APEXtras

a development team dedicated to Oracle APEX

Two-factor Authentication with YubiKey – APEX After Submit Process for Login Page

leave a comment »

DECLARE
  l_Password           VARCHAR(100);
  l_NextPageAfterLogin VARCHAR(30);
  l_login_name         YUBICO_USER.LOGIN_NAME%TYPE;
  l_storedlogin_name   YUBICO_USER.LOGIN_NAME%TYPE;
  l_usr_id             YUBICO_USER.YUBICO_USER_ID%TYPE;
  l_yubico_user_id     YUBICO_USER.YUBICO_USER_ID%TYPE;
  l_firstname          YUBICO_USER.FIRSTNAME%TYPE;
  l_lastname           YUBICO_USER.LASTNAME%TYPE;
  l_hashed_password    YUBICO_USER.PASSWORD%TYPE;
  l_salt               YUBICO_USER.SALT%TYPE;
BEGIN
  :P101_NEW_USER := 'N';
  l_NextPageAfterLogin := '1';
  l_Password := Trim(:P101_PASSWORD);
  IF (NVL(:P101_USERNAME,'Z') = 'Z') THEN
    l_login_name := SYS_GUID();
  ELSE
    l_login_name := Trim(:P101_USERNAME);
  END IF;
  :P101_YUBICO_ID       := SUBSTR(:P101_YUBICO_OTP,1,12);
  :P101_YUBICO_RESPONSE := APEXTRAS_YUBICO.YubicoVerify(:P101_YUBICO_OTP,(:P101_USE_SIGNATURE = 'Y'));

  APEXTRAS_YUBICO.YubicoUserInfo(p_yubico_user_id  => l_yubico_user_id   ,
                                 p_yubico_id       => :P101_YUBICO_ID    ,
                                 p_firstname       => l_firstname        ,
                                 p_lastname        => l_lastname         ,
                                 p_login_name      => l_storedlogin_name ,
                                 p_hashed_password => l_hashed_password  ,
                                 p_salt            => l_salt            );
  IF (UPPER(:P101_YUBICO_RESPONSE) = 'OK') THEN
    --Known Yubico key - AUTHENTICATE
    IF (NVL(l_yubico_user_id,0) != 0) THEN
      IF (l_login_name = l_storedlogin_name) THEN
        APEX_CUSTOM_AUTH.LOGIN(
          P_UNAME       => TO_CHAR(l_yubico_user_id),
          P_PASSWORD    => l_Password,
          P_SESSION_ID  => v('APP_SESSION'),
          p_app_page    => :APP_ID || ':' || l_NextPageAfterLogin);
      END IF;
    ELSE
      :P101_NEW_USER            := 'Y';
      :P101_NEW_USER_LOGIN_NAME := :P101_USERNAME;
    END IF;
  END IF;
END;

Back to Integrating YubiKey two-factor authentication with APEX login

Advertisements

Written by Roger

19 March, 2009 at 12:42 pm

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: