How to implement certificate based authentication and use the wallet to connect with DB 19c

[rgutierrez2004]

1. What version of ODPI-C are you using (see dpi.h)?

2. What OS (and version) is your application on?

3. What compiler (and version) did you use?

4. What is your version of the Oracle Client (e.g. Instant Client)? How was it installed? Where it is installed?

5. What is your Oracle Database version?

6. What is the PATH environment variable (on Windows) or LD_LIBRARY_PATH (on Linux) set to?

7. What environment variables did you set? How exactly did you set them?

8. What problem or error(s) you are seeing?

9. Do you have a runnable code snippet to describe the problem?

[cjbj]

• can you update the template information, particularly the OS and Oracle client & server version questions

• See https://github.com/oracle/node-oracledb/issues/1312 where @perpetualv gave the steps.

• the question isn't specific to ODPI-C, so if you have deeper questions, I recommend contacting Oracle Support.

[rgutierrez2004]

What version of ODPI-C are you using (see dpi.h)? 4.2.2

What OS (and version) is your application on? Oracle Linux 7.8

What compiler (and version) did you use?

What is your version of the Oracle Client (e.g. Instant Client)? How was it installed? Where it is installed? Full Client 19c distribution

What is your Oracle Database version? 19c

What is the PATH environment variable (on Windows) or LD_LIBRARY_PATH (on Linux) set to?

What environment variables did you set? How exactly did you set them?

What problem or error(s) you are seeing? No

Do you have a runnable code snippet to describe the problem? No

[rgutierrez2004]

Thanks for the link but still unclear, if a cert is configured for comm between client and DB server and another cert used for authentication, all stored in wallets (client and server), then what changes we need to do when opening a connection via ODPI-C?

[cjbj]

Use external authentication. @anthony-tuininga may be able to point you at a specific ODPI-C example.

Related doc (because cx_Oracle is built on ODPI-C) is here: https://cx-oracle.readthedocs.io/en/latest/user_guide/connection_handling.html#connecting-using-external-authentication

[tgulacsi]

And you can look at the z_test.go, contrib dir - for testing, it uses Oracle Cloud, with cert auth. TL;DR you'll need TNS_ADMIN set to the directory of your tnsnames.ora and sqlnet.ora.

Edit: sorry, this is for github.com/godror/godror, which uses ODPI. But this is general, not go specific.

[rgutierrez2004]

No sure what z_test.go, contrib dir are you talking about, any link or location? In any case, I was looking for an example in C, I believe for now is best to look at the source code in cx_Oracle as cjbj indicated is built on ODIPI-C.

[cjbj]

z_test.go is in the directory that @tgulacsi linked to: https://github.com/godror/godror

Godor is also written in ODPI-C as he also mentioned.

It's one big happy family.

[tgulacsi]

https://github.com/godror/godror/tree/master/contrib/free.db is a directory where the required wallets and tnsnames.ora, sqlnet.ora fiels are.

Set TNS_ADMIN environment variable to the directory of your tnsnames.ora and sqlnet.ora files sqlnet.ora needs a rewrite (proper DIRECTORY) to find the wallet.

[cjbj]

In ODPI-C you'll follow your normal connection path, but set the externalAuth flag, and then probably either pass username & password as null or empty strings. (Assuming the wallet has the credentials. If not, you'll need to pass the actual values)

[rgutierrez2004]

Wondering if the externalAuth flag is for telling ODPI-C that creds (usr/pwd) will be in the wallet? or this flag is for telling the DB server that the code using ODPI-C is taking care of the authentication and must accept the user as valid/authenticated user?

[stale[bot]]

This issue has been automatically marked as inactive because it has not been updated recently. It will be closed if no further activity occurs. Thank you for your contributions.

[stale[bot]]

This issue has been automatically closed because it has not been updated for a month.

[cjbj]

The flag is passed to the Oracle Client libraries to tell them to use external authentication.