3.3.1 Use Oracle IAM as Identity Provider

You can use Oracle IAM as identity provider to manage access to your application.

1. In the Oracle Cloud Infrastructure console, add your application as a confidential application. See Adding a Confidential Application in Oracle Cloud Infrastructure documentation.
   

   While adding a confidential application, perform the following tasks:

   1. On the Configure OAuth pane, under Resource server configuration, click Skip for later.
   2. On the Configure OAuth pane, click Configure this application as a client now, and then select the following options:
      • Resource owner
      • Client credentials
      • JWT assertion
      • Refresh token
      • Authorization code
      • Allow HTTP URLs: Optional. Select this option only if you want to add a redirect URL without HTTPS. If you don't select this option, only HTTPS URLs are supported.
      • Add Redirect URL: Enter the application URL where the user is redirected after authentication.
   3. Skip web tier policy configuration.
   The application is created.
2. Click Activate to activate the application.
3. Under General Information, note down the values for Client ID and Client secret.
4. Click Users, and then assign users to the application. See Assigning Users to Custom Applications in Oracle Cloud Infrastructure documentation.
5. Open the navigation menu and click Identity & Security. Under Identity, click Domains. Select the identity domain you want to work in.
   The Domain information tab of the identity domain is displayed.
6. From this tab, copy the Domain URL. For example, https://idcs-a83e4de370ea4db1b8c703a0b742ce74.identity.oraclecloud.com. You'll need this information while running the Discovery URL.
7. Enable client access for the signing certificate. By default, access is restricted to only the signed-in users. To access this certificate in Docker, Kubernetes, and Istio, you must enable client access.
   1. Select the identity domain you want to work in and click Settings and then Domain settings.
   2. Turn on the switch under Access Signing Certificate to enable clients to access the tenant signing certificate without logging in to IAM.
   3. Click Save to save the default settings.
   4. To check if you can access the certificate without logging in, type the following link in a new browser window.

      https://<yourtenant>.identity.oraclecloud.com/admin/v1/SigningCert/jwk

      Where, <yourtenant> are the details of your Oracle Cloud Infrastructure tenancy.

      You should be able to open the link without logging in to Oracle Cloud Infrastructure.