02 Jul 2018 →
This post is an update to this original overview, which details configuring SQL Developer to perform RADIUS authentication on MacOS. This updated post contains newer versions numbers and simpler instructions.
1. Install instantclient
Download instantclient 126.96.36.199.0 from Oracle.
You’ll only need the basic package. Unzip this package and place it in an accessible location.
I install my instant client in
~/lib/instantclient_12_2. You can install yours
wherever you like.
Homebrew users: the Homebrew packages available strip out the
.jar files which
confuses SQL Developer; download this library directly from Oracle.
The OCI driver properties can be configured via a special file called
sqlnet.ora. The property
we’re interested in is SQLNET.AUTHENTICATION_SERVICES.
sqlnet.ora file and place it in a directory you’ll reference later as
TNS_ADMIN. I put mine alongside the
instantclient directory in step 1:
Make sure the
sqlnet.ora file has an entry for
3. Mangle the java.library.path property
Modern MacOSes—version 10.11 (El Capitan) and newer—have a feature called System Integrity Protection (SIP)
which ignores the
DYLD_LIBRARY_PATH environment variable. This is how the instantclient path
is typically revealed to SQL Developer. SQL Developer still looks at this environment variable even though we
can no longer use it. It’s simply not an option for setting this path.
Instead we can clobber the
java.library.path via a not-so-invasive configuration file,
Open this file and set
java.library.path to your instantclient path (the one you chose in step 1) at the very bottom.
If you chose the same location I did, yours should look like this (replace
<YOUR_USERNAME> with your username):
4. Set the TNS_ADMIN path for GUI applications
You must set the TNS_ADMIN environment variable to make this work. Note that this needs to be set in
the GUI environment via
launchctl—simply setting the environment variable
in a terminal will not work. Unfortunately, values set via
launchctl don’t persist between sessions
(if you logout or restart, the value is lost).
In order to set this value upon start, we’ll create the file
SQL Developer uses this file to set environment variables upon startup.
Create/open this file and add a reference to your
launchctl setenv TNS_ADMIN /Users/<YOUR_USERNAME>/lib
TNS_ADMIN should point to a directory—not a file.
4. Configure SQL Developer to use OCI
Now, fire up SQL Developer. Navigate to Oracle SQL Developer > Preferences and choose Database > Advanced:
Check the Use Oracle Client and Use OCI/Thick driver checkboxes.
Then, click Configure and enter the location of your instantclient:
Make sure you change the Client type to
You may click the Test button here if you want, though I’ve found that its output is not always useful (failures here do not necessarily indicate a broken configuration).
In SQL Developer, go to Oracle SQL Developer > About Oracle SQL Developer. Click on the Properties tab
and search for the
sqldeveloper.oci.available property. If the value is
true, everything is set up correctly.
You should now be able to authenticate using RADIUS!