Before you begin
You use the Oracle Identity Cloud Integrator provider to access users, groups, and Oracle Identity Cloud Service application roles stored in the Oracle Identity Cloud Service. The Oracle Identity Cloud Integrator provider combines authentication and identity assertion in a single provider. You can authenticate using username and passwords or Oracle Identity Cloud Service identity tokens.
Note that each security realm must have one at least one Authentication provider configured. The Control Flag attribute determines how the LoginModule for each Authentication provider is used in the authentication process. See Set the JAAS control flag
If the Oracle Identity Cloud Integrator provider is the only Authentication provider configured in the security realm, make sure that the Oracle Identity Cloud Service user who boots WebLogic Server is added to a group or granted a role that is assigned to the WebLogic Admin role. Otherwise, WebLogic Server cannot be booted. If the Oracle Identity Cloud Integrator provider fails to connect to Oracle Identity Cloud Service, or throws an exception, make sure the configuration settings for this provider are set correctly as described in the steps that follow.
All Authentication providers included in WebLogic Server support identity domains. In the Oracle Identity Cloud Integrator provider, the Any Identity Domain Enabled attribute is always set to true. Therefore, the provider can authenticate users who are defined in any identity domain. For more information about identity domains, see Configuring Security.
To configure the Oracle Identity Cloud Integrator provider:
The Create a New Authentication Provider page appears.
If you are configuring multiple authentication providers, set the Control Flag for each provider to correspond to the desired behavior, for example SUFFICIENT.