Integrate OPSS User and Group APIs with Identity Cloud Service
Update your domain's confidential application in Oracle Identity Cloud Service to support the user and group lookup APIs in Oracle Platform Security Services.
This configuration is applicable only for domains that you created with Oracle WebLogic Server for OCI, and that meet all of these requirements:
- Is JRF-enabled
- Uses Oracle Identity Cloud Service for authentication. See Access the Sample Application Using Identity Cloud Service.
All JRF-enabled domains include Oracle Platform Security Services (OPSS), which provides an abstraction layer in the form of APIs that insulates developers from security and identity management implementation details. For example, developers do not need to know the details of accessing the security repository or managing keys and certificates. See Introduction to Oracle Platform Security Services in Securing Applications with Oracle Platform Security Services.
A domain that uses Oracle Identity Cloud
Service is associated with a confidential application, which grants WebLogic Server one
or more Oracle Identity Cloud
Service client roles. By default, the confidential application for a JRF domain is
created with the Authenticator Client and Cloud
Gate roles, which enable Java applications to use the OPSS
authentication APIs.
Note:
For a non-JRF domain, the confidential application has a single role,Authenticator Client.
Depending on the access required by your Java applications, you may need to add more roles to the confidential application. See AppRole Permissions in REST API for Oracle Identity Cloud Service.
Note:
Oracle recommends that you secure Java applications that access user and group information to ensure that they are accessed only by authorized users.