Integrate OPSS User and Group APIs with Identity Cloud Service

Update your domain's confidential application in Oracle Identity Cloud Service to support the user and group lookup APIs in Oracle Platform Security Services.

This configuration is applicable only for domains that you created with Oracle WebLogic Server for OCI, and that meet all of these requirements:

All JRF-enabled domains include Oracle Platform Security Services (OPSS), which provides an abstraction layer in the form of APIs that insulates developers from security and identity management implementation details. For example, developers do not need to know the details of accessing the security repository or managing keys and certificates. See Introduction to Oracle Platform Security Services in Securing Applications with Oracle Platform Security Services.

A domain that uses Oracle Identity Cloud Service is associated with a confidential application, which grants WebLogic Server one or more Oracle Identity Cloud Service client roles. By default, this confidential application has a single role, Authenticator Client, which enables Java applications to use the OPSS authentication APIs. If your Java applications use the OPSS APIs to look up user and group information, then you must add more roles to the confidential application. See AppRole Permissions in REST API for Oracle Identity Cloud Service.


Oracle recommends that you secure Java applications that access user and group information, to ensure they are accessed only by authorized users.
  1. Access the Oracle Identity Cloud Service console.
  2. From the navigation menu, click Applications.
  3. Click the confidential application that was created for your domain.
  4. Click the Configuration tab.
  5. Under Client Configuration, locate Grant the client access to Identity Cloud Service Admin APIs, and then click Add.
  6. Select one or more roles.
    Role Allowed Operations
    Cloud Gate Query users
    User Administrator Query and manage users and groups
    Identity Domain Administrator Access to all Identity Cloud Service operations
  7. Click Add.
  8. Click Save.