In Enterprise Manager, click on the menu on the left
Oracle Cheatsheet
My personal collection of oracle stuffs and sometimes non-oracle items too
Monday, May 1, 2023
Tuesday, January 17, 2023
Oracle forms and reports OHS service stop working
We are running Oracle forms and reports server since 2018 and all of a sudden the OHS service crashed on one server and then next one and next one and next one... Not good.
After some debugging execises, the problem is due to
- Self-signed cwallet.sso expired and
- Weblogic nodemanger default keystore SSL certficate expired
Let's start from cwallet.sso
File location: E:\oracle\penfax_app\Oracle_Home\user_projects\domains\base_domain\config\fmwconfig\components\OHS\instances\ohs1\keystores\default\cwallet.sso
Let's check the expired date
orapki wallet display -wallet cwallet.sso
Oracle PKI Tool Release 19.0.0.0.0 - Production
Version 19.4.0.0.0
Copyright (c) 2004, 2021, Oracle and/or its affiliates. All rights reserved.
Requested Certificates:
User Certificates:
Subject: CN=localhost,OU=FOR TESTING ONLY,O=FOR TESTING ONLY
Trusted Certificates:
Subject: CN=localhost,OU=FOR TESTING ONLY,O=FOR TESTING ONLY
orapki wallet export -wallet cwallet.sso -dn "CN=localhost,OU=FOR TESTING ONLY,O=FOR TESTING ONLY" -cert cwallet.cer
Goto Certificate Decoder and paste the cwallet.cer content into there
The current cwallet.sso is expired. We need to create a new one
orapki wallet create -wallet ./ -pwd WalletPasswd123 -auto_login
orapki wallet add -wallet ./ -pwd WalletPasswd123 -dn "CN=localhost,OU=FOR TESTING ONLY,O=FOR TESTING ONLY" -keysize 1024 -self_signed -validity 3650
Replace E:\oracle\penfax_app\Oracle_Home\user_projects\domains\base_domain\config\fmwconfig\components\OHS\instances\ohs1\keystores\default\cwallet.sso with the new one.
Next, let's fix nodemanager SSL certificate
cd E:\oracle\penfax_app\Oracle_Home\oracle_common\common\bin\
E:\oracle\penfax_app\Oracle_Home\oracle_common\common\bin>wlst.cmd
Initializing WebLogic Scripting Tool (WLST) ...
Jython scans all the jar files it can find at first startup. Depending on the system, this process may take a few minutes to complete, and WLST may not return a prompt right away.
Welcome to WebLogic Server Administration Scripting Shell
Type help() for help on available commands
wls:/offline> nmConnect(domainName='base_domain', username='weblogic', password='leave.me.alone')
Connecting to Node Manager ...
<Jan 17, 2023 11:23:07 AM EST> <Info> <Security> <BEA-090905> <Disabling the CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify
-Dweblogic.security.allowCryptoJDefaultJCEVerification=true.>
<Jan 17, 2023 11:23:07 AM EST> <Info> <Security> <BEA-090906> <Changing the default Random Number Generator in RSA CryptoJ from ECDRBG128 to HMACDRBG. To disable this change, specify -Dweblogic.security.allowCryptoJDefaultPRNG=true.>
<Jan 17, 2023 11:23:07 AM EST> <Info> <Security> <BEA-090909> <Using the configured custom SSL Hostname Verifier implementation: weblogic.security.utils.SSLWLSHostnameVerifier$Null
HostnameVerifier.>
Traceback (innermost last):
File "<console>", line 1, in ?
File "<iostream>", line 111, in nmConnect
File "<iostream>", line 553, in raiseWLSTException
WLSTException: Error occurred while performing nmConnect : Cannot connect to Node Manager. : General SSLEngine problem
Use dumpStack() to view the full stacktrace :
wls:/offline>
This doesn't tell much.
set WLST_PROPERTIES=-Djavax.net.debug=all -Dssl.debug=true
E:\oracle\penfax_app\Oracle_Home\oracle_common\common\bin>wlst.cmd
Initializing WebLogic Scripting Tool (WLST) ...
Jython scans all the jar files it can find at first startup. Depending on the system, this process may take a few minutes to complete, and WLST may not return a prompt right away.
Welcome to WebLogic Server Administration Scripting Shell
Type help() for help on available commands
wls:/offline> nmConnect(domainName='base_domain', username='weblogic', password='leave.me.alone')
...
***
main, fatal error: 46: General SSLEngine problem
sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed
%% Invalidated: [Session-1, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256]
main, SEND TLSv1.2 ALERT: fatal, description = certificate_unknown
main, WRITE: TLSv1.2 Alert, length = 2
main, fatal: engine already closed. Rethrowing javax.net.ssl.SSLHandshakeException: General SSLEngine problem
main, called closeOutbound()
main, closeOutboundInternal()
[Raw write]: length = 7
0000: 15 03 03 00 02 02 2E .......
wls:/offline>
Check the output close to the bottom, it tells us there is a "timestamp check failed" problem.
Let's generate new Custom Identity and Custom Trust jks file
E:\oracle\penfax_app\Oracle_Home\oracle_common\jdk\bin\keytool.exe -genkey -alias base_domain -keyalg RSA -keysize 2048 -dname "CN=base_domain, OU=Digital, O=Leave Me Alone, L=Toronto, ST=Ontario, C=CA" -keypass WalletPasswd123 -keystore identity.jks -storepass WalletPasswd123
E:\oracle\penfax_app\Oracle_Home\oracle_common\jdk\bin\keytool.exe -selfcert -v -alias base_domain -keypass WalletPasswd123 -keystore identity.jks -storepass WalletPasswd123 -storetype jks -validity 3650
E:\oracle\penfax_app\Oracle_Home\oracle_common\jdk\bin\keytool.exe -export -v -alias base_domain -file rootCA.der -keystore identity.jks -storepass WalletPasswd123
E:\oracle\penfax_app\Oracle_Home\oracle_common\jdk\bin\keytool.exe -import -v -trustcacerts -alias base_domain -file rootCA.der -keystore trust.jks -storepass WalletPasswd123
Copy identity.jks and trust.jks to E:\oracle\penfax_app\Oracle_Home\user_projects\domains\base_domain\security
In Weblogic Admin Console
Custom Identity Keystore: E:\oracle\penfax_app\Oracle_Home\user_projects\domains\base_domain\security\identity.jks
Custom Trust Keystore: E:\oracle\penfax_app\Oracle_Home\user_projects\domains\base_domain\security\trust.jks
Edit E:\oracle\penfax_app\Oracle_Home\user_projects\domains\base_domain\nodemanager\nodemanager.properties, add the following to the bottom.
StartScriptEnabled=true
KeyStores=CustomIdentityAndCustomTrust
CustomIdentityKeyStoreFileName=E\:\\oracle\\penfax_app\\Oracle_Home\\user_projects\\domains\\base_domain\\security\\identity.jks
CustomIdentityAlias=base_domain
CustomIdentityPrivateKeyPassPhrase=WalletPasswd123
CustomTrustKeyStoreFileName=E\:\\oracle\\penfax_app\\Oracle_Home\\user_projects\\domains\\base_domain\\security\\trust.jks
We need to update the java Trust certificate as well
E:\oracle\penfax_app\Oracle_Home\oracle_common\jdk\bin\keytool.exe -import -alias base_domain -trustcacerts -file rootCA.der -keystore E:\oracle\temp\java\jdk1.8.0_112\jre\lib\security\cacerts -storepass changeit
Finally, everything is done. Reboot the server and OHS should start automatically.
Thursday, December 15, 2022
ORDS Install/Upgrade (ORDS Version 22.1 Onward)
Install
unzip ords-22.4.0.340.1044.zip to C:\Users\chiup_ad\Downloads\
stop "Apache Tomcat 9" service
rmdir E:\tomcat9\webapps\ords
copy ords.war E:\tomcat9\webapps\
start "Apache Tomcat 9" service
Upgrade
cd /D C:\Users\chiup_ad\Downloads\ords-22.4.0.340.1044\bin
Create a file password.txt with content below
SYS password here
ORDS_PUBLIC_USER password here
For each db pool, run this command to upgrade ORDS schema
ords --config E:\ords install --log-folder e:\ords\logs --admin-user SYS --db-pool ave --db-hostname parisdb01poc --db-port 1521 --db-servicename paris.optrust.local --feature-db-api true --feature-rest-enabled-sql true --feature-sdw true --gateway-mode proxied --gateway-user APEX_PUBLIC_USER --proxy-user --password-stdin < password.txt
Friday, November 19, 2021
Service Unavailable after upgraded to APEX 21.2
I was freak out when I saw this right after APEX upgrade. I've been doing APEX upgrade since APEX 4 and this is the first time I encounter this error.
Reviewing the upgrade log and I found this foreign Key error
Error starting at line : 53 File @ C:\Users\chiup\Downloads\apex_21.2\apex\coreins5.sql
In command -
begin
--
-- We need to directly delete dependencies (to XDB), because the
-- namespace switch from SERVER to DBTOOLS would result in a FK error.
-- There is no suitable API in dbms_registry.
--
delete from sys.registry$dependencies d
where cid = 'APEX';
--
-- Update registry
--
wwv_install_api.upgrade_registry;
end;
Error report -
ORA-02292: integrity constraint (SYS.REGISTRY_PROGRESS_FK) violated - child record found
ORA-06512: at "SYS.DBMS_REGISTRY", line 299
ORA-06512: at "APEX_210200.WWV_INSTALL_API", line 603
ORA-06512: at line 12
02292. 00000 - "integrity constraint (%s.%s) violated - child record found"
*Cause: attempted to delete a parent key value that had a foreign
dependency.
*Action: delete dependencies first then parent or disable constraint.
Checking the SYS.REGISTRY$PROGRESS table, I found an orphan record way back from APEX 5 days.
Delete the orphan record, drop APEX_210200 schema, re-run the upgrade process and I am back in business.
Saturday, October 30, 2021
Run Oracle Database Express Edition using Podman on an Oracle Cloud compute instance
In this article, I will demonstrate how to run Oracle Database Express Edition using Podman on an Oracle Cloud compute instance.
On Oracle Cloud Console
- create instance, name instance-21c-xe
- change image to Oracle Linux 8.0
- New VCN, New Public Subnet, Assign Public IPv4 address
It is not necessary to use a paid instance. The free instance will work as well.
Wait for the instance to be ready. Go to Security List, add Ingress Rule for port 1521
ssh into the new instance
sudo bash
ln -sf /usr/share/zoneinfo/Canada/Eastern /etc/localtime
dnf -y install podman podman-docker buildah skopeo dnf-utils zip unzip tar gzip git sqlcl
dnf -y update
podman pull docker.io/gvenzl/oracle-xe:21-full
podman run -d -p 1521:1521 -e ORACLE_PASSWORD=SysPassword1 --name 21cFull -v oracle-volume:/opt/oracle/XE21CFULL/oradata gvenzl/oracle-xe:21-full
podman ps
Give it 2 minutes to startup
podman logs 21cFull
You should find this in the output
#########################
DATABASE IS READY TO USE!
#########################
Testing via SQLcl
sql system/SysPassword1@//localhost/XEPDB1
Setup archivelog mode via opening a session into the container
podman exec -it --user=oracle 21cFull bash
sqlplus / as sysdba
shutdown immediate;
startup mount;
alter database archivelog;
alter database open;
Setup autostart on reboot
podman generate systemd --name 21cFull > /lib/systemd/system/container-21cFull.service
systemctl enable container-21cFull
All set. Reboot, wait for a few minutes and check again
Wednesday, August 25, 2021
Using Google Fonts in Oracle APEX
2. Add this CSS via Theme Roller->Custom CSS
@import url('https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,100;0,300;0,400;0,500;0,700;0,900;1,100;1,300;1,400;1,500;1,700;1,900&display=swap');
:root {
--a-base-font-family: 'Roboto', sans-serif;
}
Sunday, August 8, 2021
Add Prism Syntax Hightlighter to Blogger
2. Go to your blogger, Template->Edit HTML and paste the followings right before the </head> tag. We have also included Line Numbers and Copy to Clipboard Button plugin.
<head>
<link crossorigin='anonymous' href='https://cdnjs.cloudflare.com/ajax/libs/prism/1.24.1/themes/prism.min.css' integrity='sha512-tN7Ec6zAFaVSG3TpNAKtk4DOHNpSwKHxxrsiw4GHKESGPs5njn/0sMCUMl2svV4wo4BK/rCP7juYz+zx+l6oeQ==' referrerpolicy='no-referrer' rel='stylesheet'/>
<link crossorigin='anonymous' href='https://cdnjs.cloudflare.com/ajax/libs/prism/1.24.1/plugins/line-numbers/prism-line-numbers.min.css' integrity='sha512-cbQXwDFK7lj2Fqfkuxbo5iD1dSbLlJGXGpfTDqbggqjHJeyzx88I3rfwjS38WJag/ihH7lzuGlGHpDBymLirZQ==' referrerpolicy='no-referrer' rel='stylesheet'/>
<link crossorigin='anonymous' href='https://cdnjs.cloudflare.com/ajax/libs/prism/1.24.1/plugins/toolbar/prism-toolbar.min.css' integrity='sha512-ycl7dIZ0VJ5535/dzskAMTwOI6OoTNZ3PeD+tfckvYqMmAzaEwQfJHqJTSqcV2iQeJnp5XxnFy5jKotibstp7A==' referrerpolicy='no-referrer' rel='stylesheet'/>
<style>
pre {
font-size:smaller;
}
</style>
</head>
<script src="https://cdnjs.cloudflare.com/ajax/libs/prism/1.24.1/components/prism-core.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/prism/1.24.1/plugins/line-numbers/prism-line-numbers.min.js" integrity="sha512-dubtf8xMHSQlExGRQ5R7toxHLgSDZ0K7AunqPWHXmJQ8XyVIG19S1T95gBxlAeGOK02P4Da2RTnQz0Za0H0ebQ==" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/prism/1.24.1/plugins/toolbar/prism-toolbar.min.js" integrity="sha512-YrvgEHAi5/3o2OT+/vh1z19oJXk/Kk0qdVKbjEFl9VRmcLTaWRYzVziZCvoGpJ2TrnV7rB8pnJcz1ioVJjgw2A==" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/prism/1.24.1/plugins/copy-to-clipboard/prism-copy-to-clipboard.min.js" integrity="sha512-pUNGXbOrc+Y3dm5z2ZN7JYQ/2Tq0jppMDOUsN4sQHVJ9AUQpaeERCUfYYBAnaRB9r8d4gtPKMWICNhm3tRr4Fg==" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/prism/1.24.1/plugins/autoloader/prism-autoloader.min.js"></script>
3. In your edit post screen, hit HTML and put this surrounding the code you want to hightlight.
<pre class="line-numbers"><code class="language-sql">
Your SQL Statement here
</code></pre>
Thursday, August 5, 2021
NGINX SSL Reverse Proxy for Tomcat/ORDS/APEX
This is a simple reverse proxy to achieve any URL structure you want for your APEX server. NGINX is responsible for handle almost everything, reverse proxy, URL redirection, HTTP/2, cache, gzip, HSTS, OCSP stapling, etc. Tomcat/ORDS/APEX is sitting behind NGINX, communicating with NGINX via HTTP.
This is the stack I am running at the moment.
- NGINX 1.21.1
- Tomcat 9.0.50
- ORDS 21.2.0.r1741826
- APEX 21.1.2
worker_processes auto;
pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 75;
client_max_body_size 200M;
proxy_cache_path "C:/Program Files/nginx/temp/proxy_cache" levels=1:2 keys_zone=STATIC:10m inactive=24h max_size=1g use_temp_path=off;
server {
listen 80 default_server;
server_name _;
rewrite ^ https://$host$request_uri? permanent;
}
server {
listen 443 ssl http2 default_server;
server_name _;
gzip on;
gzip_types text/css text/plain text/javascript application/javascript application/json application/x-javascript application/xml application/xml+rss application/xhtml+xml application/x-font-ttf application/x-font-opentype application/vnd.ms-fontobject image/svg+xml image/x-icon application/rss+xml application/atom_xml;
gzip_proxied no-cache no-store private expired auth;
gzip_min_length 1000;
ssl_certificate "E:/ssl/fullchain.cer";
ssl_certificate_key "E:/ssl/leavemealone.com.key";
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on;
ssl_dhparam "E:/ssl/dhparam4096.pem";
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate "E:/ssl/ca.cer";
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# add_header X-Content-Type-Options nosniff;
# add_header X-Frame-Options SAMEORIGIN;
# add_header X-XSS-Protection "1; mode=block";
location / {
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Origin "";
proxy_pass http://127.0.0.1:8080;
proxy_http_version 1.1;
}
# cache apex application/workspace static files
location ~* /ords/(.*)/r/([0-9/]*)files/static/v([0-9]+)/ {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Origin "";
proxy_pass http://127.0.0.1:8080;
proxy_http_version 1.1;
proxy_redirect off;
add_header X-Cache-Status $upstream_cache_status;
expires 300d;
proxy_cache STATIC;
proxy_cache_key $host$uri$is_args$args;
proxy_cache_valid 200 24h;
proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504;
}
}
}
Let me explain this line by line:
- Line 14, proxy cache setting
- Line 17-20, rediect all HTTP traffic to HTTPS
- Line 24, setup HTTP/2
- Line 27-30, enable gzip
- Line 32-33, SSL key pair. fullchain.cer contains the server public certificate followed by immediate certificate in the same file
- Line 34-38, SSL protocol, chipers setting
- Line 40-42, SSL session cache setting
- Line 44-46, OCSP stapling setting. ca.cer contains only the immediate certificate
- Line 48, add HSTS header
- Line 54-57, proxy timeout setting
- Line 59-63, pass some extra headers to ORDS, so that your app can now where this request originally comes from
- Line 64, Google Chrome enforces stricter CORS rules, than e.g. Firefox. By setting the Origin to blank we can make reverse proxying work, otherwise Chrome would block it
- Line 65, the actual reverse proxy command saying that traffic is internally rerouted to http://127.0.0.1:8080
- Line 80-86, proxy cache setting. We put every file found on a path like /ords/*/r/*files/static/vnnn/ subfolder for at least 24hrs and also send a 300 day expiry header to the client
There is not a lot of changes in Tomcat. Basically we need to ensure HTTP (port 8080) is working, limit access to localhost and adding the actual IP address %{X-Forwarded-For} to tomcat log file.
E:\tomcat9\conf\server.xml<Connector port="8080" protocol="HTTP/1.1"
scheme="https"
proxyPort="443"
maxHttpHeaderSize="32767"
maxPostSize="-1"
disableUploadTimeout="true" />
<Engine name="Catalina" defaultHost="localhost">
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
...
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1"/>
<Valve className="org.apache.catalina.valves.RemoteIpValve"
internalProxies="127\.0\.[0-1]\.1"
remoteIpHeader="X-Forwarded-For"
requestAttributesEnabled="true"
protocolHeader="x-forwarded-proto"
protocolHeaderHttpsValue="https"/>
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%{X-Forwarded-For}i %h %l %u %t "%r" %s %b" />
</Host>
</Engine>
- Line 2-3, in some situations APEX internally creates a redirect to a different URL path, e.g. during Authentication using Social-Login it will redirect to …/ords/apex_authentication.callback… With the verison of the stack I am using, these two lines might not be required anymore. I am still leaving them here for the peace of mind.
- Line 14-15, to allow access only for the clients connecting from localhost
- Line 17-26, adding the actual IP address %{X-Forwarded-For} to tomcat log file
Friday, July 30, 2021
Oracle SQL Explain Plan
Display the execution plan stored in the plan table. We are not executing the actual SQL.
EXPLAIN PLAN
FOR SELECT /*+ gather_plan_statistics */
COUNT (*) FROM dba_objects;
SELECT * FROM TABLE (DBMS_XPLAN.display (format => 'TYPICAL'));
Displays the actual execution plan used to run a query stored in the cursor cache. We have to execute the SQL first.
SELECT /*+ gather_plan_statistics */
COUNT (*) FROM dba_objects;
SELECT * FROM TABLE (DBMS_XPLAN.display_cursor (format => 'ALLSTATS LAST +cost +bytes +peeked_binds'));
Sunday, July 4, 2021
Upgrade ORDS in OCI
Update ORDS
yum -y update
Fix ords.conf
yum update will mess up the ORDS config file. We need to remove the extra ORDS_BASE_PATH.
vi /etc/ords/ords.conf
# ORDS Service Script Configuration File (ords.config)
#
# This file should be placed in the same folder as the ORDS Service Script
# (ords.sh). Following are the properties that can be set via this file:
#
# ORDS_CONFIGDIR The absolute path to an ORDS configuration directory. If set
# and not empty then the script will overwrite the configdir
# property in the ords.war file located next to the script
# whenever the script is called with the start parameter.
# JAVA_HOME The Java base path to be used when starting ORDS. It should
# contain the binaries folder "bin" and the "java" executable
# under it. If the path provided does not exist, is not
# readable or doesn't contain the "bin/java" executable, then
# the PATH's java binary will be used to determine the
# JAVA_HOME.
# JAVA_OPTIONS A string containing the Java options to be passed to the JVM
# when starting ORDS. Parameters should be in a single line
# separates by spaces just as they'd be when invoking a JVM
# from the command line. No shell expansions are performed. No
# options are passed by default to the ORDS' JVM.
# ORDS_BASE_PATH The base path for ORDS installation by default is /opt/oracle
# but if the rpm was installed with --prefix [path] to relocate
# the package this variable will track the installation path.
#####Example#####
#ORDS_CONFIGDIR=/opt/oracle/ords/conf
#JAVA_HOME=/usr/java/jre1.8.0_211-amd64/
#JAVA_OPTIONS=-Dsecurity.forceHTTPS=true
ORDS_BASE_PATH=/opt/oracle
ORDS_BASE_PATH=/opt/oracle
Run ORDS and setup the config directory
ords standalone and enter /opt/oracle/ords/config
Monday, April 5, 2021
Enable MFA for Oracle Cloud Infrastructure Sign In
At this point, the setup is completed. We have enabled MFA for all logins. Next time, when users login, they will be asked to setup QR code. You could your faviourite authenticiator app, For example Google Authenticator, Microsoft Authenticator or 1Password.