Add IDCS after Creating a Domain

After you create a domain, you can add Oracle Identity Cloud Service (IDCS) to your Oracle WebLogic Server for OCI instance.


This procedure applies to domains that are created from November 2021 (Release 21.4.2) onwards. For previous releases, contact Support.
  • Create a confidential application in IDCS to use IDCS for authentication in the domain. You will need the client ID and client secret for this confidential application. See Create a Confidential Application.
  • An OCI secret with the IDCS client secret value in the tenancy. Create Secrets for Passwords. Copy the Secret OCID.
  • At the root compartment level, create an OCI policy with the following policy statement:
    Allow dynamic-group <service-prefix>-wlsc-principal-group to read secret-bundles in tenancy where ='<secret-ocid>'

    Where, <secret-ocid> is the OCI secret that you obtained in the previous step.

  • Add a Load Balancer, if not already configured. See Add a Load Balancer.

Complete the following steps to add IDCS to your domain:

  1. Create a JSON file that contains the following information:
      "is_idcs_selected" : "true",
      "idcs_host" : "<Domain name to access IDCS> (typically,",
      "idcs_port" : "443",
      "idcs_tenant" : "<IDCS Instance ID> (format is idcs-<GUID>)",
      "idcs_client_id" : "<Client ID of the confidential application in IDCS>",
      "idcs_client_secret_ocid" : "<Client secret of the confidential application>",
      "idcs_cloudgate_port" : "9999",
      "idcs_cloudgate_docker_image_tar" : "/u01/zips/APP-GATEWAY/21.2.2/appgateway-21.2.2-2105050509.tar.gz",
      "load_balancer_id" : "<OCID of the Load Balancer>",
      "lbip" : "<IP address of the Load Balancer>"

    In the JSON file, use the client ID and client secret that you created for the confidential application. See Prerequisites.

  2. Log in as a root user to the Administration server.
  3. Save the JSON file to an accessible location.
  4. Run the following command to verify if a Docker Engine is available and displays the status as loaded:
    systemctl status docker
  5. Run the following command:
    python3 /opt/scripts/idcs/ <json-file-location>
  6. Log in to each of the nodes and complete step 3 through step 5:
  7. If the domain is a JRF domain, then add the OPSS SCIM template to the domain.
    1. Change to the oracle user.
      sudo su - oracle
    2. Run the following commands only on the VM where the Administrator server is running:
  8. Restart the Administration server
  9. If the domain is a JRF domain and you added the OPSS SCIM template, then restart the managed servers.