They request me that when a common user logs in, I must validate user and password for access to the system but when user is admin, I must validate user, password and a token that the system send to email user's (2FA).
I have created a process that handles: -validate if the username and password are correct -Obtains the type of user, if it is a common user it redirects him to the first page, otherwise it sends a token to his email.
PROCEDURE PRC_PROCESA_LOGIN(p_username VARCHAR2, p_password VARCHAR2, p_app_id NUMBER, p_ip_cliente VARCHAR2) IS
l_rt_autenticacion_resultado rt_autenticacion_resultado;
l_enable_2fa number;
l_tipo_usuario VARCHAR2(1);
e_error exception;
BEGIN
l_rt_autenticacion_resultado := pkg_eir_seguridad_2.FNC_AUTENTICAR_USUARIO(p_username, p_password, p_ip_cliente);
SELECT SC.Enable_2fa INTO l_enable_2fa FROM OF_SERVER_CONFIG SC;
IF l_rt_autenticacion_resultado.exito THEN
SELECT tipo_usuario
INTO l_tipo_usuario
FROM of_usuario u
WHERE u.cod_usuario =
l_rt_autenticacion_resultado.usuario_autenticado_id;
IF (l_enable_2fa = 1 AND l_tipo_usuario = 'B') THEN
l_rt_autenticacion_resultado.exito := FNC_GENERAR_TOKEN_2AF(p_username, p_password);
IF l_rt_autenticacion_resultado.exito = TRUE THEN
apex_util.set_session_state('APP_2FA', 1);
END IF;
ELSE
apex_util.set_session_state('APP_USUARIO_AUTENTICADO_ID', l_rt_autenticacion_resultado.usuario_autenticado_id);
Wwv_Flow_Custom_Auth_Std.Post_Login(p_username,
p_password,
v('APP_SESSION'),
p_App_Id || ':1');
END IF;
ELSE
apex_util.set_session_state('APP_AUTENTICACION_RESULTADO_MENSAJE',
l_rt_autenticacion_resultado.mensaje);
apex_util.set_custom_auth_status(l_rt_autenticacion_resultado.mensaje);
--raise_application_error(-20001, l_rt_autenticacion_resultado.mensaje);
END IF;
END;
I have created an AD event type: click, action: Execute Server-side code and place the procedure I tried with a common user but when I click the LOGIN button, it does not perform the redirection
I have created an AD LOGIN button: event: click, action: Execute Server-side code PL/SQL Code:
begin
PKG_EIR_SEGURIDAD.PRC_PROCESA_LOGIN(p_username => :P9999_USERNAME,
p_password => to_char(:P9999_PASSWORD),
p_app_id => :APP_ID,
p_ip_cliente => owa_util.get_cgi_env ('REMOTE_ADDR'));
end;
I tried with a common user but when I click the LOGIN button it does not perform the redirection. I have placed this same procedure in Processing. I tried with the same common user and if it redirects it to the home page. button login: -Behavior accion: Submit page Processing: -Processes Name: Login -Type: Execute Code -PL/SQL: (same code above)
My problem is that when I try with an administrator user the page is reloaded and deletes the credentials that the user I had already entered. My idea is that when the user is an administrator, the process returns false but leaves the values, then through an AD enable the 2FA region that has the item P9999_TOKEN and the VALIDATE button. When the user enters the token and clicks on the VALIDATE button, this must call a procedure that validates that the token is correct and redirects it to the home page.
How could I solve this problem or what should I do to find a solution?
Here is one option. I have not verified it with a custom authentication script but you should be able to fill in the blanks. The idea is to do it all in the login page and not in the authentication procedure and also not to submit the login page until token is verified. reloading the login page with the entered value could be a security issue.
On the login page:
apex.item('P9999_TOKEN_NEEDED').getValue() == 'Y'