1. Migrating Oracle Java Cloud Service on OCI-C to Oracle WebLogic Server for OCI Using tar
  2. Migrate an Instance
  3. Migrate IDCS

Migrate IDCS

The Oracle Identity Cloud Service (IDCS) confidential application created by Oracle WebLogic Server for OCI must replace the IDCS application created for Oracle Java Cloud Service.

Complete the following steps:

  1. Update the client and secret in the IDCS authentication provider.
    1. From the IDCS console, expand the Navigation Drawer, and then click Applications.
    2. Click the enterprise application associated with your domain.

      The name of the application is: <stack>_confidential_idcs_app_<timestamp>

      Example: myweblogic_confidential_idcs_app_2019-08-01T01:02:01.123456.

    3. Click the Configuration tab.
    4. Retrieve the Client ID and Client Secret values.
    5. Use the WebLogic Server Administration Console to update the client and secret in the IDCS authentication provider:
      1. Log in to WebLogic Server Administration Console.

        See Access the WebLogic Console in Using Oracle WebLogic Server for OCI.

      2. Navigate to security realms.
      3. Select the realm. By default this is myrealm.
      4. Click on the Providers tab.
      5. Select IDCSIntegrator.
      6. Click on the Provider Specific tab.
      7. Click Lock and Edit.
      8. Change the Client Id and Client Secret to the values retrieved from the IDCS confidential application.
  2. Add the Cloudgate role.

    The IDCS confidential application created for the Oracle WebLogic Server for OCI instance sets up a more restrictive default role, Authenticator Client, than is set up in Oracle Java Cloud Service. To keep the same level of permissions so that the Enterprise Manager Fusion Middleware Control console, update the client application to add the Cloud Gate role. See Integrate OPSS User and Group APIs with Identity Cloud Service.

  3. Restart the WebLogic Server processes on the Oracle WebLogic Server for OCI instance:
    1. As an opc user, log in to the Administration VM in the instance and run the following command:
      sudo su - oracle
/opt/scripts/restart_domain.sh
# run jps to confirm that the processes are running.
jps
    2. As an opc user, log in to the each non-administration VM in the instance and run the following command:
      sudo su - oracle
/opt/scripts/restart_domain.sh
# run jps to confirm that the processes are running.
jps
  4. Move any protected paths.

    If you set up any server context paths to be protected by IDCS, then you must migrate them. See Migrate Oracle Identity Cloud Service Roles and Policies.