1. Using Oracle WebLogic Server for OCI
  2. Manage a Domain
  3. Add IDCS After Creating a Domain

Add IDCS After Creating a Domain

After you create a domain, you can add Oracle Identity Cloud Service (IDCS) to your Oracle WebLogic Server for OCI instance.

Note:

This procedure applies to domains that are created from November 2021 (Release 21.4.2) onwards. For previous releases, contact Support.
Prerequisites:
  • Create a confidential application in IDCS to use IDCS for authentication in the domain. You will need the client ID and client secret for this confidential application. See Create a Confidential Application.
  • An OCI secret with the IDCS client secret value in the tenancy. Create Secrets for Passwords. Copy the Secret OCID.
  • At the root compartment level, create an OCI policy with the following policy statement:
    Allow dynamic-group <service-prefix>-wlsc-principal-group to read secret-bundles in tenancy where target.secret.id ='<secret-ocid>'

    Where, <secret-ocid> is the OCI secret that you obtained in the previous step.

  • Add a Load Balancer, if not already configured. See Add a Load Balancer.

Complete the following steps to add IDCS to your domain:

  1. Create a JSON file that contains the following information:
    {
  "is_idcs_selected" : "true",
  "idcs_host" : "<Domain name to access IDCS> (typically, identity.oraclecloud.com)",
  "idcs_port" : "443",
  "idcs_tenant" : "<IDCS Instance ID> (format is idcs-<GUID>)",
  "idcs_client_id" : "<Client ID of the confidential application in IDCS>",
  "idcs_client_secret_ocid" : "<Client secret of the confidential application>",
  "idcs_cloudgate_port" : "9999",
  "idcs_cloudgate_docker_image_tar" : "/u01/zips/APP-GATEWAY/21.2.2/appgateway-21.2.2-2105050509.tar.gz",
  "load_balancer_id" : "<OCID of the Load Balancer>",
  "lbip" : "<IP address of the Load Balancer>"
}

    In the JSON file, use the client ID and client secret that you created for the confidential application. See Prerequisites.

  2. Log in as a root user to the Administration server.
  3. Save the JSON file to an accessible location.
  4. Run the following command to verify if a Podman is available and displays the status as loaded: 
    systemctl status podman
  5. Run the following command: 
    python3 /opt/scripts/idcs/configure_idcs.py <json-file-location>
  6. Log in to each of the nodes and complete step 3 through step 5:
  7. If the domain is a JRF domain, then add the OPSS SCIM template to the domain.
    1. Change to the oracle user.
      sudo su - oracle
    2. Run the following commands only on the VM where the Administrator server is running:
      /u01/app/oracle/middleware/oracle_common/common/bin/wlst.sh
readDomain("/u01/data/domains/<domain_name>")
addTemplate("/u01/app/oracle/middleware/oracle_common/common/templates/wls/oracle.opss_scim_template.jar")
updateDomain()
closeDomain()
exit()
  8. Restart the Administration server
  9. If the domain is a JRF domain and you added the OPSS SCIM template, then restart the managed servers.