Deep dive into various configurations with Oracle Weblogic Server

Steps to configure Oracle Identity Cloud Integrator provider with Java Cloud Service(JCS)

Puneeth Prakash
Principal Software Engineer

Oracle Identity Cloud Integrator provider has to be configured in JCS Admin console if you have a requirement to login to your application OR Weblogic console using IDCS Users.

As a pre-requisite, we need to create an OAuth client in IDCS:

Step 1:

Login to IDCS console -> Applications -> Add Application -> Confidential Application:

Name:<Any_name> -> Next

Select "Configure this application as a client now"

Allowed Grant Types: Client Credentials

Scroll down and click on +Add icon below "Grant the client access to Identity Cloud Service Admin APIs" :

Choose "Identity Domain Administrator" from the list and click on Add:

Skip the next section (Expose APIs to Other Applications):

Skip the next section (Web Tier Policy):

Select "Enforce Grants as Authorization" in the next section and Finish.

Make a NOTE of the "Client ID" and "Client Secret" from the pop window:

Close the pop-up window -> Save

Activate -> Activate application:

Go to Users tab and add users to this application:

If you have a requirement to log in to Weblogic Admin console using IDCS Users, then you need to create a group in IDCS called "Administrators" and assign this user to that group:

Step 2:

Let's configure "Oracle Identity Cloud Integrator provider" in Weblogic Admin console:

Login to Weblogic console -> Security Realms -> myrealm -> Providers -> OracleIdentityCloudIntegrator:

Make sure that the ControlFlag for DefaultAuthenticator is set to either "Sufficient" OR "Optional"

Click on the newly created IDCS provider -> ProviderSpecific tab and update the following:



SSL Enabled: Check


Client Id:

Client Secret:

Confirm Client Secret:

Login to IDCS console -> About page to get the above information:

Cloud Account name is of the format: https://xxx.identity.oraclecloud.com:443

Update the Info in IDCS provider accordingly:
Host: identity.oraclecloud.com
Port: 443

Instance GUID is: idcs-xxxx

Update this info in IDCS provider:
Tenant: idcs-xxxx

You can get the ClientId and ClientSecret from the application that you created in IDCS

Save the changes.

Restart JCS Instance.

Now login to Weblogic Admin console using IDCS user.

NOTE: Unlike other external LDAP configuration you will not be able to see the list of IDCS Users in the Security Realms -> myrealm -> Users and Groups tab.



Join the discussion

Comments ( 1 )
  • Vikash Tuesday, September 10, 2019
    Thanks Puneeth for one more great article on JCS. In the last Step, just restarting the Weblogic will solve the purpose rather than restarting the JCS instance itself.
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.