Configure Oracle Identity Cloud Integrator provider

Before you begin

If automatic realm restart is enabled, you do not need to restart WebLogic Server after activating non-dynamic changes to security providers. See Enable automatic realm restart and Using Automatic Realm Restart.
The connection to Oracle Identity Cloud Service may require TLS/SSL. If you enable TLS/SSL, configure host name verification using the wildcarded host name verifier. See Configure a custom host name verifier. Consult your Oracle Identity Cloud Service administrator for any additional configuration requirements.

You use the Oracle Identity Cloud Integrator provider to access users, groups, and Oracle Identity Cloud Service application roles stored in the Oracle Identity Cloud Service. The Oracle Identity Cloud Integrator provider combines authentication and identity assertion in a single provider. You can authenticate using username and passwords or Oracle Identity Cloud Service identity tokens.

Note that each security realm must have one at least one Authentication provider configured. The Control Flag attribute determines how the LoginModule for each Authentication provider is used in the authentication process. See Set the JAAS control flag

If the Oracle Identity Cloud Integrator provider is the only Authentication provider configured in the security realm, make sure that the Oracle Identity Cloud Service user who boots WebLogic Server is added to a group or granted a role that is assigned to the WebLogic Admin role. Otherwise, WebLogic Server cannot be booted. If the Oracle Identity Cloud Integrator provider fails to connect to Oracle Identity Cloud Service, or throws an exception, make sure the configuration settings for this provider are set correctly as described in the steps that follow.

All Authentication providers included in WebLogic Server support identity domains. In the Oracle Identity Cloud Integrator provider, the Any Identity Domain Enabled attribute is always set to true. Therefore, the provider can authenticate users who are defined in any identity domain. For more information about identity domains, see Configuring Security.

To configure the Oracle Identity Cloud Integrator provider:

If you have not already done so, in the Change Center of the Administration Console, click Lock & Edit (see Use the Change Center).
In the left pane, select Security Realms and click the name of the realm you are configuring (for example, myrealm).
Select Providers > Authenticationand click New.
The Create a New Authentication Provider page appears.
In the Name field, enter a name for the Oracle Identity Cloud Integrator provider.
From the Type drop-down list, select OracleIdentityCloudIntegrator and click OK.
Select Providers > Authentication and click the name of the new Oracle Identity Cloud Integrator provider to complete its configuration.
On the Configuration page for the Oracle Identity Cloud Integrator provider, set the desired values on the Common tab. If you are configuring multiple Authentication providers, refer to Set the JAAS control flag.
If you are configuring multiple authentication providers, set the Control Flag for each provider to correspond to the desired behavior, for example SUFFICIENT.
Select the Provider Specific tab.
In the section labeled Connection, specify the following:
- The host and port of the machine hosting the Oracle Identity Cloud Service
- The name of the tenant where users and groups reside in the Oracle Identity Cloud Service
- The credentials of the Oracle Identity Cloud Service client (Client Id and Client Secret) that WebLogic Server should use for making a connection
- The name of the client's tenant, if different than the primary tenant.
Optionally, select SSLEnabled.
Click Save.
To activate these changes, in the Change Center of the Administration Console, click Activate Changes.
Not all changes take effect immediately—some require a restart (see Use the Change Center).

Administration Console Online Help

Configure Oracle Identity Cloud Integrator provider