Integrate Applications with Oracle Identity Cloud Service

Integrate your application by using the best option for your enterprise. Each integration method has its own procedure. In most cases, you have to change the configuration of the application being integrated, and you have to register the application in the Oracle Identity Cloud Service console.

Use App Catalog to Integrate Applications

Using the integration templates, you can register your applications in Oracle Identity Cloud Service and configure SSO for your applications.

Here’s how to integrate your application with Oracle Identity Cloud Service by using the App Catalog:

1. Register your application in the App Catalog by using the Oracle Identity Cloud Service administration console.
2. Download the Oracle Identity Cloud Service Metadata and save the XML file.
3. Activate your application in Oracle Identity Cloud Service.
4. Open the application console and load the Oracle Identity Cloud Service metadata into it.
5. Verify the integration to ensure that the SSO integration works from both the identity provider and the service provider.

Use WebLogic SAML Federation to Integrate Applications

Use SAML 2.0 to integrate web applications that are hosted on Oracle WebLogic Server with Oracle Identity Cloud Service. Oracle WebLogic Server supports SAML Identity Asserter as the identity assertion provider, which lets you configure Oracle WebLogic Server as a SAML service provider.

When Oracle Identity Cloud Service acts as a SAML identity provider, it provides federated SSO for applications that are hosted on Oracle WebLogic Server. Oracle WebLogic Server enforces authorization by using the group information that’s provided by Oracle Identity Cloud Service as part of the federation.

Note:

Oracle WebLogic Server does not support the full SAML 2.0 Profiles. It does not support single sign-out/logout or handle encrypted assertions in SAML. You can consider using complementary Oracle products like Oracle Identity Federation in addition to Oracle WebLogic Server or Oracle Access Manager, which includes federation.

Here’s how to integrate your application with Oracle Identity Cloud Service by using WebLogic SAML Federation:

1. Enable support for SAML in the Oracle WebLogic Server domain by configuring the WebLogic security realm and SAML service provider settings.
2. Register your application as a SAML application in Oracle Identity Cloud Service.

   As part of the application registration process, you configure and activate the application in Oracle Identity Cloud Service.

3. Download the IDCS metadata, and save the XML file.
4. Register Oracle Identity Cloud Service as the identity provider in Oracle WebLogic Server.
5. Upload the XML file that contains the Oracle Identity Cloud Service metadata to the server that hosts WebLogic.
6. Verify the integration to ensure that the SSO integration works from both the identity provider and the service provider.

Use App Gateway to Integrate Applications

Here’s how to integrate your application with Oracle Identity Cloud Service by using Oracle App Gateway:

1. Configure the Oracle App Gateway and set up the App Gateway Admin Console.
2. Configure Oracle Identity Cloud Service as an identity provider by registering the application as a client in Oracle Identity Cloud Service.

   As part of the application registration process, you configure and activate the application in Oracle Identity Cloud Service.

3. Note the client ID and client secret for integrating your application with Oracle Identity Cloud Service.
4. Configure the Oracle App Gateway with Oracle Identity Cloud Service by validating the client ID and client secret.
5. Add an application in the Oracle App Gateway and configure its settings, attributes, and policies.

Use Apache HTTP Server to Integrate Applications

Apache HTTP Server uses the mod_auth_openidc module to authenticate and authorize users against an OpenID Connect enabled identity provider. The mod_auth_openidc module is a third-party module for Apache HTTP Server. It’s also available through the package repositories of various Linux distributions. You can use the module to protect the application, and the module can pass user information from the ID token to the application as an HTTP header.

Here’s how to protect a web application hosted on Apache HTTP Server when you use Oracle Identity Cloud Service:

1. Register your application as a client in the Oracle Identity Cloud Service.

   As part of the application registration process, you configure and activate the application in Oracle Identity Cloud Service.

2. Note the client ID and client secret for integrating your application with Oracle Identity Cloud Service.
3. Install mod_auth_openidc for Apache HTTP Server.
4. Navigate to the OpenID Connect module configuration file and edit the configuration file.
5. Add the client ID, client secret, and Oracle Identity Cloud Service URL to the configuration file.

Use OAuth and OpenID Connect to Integrate Applications

Here’s how to integrate your application with Oracle Identity Cloud Service by using OAuth and OpenID Connect:

1. Register the application as a client in Oracle Identity Cloud Service.

   As part of the application registration process, you configure and activate the application in Oracle Identity Cloud Service.

2. Note the client ID and client secret for integrating your application with Oracle Identity Cloud Service.
3. Configure the application to connect with Oracle Identity Cloud Service during authentication.
4. Add the client ID, client secret, and URL of your Oracle Identity Cloud Service to the client configuration file.

Use SDKs to Integrate Applications

Oracle Identity Cloud Service's SDKs are based on industry-standard protocols and layers, such as OAuth 2.0 and OpenID Connect 1.0. You can use the SDKs to integrate your applications with Oracle Identity Cloud Service for authentication. The SDKs wrap all the REST API end point calls that the applications need to make in order to authenticate users with Oracle Identity Cloud Service.

Here’s how to integrate your application with Oracle Identity Cloud Service by using the SDK:

1. Download the SDKs from the Downloads page of the Oracle Identity Cloud Service console.
2. Extract the contents of the SDK ZIP file into the web application's library folder.
3. Register the SDK web application as a client in Oracle Identity Cloud Service.

   As part of the application registration process, you configure and activate the application in Oracle Identity Cloud Service.

4. Note the client ID and client secret for integrating your application with Oracle Identity Cloud Service.
5. Update the application code with the client ID and client secret to let it use Oracle Identity Cloud Service's SDK for the programming language.

Use Secure Form Fill to Integrate Applications

Use Secure Form Fill if your application does not support OAuth, SAML, or any other federated sign-on method.

Users enter their application credentials for your application in Oracle Identity Cloud Service only once. Oracle Identity Cloud Service stores the information in an encrypted format, and afterward automatically fills in the application sign-on form so that users don’t have to enter the information each time.

Here’s how you integrate your application with Oracle Identity Cloud Service by using the Secure Form Fill template:

1. Install the Secure Form Fill Admin Client.
2. Use the Oracle Enterprise Single Sign-On (ESSO) Administrative Console to create form-fill configuration files for your application in Oracle Identity Cloud Service. The ESSO Administrative Console is part of the Secure Form Fill Admin Client.
3. Export the form-fill configuration file that you’ll import into Oracle Identity Cloud Service when you create the application in Oracle Identity Cloud Service.
4. Create the application in Oracle Identity Cloud Service.

   Import the form-fill configuration file that you created in the ESSO Administrative Console.

5. Assign users and groups to the application, and then activate it.
6. Users must install the secure form-fill plugin in order to start the form-fill application. After it’s installed, user can access the application from the browser toolbar.