National electronic IDs - Authentication as a Service using APEX.#SweougApex17

Mathias Magnusson is the managing director at Miracle Sweden. Mathias has more than 20+ years experience using Oracle products. SWEOUG are pleased to announce that he will be one of the speakers at APEX2017. ​​

Writing code for security is said to be something for geniuses and idiots. Using a service for validating who someone makes perfect sense for those of us who are not geniuses in the security fields and do not wish to be taken for idiots.​​

A lot of countries have national electronic IDs. Over 20 nations have it implemented today, they do not use a standardized API. But most if not all use web services, so lessons from one are applicable to most implementations. In addition to these national IDs, there are many AaaS - Authentication as a Service - functions available that you could integrate with in a similar way.

In this presentation we take a look at how to integrate with the Swedish variant - BankID - to get the usual APEX login page to issue a request for authentication that the user then completes in the mobile app from BankID and the APEX login completes once a successful authentication is performed with BankID. ​​​

The presentation shows a practical way to work through the authentication integration with starting to just first test the soap interface using the soupui software. Then we progress toward the login by first writing a test PL/SQL block to validate it working without involving APEX. The next step is a couple of standard APEX pages to show it working there before we take on the final step of integrating completely in the log-on functionality of APEX.There are just two web service calls made so this is not a code heavy presentation. We look at how to go about working with web services from PL/SQL as well as how to integrate custom authentication in APEX via PL/SQL and web services.

More information on the event and speakers here