Configure TLS/SSL for the Oracle Identity Cloud Integrator Provider

The Oracle Identity Cloud Integrator provider supports one-way SSL. To secure the connection using TLS/SSL, you need to establish trust between Oracle WebLogic Server and Oracle Identity Cloud Service.

To do this, you may need to obtain the Oracle Identity Cloud Service SSL certificate and import it into the Oracle WebLogic Server trust store.

In most cases you don't need to import the certificate because Oracle Weblogic Server trusts the Oracle Identity Cloud Service certificate. Oracle Identity Cloud Service contains a certificate signed by a well-known certificate authority (CA) such as Symantec, and your WebLogic domain is using Java Standard Trust.

However, you should use this procedure if you need to configure Oracle Weblogic Server to accept certificates that use wildcards. Or if your domain is configured for custom trust, you may need to import the Intermediate CA and root CA certificates into your trust store, regardless of whether Oracle Identity Cloud Service is using a well-known CA.

1. To configure TLS/SSL, go to the Oracle Identity Cloud Integrator provider and set the SSLEnabled attribute to true. Then set the idcsPort attribute to the appropriate SSL port for Oracle Identity Cloud Service.
2. To configure host name verification in Oracle WebLogic Server using the wild card host name verifier to allow WebLogic Server to accept certificates containing wildcards, open the DOMAIN_HOME/bin/setDomainEnv.sh script.
3. In the setDomainEnv.sh script, navigate to the EXTRA_JAVA_PROPERTIES section, and add this property:
   -Dweblogic.security.SSL.hostnameVerifier=weblogic.security.utils.SSLWLSWildcardHostnameVerifier
4. Restart Oracle Weblogic Server.