Wednesday, March 18, 2026

ODB Entra ID Integration For JDBC-thin Applications

Centralizing Oracle AI Database Authentication, Authorization, and User Lifecycle Management is a great way to improve operational efficiency and improve security posture through the addition of multi-factor authentication (MFA).  For C-based Oracle Call Interface (OCI) and JDBC-thick driver clients, this is enabled through the Oracle instant client or Oracle full client applications.  However, JDBC-thin driver based applications such as SQL Developer, SQLcl and many others require the ojdbc-extensions libraries and all dependencies from the GitHub project https://github.com/oracle/ojdbc-extensions to enable Entra ID integration. In my previous blog post on Entra ID Integration For SQLDeveloper, I provided a sample set of ojdbc-extensions and dependencies as a standalone downloadable zip file.  Thanks to the great work of the Oracle JDBC team, there is a new command (get-deps) that enables downloading all of the extensions and requisites through the OJDBC driver.

Lets say that you want to evaluate the next stable version of ojdbc-extensions driver version 1.0.5 with SQL Developer 24.3.1.  The following sequence guides you through that setup. Note that the same sequence can be applied to the previous ojdbc-extensions version 1.0.4 as well as the upcoming version 1.0.6 and future versions.

1. Download 23.26.1 (or newer) of the Oracle JDBC-thin library from Maven repository or Oracle AI Database instant client.

Oracle JDBC-thin library from Maven:

curl -sko ojdbc11.jar https://repo1.maven.org/maven2/com/oracle/database/jdbc/ojdbc11/23.26.1.0.0/ojdbc11-23.26.1.0.0.jarI

Alternatively, the JDBC-thin library is included with the Oracle instant client at:
 https://www.oracle.com/database/technologies/instant-client/downloads.html

2. Extract the Oracle instant client. In my case, I extracted into C:\u01\app\instantclient_23_26_1

3. Download the desired 1.0.5 version of ojdbc-extensions into a version specific directory:

cd C:
cd \u01\app\instantclient_23_26_1
java -jar ojdbc11.jar get-deps --coords com.oracle.database.jdbc/ojdbc-provider-azure/1.0.5 --path C:\u01\app\ojdbc-extensions-1.0.5

If this fails, you may need also need to load private certificate chain for Web Application Firewall (WAF) SSL/TLS termination or SSL/TLS offloading service into the Java cacerts truststore:

keytool -import -trustcacerts -alias privateca -keystore cacerts -file "C:\Users\dbUser\privateca.cer"



4. Produce the output with Windows PowerShell that will be needed to update the SQL Devleoper product.conf configuration file located in <home>\AppData\Roaming\sqldeveloper\<version>:

Get-ChildItem -Path "C:\u01\app\ojdbc-extensions-1.0.5" -Include "*.jar" -Recurse -Name -Force | ForEach-Object { Add-Content -Path C:\u01\app\ojdbc-extensions-1.0.5\product.txt  -Value "AddJavaLibFile C:\u01\app\ojbc-extensions-1.0.5\$_"}


5. Stop SQL Developer

6. Make a backup copy of the existing SQL Developer product.conf config file in <home>\AppData\Roaming\sqldeveloper\<version>.

7. Update the <home>\AppData\Roaming\sqldeveloper\<version>\product.conf configuration file replacing all AddJavaLibFile references with those resulting from step 4 above.  Here was the resulting output for this iteration of these commands. Note that your execution may result in different library versions because they can change over time.

AddJavaLibFile C:\u01\app\ojdbc-extensions-1.0.5\accessors-smart-2.5.1.jar
AddJavaLibFile C:\u01\app\ojdbc-extensions-1.0.5\asm-9.6.jar
AddJavaLibFile C:\u01\app\ojdbc-extensions-1.0.5\azure-core-1.54.1.jar
AddJavaLibFile C:\u01\app\ojdbc-extensions-1.0.5\azure-core-http-netty-1.15.7.jar
AddJavaLibFile C:\u01\app\ojdbc-extensions-1.0.5\azure-data-appconfiguration-1.7.3.jar
AddJavaLibFile C:\u01\app\ojdbc-extensions-1.0.5\azure-identity-1.14.2.jar
AddJavaLibFile C:\u01\app\ojdbc-extensions-1.0.5\azure-json-1.3.0.jar
AddJavaLibFile C:\u01\app\ojdbc-extensions-1.0.5\azure-security-keyvault-secrets-4.9.1.jar
AddJavaLibFile C:\u01\app\ojdbc-extensions-1.0.5\azure-xml-1.1.0.jar
AddJavaLibFile C:\u01\app\ojdbc-extensions-1.0.5\content-type-2.3.jar
AddJavaLibFile C:\u01\app\ojdbc-extensions-1.0.5\jackson-annotations-2.17.2.jar
AddJavaLibFile C:\u01\app\ojdbc-extensions-1.0.5\jackson-core-2.17.2.jar
AddJavaLibFile C:\u01\app\ojdbc-extensions-1.0.5\jackson-databind-2.17.2.jar
AddJavaLibFile C:\u01\app\ojdbc-extensions-1.0.5\jackson-datatype-jsr310-2.17.2.jar
AddJavaLibFile C:\u01\app\ojdbc-extensions-1.0.5\jcip-annotations-1.0-1.jar
AddJavaLibFile C:\u01\app\ojdbc-extensions-1.0.5\jna-5.13.0.jar
AddJavaLibFile C:\u01\app\ojdbc-extensions-1.0.5\jna-platform-5.13.0.jar
AddJavaLibFile C:\u01\app\ojdbc-extensions-1.0.5\json-smart-2.5.1.jar
AddJavaLibFile C:\u01\app\ojdbc-extensions-1.0.5\lang-tag-1.7.jar
AddJavaLibFile C:\u01\app\ojdbc-extensions-1.0.5\msal4j-1.17.2.jar
AddJavaLibFile C:\u01\app\ojdbc-extensions-1.0.5\msal4j-persistence-extension-1.3.0.jar
AddJavaLibFile C:\u01\app\ojdbc-extensions-1.0.5\netty-buffer-4.1.115.Final.jar
AddJavaLibFile C:\u01\app\ojdbc-extensions-1.0.5\netty-codec-4.1.115.Final.jar
AddJavaLibFile C:\u01\app\ojdbc-extensions-1.0.5\netty-codec-dns-4.1.112.Final.jar
AddJavaLibFile C:\u01\app\ojdbc-extensions-1.0.5\netty-codec-http-4.1.115.Final.jar
AddJavaLibFile C:\u01\app\ojdbc-extensions-1.0.5\netty-codec-http2-4.1.115.Final.jar
AddJavaLibFile C:\u01\app\ojdbc-extensions-1.0.5\netty-codec-socks-4.1.115.Final.jar
AddJavaLibFile C:\u01\app\ojdbc-extensions-1.0.5\netty-common-4.1.115.Final.jar
AddJavaLibFile C:\u01\app\ojdbc-extensions-1.0.5\netty-handler-4.1.115.Final.jar
AddJavaLibFile C:\u01\app\ojdbc-extensions-1.0.5\netty-handler-proxy-4.1.115.Final.jar
AddJavaLibFile C:\u01\app\ojdbc-extensions-1.0.5\netty-resolver-4.1.115.Final.jar
AddJavaLibFile C:\u01\app\ojdbc-extensions-1.0.5\netty-resolver-dns-4.1.112.Final.jar
AddJavaLibFile C:\u01\app\ojdbc-extensions-1.0.5\netty-resolver-dns-classes-macos-4.1.112.Final.jar
AddJavaLibFile C:\u01\app\ojdbc-extensions-1.0.5\netty-resolver-dns-native-macos-4.1.112.Final-osx-x86_64.jar
AddJavaLibFile C:\u01\app\ojdbc-extensions-1.0.5\netty-tcnative-boringssl-static-2.0.69.Final-linux-aarch_64.jar
AddJavaLibFile C:\u01\app\ojdbc-extensions-1.0.5\netty-tcnative-boringssl-static-2.0.69.Final-linux-x86_64.jar
AddJavaLibFile C:\u01\app\ojdbc-extensions-1.0.5\netty-tcnative-boringssl-static-2.0.69.Final-osx-aarch_64.jar
AddJavaLibFile C:\u01\app\ojdbc-extensions-1.0.5\netty-tcnative-boringssl-static-2.0.69.Final-osx-x86_64.jar
AddJavaLibFile C:\u01\app\ojdbc-extensions-1.0.5\netty-tcnative-boringssl-static-2.0.69.Final-windows-x86_64.jar
AddJavaLibFile C:\u01\app\ojdbc-extensions-1.0.5\netty-tcnative-classes-2.0.69.Final.jar
AddJavaLibFile C:\u01\app\ojdbc-extensions-1.0.5\netty-transport-4.1.115.Final.jar
AddJavaLibFile C:\u01\app\ojdbc-extensions-1.0.5\netty-transport-classes-epoll-4.1.115.Final.jar
AddJavaLibFile C:\u01\app\ojdbc-extensions-1.0.5\netty-transport-classes-kqueue-4.1.115.Final.jar
AddJavaLibFile C:\u01\app\ojdbc-extensions-1.0.5\netty-transport-native-epoll-4.1.115.Final-linux-x86_64.jar
AddJavaLibFile C:\u01\app\ojdbc-extensions-1.0.5\netty-transport-native-kqueue-4.1.115.Final-osx-x86_64.jar
AddJavaLibFile C:\u01\app\ojdbc-extensions-1.0.5\netty-transport-native-unix-common-4.1.115.Final.jar
AddJavaLibFile C:\u01\app\ojdbc-extensions-1.0.5\nimbus-jose-jwt-9.40.jar
AddJavaLibFile C:\u01\app\ojdbc-extensions-1.0.5\oauth2-oidc-sdk-11.18.jar
AddJavaLibFile C:\u01\app\ojdbc-extensions-1.0.5\ojdbc-provider-azure-1.0.4.jar
AddJavaLibFile C:\u01\app\ojdbc-extensions-1.0.5\ojdbc-provider-common-1.0.4.jar
AddJavaLibFile C:\u01\app\ojdbc-extensions-1.0.5\ojdbc8-23.7.0.25.01.jar
AddJavaLibFile C:\u01\app\ojdbc-extensions-1.0.5\oraclepki-23.7.0.25.01.jar
AddJavaLibFile C:\u01\app\ojdbc-extensions-1.0.5\reactive-streams-1.0.4.jar
AddJavaLibFile C:\u01\app\ojdbc-extensions-1.0.5\reactor-core-3.4.41.jar
AddJavaLibFile C:\u01\app\ojdbc-extensions-1.0.5\reactor-netty-core-1.0.48.jar
AddJavaLibFile C:\u01\app\ojdbc-extensions-1.0.5\reactor-netty-http-1.0.48.jar
AddJavaLibFile C:\u01\app\ojdbc-extensions-1.0.5\slf4j-api-1.7.36.jar


8. Start SQL Developer and test Entra ID integrated database authentication

Try it out and let me know if it works for you.

Blessings!
Posted by at No comments:
Subscribe to: Comments (Atom)