After an upgrade from 11g to 12c, an application using the external procedural gateway (EPG) and basic authentication got a 401: not authorized.

It appears that in 12c, the EPG uses digest authentication in stead of basic authentication by default. You won’t notice this using a browser or WGET, but applications using CURL will fail.

Digest is a two-step way of authenticating, returning a so called nonce first to be used to encrypt the username and password in the request.

Using CURL, this can be solved by adding – -digest before the request.

An other option is to reset EPG (actually XDB) to use basic again by editing xdbconfig.xml (a row in the table XDB$CONFIG).

This can be done using this call:

call dbms_xdb.cfg_update(updateXML(
dbms_xdb.cfg_get()
, ‘/xdbconfig/sysconfig/protocolconfig/httpconfig/authentication/allow-mechanism/text()’
, ‘basic’))

followed by

dbms_xdb.cfg_refresh;

Don’t forget to commit…