National electronic IDs - Authentication as a Service using APEX.#SweougApex17
Mathias Magnusson is the managing director at Miracle Sweden. Mathias has more than 20+ years experience using Oracle products. SWEOUG are pleased to announce that he will be one of the speakers at APEX2017.
Writing code for security is said to be something for geniuses and idiots. Using a service for validating who someone makes perfect sense for those of us who are not geniuses in the security fields and do not wish to be taken for idiots.
A lot of countries have national electronic IDs. Over 20 nations have it implemented today, they do not use a standardized API. But most if not all use web services, so lessons from one are applicable to most implementations. In addition to these national IDs, there are many AaaS - Authentication as a Service - functions available that you could integrate with in a similar way.
In this presentation we take a look at how to integrate with the Swedish variant - BankID - to get the usual APEX login page to issue a request for authentication that the user then completes in the mobile app from BankID and the APEX login completes once a successful authentication is performed with BankID.
The presentation shows a practical way to work through the authentication integration with starting to just first test the soap interface using the soupui software. Then we progress toward the login by first writing a test PL/SQL block to validate it working without involving APEX. The next step is a couple of standard APEX pages to show it working there before we take on the final step of integrating completely in the log-on functionality of APEX.There are just two web service calls made so this is not a code heavy presentation. We look at how to go about working with web services from PL/SQL as well as how to integrate custom authentication in APEX via PL/SQL and web services.
More information on the event and speakers here