Create Generic SCIM application in Oracle IAM

You can use the following SCIM applications:

• GenericScim - Basic : uses user credentials
• GenericScim - Bearer Token : uses Token generated from OFSAA application. To create a token, refer to Creating the Instance Access Token in the Oracle Financial Services Analytical Applications Infrastructure User Guide.

To create GenericScim basic application:

1. Click Integrated Application > Add Application > Application Catalog, to access the list of applications present in Oracle IAM.

   Figure 12-3 Application Catalog

   
   

   

   
   
2. Select GenericScim – Basic in IAM console.
3. Select Configure Provisioning > Enable provisioning option and enter the following details:
   • Hostname: <OFSAA_Webserver_IP>
   • Base URL: /<context_name>/rest-api/v1/scim
   • Adminstrator Username: SYSADMN
   • Administrator Password: <password>
4. Perform the Test Connectivity:
   1. For Weblogic WebServer:

      Set the enforce-valid-basic-auth-credentials flag to False, in /domains/{weblogic_domain_name}/config/config.xml file within the <security-configuration> tag:

      <enforce-valid-basic-auth-credentials>false</enforce-valid-basic-auth-credentials>

      After setting the flag, restart all the servers in the domain.

   2. If your OFSAA application is not HTTPS and Port is not 443, execute the following PATCH request:

      URL: {{IDCS-HOST}}/admin/v1/Apps/{{SCIM-APP-ID}}
               Authorization : OAuth 2.0 [Client-Credentials]
               Json_body : { 
                   "schemas": [ 
                          "urn:ietf:params:scim:api:messages:2.0:PatchOp"
                   ], 
                      "Operations": [
                          { "op": "replace",
                            "path": 
                                  "urn:ietf:params:scim:schemas:oracle:idcs:extension:managedapp:App:bundleConfigurationProperties[name eq \"sslEnabled\"].value", 
                                      "value": [ "false"] --false, if OFSAA runs on HTTP 
                                     }, {
                                            "op": "replace",
                                            "path": 
                                                  "urn:ietf:params:scim:schemas:oracle:idcs:extension:managedapp:App:bundleConfigurationProperties[name eq \"port\"].value", 
                                                      "value": [ "4488"] –-WebServer Port of OFSAA application
                                         } 
                                  ] 
                          } 

5. Click Test Connectivity. A confirmation message is displayed when the connection is established successfully.
6. Select Configure Attribute Mapping and use the default values.
7. Select Provisioning Operations and enable all options except Authoritative sync.
8. Select Enable Synchronization option, to synchronize the users and groups present in OFSAA to Oracle IAM.
9. Select Configure synchronization, and select the following details:
   • User identifier: Username
   • Application identifier: name
   • When exact match is found: Link and Confirm
   • Synchronization Schedule: Never [If required, schedule it]
10. Click Save Changes and activate the application.

Refer to Use the SCIM Interface to Integrate Oracle Identity Cloud Service with Custom Applications for more information.