OIDC/Oauth2 in Apex, with wallet for felf sign cert

Creating wallet for APEX with oracle client orapki

**Info** + You need to do it only if your sso server have self-signed certificate. +

Get your certs.

openssl s_client -connect sso-rho-sso-corpo-test.apps.playcloud-test.p4.int:443 -showcerts

You need full installation of oracle client to do this, instant client is not sufficent.
You can also use database instance if you have access.

cd C:\oracle\product\12.2.0\client_1\bin
set JAVA_HOME="c:\Program Files\java\jdk1.8.0_202"
orapki wallet create -wallet c:\temp\sso.wallet -auto_login
orapki wallet add -wallet c:\temp\sso.wallet -trusted_cert -cert c:\temp\sso.wallet\crt2.crt
orapki wallet add -wallet c:\temp\sso.wallet -trusted_cert -cert c:\temp\sso.wallet\crt1.crt

Now copy whole folder wallet.sso to location on oracle DB server and change it access rights to DB, for example chmod -R oracle:oracle wallet.sso

Next go to instance asmin console Manage Instance → Instance Settings, there is section Wallet.
Because we used -auto_login option uppon creation, you do not need to put any password, just mark Auto-login Wallet.

Configure oracle APEX application for oidc/oauth2.

OIDC

**Info** + We are assuming that you are using keycloak and your client_id is already configured there. + You need at least point your domain. +

Go to your application in apex next Shared Components and Authentication Schemes.

Create authentication schema with your favorite name, adding Scheme Type →`Social Sign-In`.
In Settings chose:
- Credential Store → ss0
- Authentication Provider → OpenID Connect Provider
- Discovery URL → https://<keycloak_frontend_url>/auth/realms/<your_realm>/.well-known/openid-configuration
- Scope → openid
- Username → attribute identifing your Username
- Convert Username To Upper Case → Suggested is Yes
- Additional User Attributes → for example email,profile,picture,preferred_username,sub,user_position,first_name,last_name
- Map Additional User Attributes To → G_EMAIL,G_PROFILE,G_PICTURE,G_DOMAIN_LOGIN,G_SUB,G_USER_POSITION,G_FIRST_NAME,G_LAST_NAME
In Session Not Valid chose:
- GoTo → Login page
In Post-Logout URL set:
- Go To → URL
- URL → https://<keycloak_backend_url>/auth/realms/ssopm/protocol/openid-connect/logout

Now it is done