Configure the Oracle Identity Cloud Integrator Provider

Use Oracle Analytics Server Oracle WebLogic Server Administration Console to configure the Oracle Identity Cloud Integrator provider.

The Oracle Identity Cloud provider configuration supplies access to the required users and groups.

To configure the Oracle Identity Cloud provider, you must add the provider to the security realm and specify the configuration attributes required to enable communication between the provider and Oracle Identity Cloud Service.

Note the following list of exceptions when you use the WebLogic Server documentation to configure Oracle Identity Cloud Service as an SSO provider for Oracle Analytics Server:

  • Oracle Analytics Server can't use multiple authenticators for users. The Weblogic Server documentation states that you can have multiple authenticators, but this doesn't consider the Oracle Platform Security Services integration, which can only use SCIM or LDAP. Therefore when you use Oracle Identity Cloud Service, you can't use the virtualize=true setting.

  • SSO uses perimeter authentication. App Gateway enforces the perimater protection and then passes a valid idcs_user_assertion token to Oracle WebLogic Server for an authenticated user.

You need the configuration attributes to complete the Oracle Identity Cloud Integrator configuration. See Required Configuration Attributes.
  1. Log into Oracle Analytics Server WebLogic Server Administration Console.
  2. Click Lock and Edit.
  3. Navigate to Security Realms, then myrealm, then Providers, and then New.
  4. In the Create a New Authentication Provider dialog, go to the Name field and enter a name for the authentication provider.
  5. Go to the Type field and select OracleIdentityCloudIntegrator, and then click OK.
  6. In the Authentication Providers dialog, move the authentication provider that you created to the top row of the table.
  7. Navigate to Security Realms, then myrealm, then Providers, and then the name of the authentication provider that you created.
  8. In new authentication provider's Settings page, click the Common tab.
  9. In the Control Flag: field, select SUFFICIENT.
  10. If you're using Oracle Identity Cloud Service for authentication and not for SSO, then in the Active Types field, move both idcs_user_assertion active types from the Chosen box to the Available box.
  11. In the Settings page, click the Provider Specific tab to configure the Oracle Identity Cloud Integrator.
  12. Scroll to Connection. Select the SSLEnabled field and provide values in the following fields:
    • Host - Enter identity.oraclecloud.com.
    • Port - Enter the port used to communicate with Oracle Identity Cloud Service. In most cases you can use 443.
    • Tenant - Enter the name of the primary tenant in the Oracle Identity Cloud Service where you provisioned the OAuth client.
    • Client Id - Enter the OAuth client ID used to access the Oracle Identity Cloud Service identity store.
    • Client Secret - Enter the OAuth Client Secret (password) used to generate access tokens.
    • Confirm Client Secret - Reenter the OAuth Client Secret (password).
    • Client Tenant - (Optional) Enter the name of the OAuth Client tenant where the Client Id resides. This attribute isn't required if the Client tenant is the same as the primary tenant.
  13. Click Save.
  14. To change the idstore from ldap to scim, open Oracle Analytics Server and go here to open the jps-config.xml file
    DOMAIN_HOME/bi/config/fmwconfig/jps-config.xml
  15. Locate <serviceInstanceRef ref="idstore.ldap"/> and change .ldap to .scim.
  16. Click Activate changes.