Integrate OPSS User and Group APIs with Identity Cloud Service
Update your domain's confidential application in Oracle Identity Cloud Service to support the user and group lookup APIs in Oracle Platform Security Services.
This configuration is applicable only for domains that you created with Oracle WebLogic Server for OCI, and that meet all of these requirements:
- Is JRF-enabled
- Uses Oracle Identity Cloud Service for authentication. See Access the Sample Application Using Identity Cloud Service.
All JRF-enabled domains include Oracle Platform Security Services (OPSS), which provides an abstraction layer in the form of APIs that insulates developers from security and identity management implementation details. For example, developers do not need to know the details of accessing the security repository or managing keys and certificates. See Introduction to Oracle Platform Security Services in Securing Applications with Oracle Platform Security Services.
A domain that uses Oracle Identity Cloud
Service is associated with a confidential application, which grants WebLogic Server one or more Oracle Identity Cloud
Service client roles. By default, this confidential application has a single role, Authenticator Client
, which enables Java applications to use the OPSS authentication APIs. If your Java applications use the OPSS APIs to look up user and group information, then you must add more roles to the confidential application. See AppRole Permissions in REST API for Oracle Identity Cloud Service.
Note:
Oracle recommends that you secure Java applications that access user and group information, to ensure they are accessed only by authorized users.