentication scheme that uses a login page may be configured to use Lightweight Directory Access Protocol (LDAP) to verify the username and password submitted on the login page. Application Builder includes wizards and edit pages that explain how to configure this option. These wizards assume that an LDAP directory accessible to your application for this purpose already exists and that it can respond to a SIMPLE_BIND_S call for credentials verification. When you create a LDAP Credentials authentication scheme, the wizard requests and saves the LDAP host name, LDAP port, and the DN string. An optional pre-processing function can be specified to adjust formatting of the username passed to the API.

About DAD Credentials Verification

DAD database authentication uses the Oracle database native authentication and user mechanisms to authenticate users using a basic authentication scheme. To use DAD credentials verification:

Each application user must have a user account in the Oracle database.
You must configure a PL/SQL DAD for basic authentication (without account information).

This results in one username/password challenge for browser session for your application users. The user identity token is then made available in the APP_USER item.

DAD database authentication is useful when you need to implement an authentication method that requires minimal setup for a manageable number of users. Ideally these users would already have self-managed accounts in the database and your use of this authentication method would be short lived (for example, during the demonstration or prototyping stages of development).

The main drawback of this approach is burdensome account maintenance, especially if users do not administer their own passwords, or if their database accounts exist only to facilitate authentication to your application.