Oracle Identity Cloud Integrator provider has to be configured in JCS Admin console if you have a requirement to login to your application OR Weblogic console using IDCS Users.
As a pre-requisite, we need to create an OAuth client in IDCS:
Login to IDCS console -> Applications -> Add Application -> Confidential Application:
Name:<Any_name> -> Next
Select "Configure this application as a client now"
Allowed Grant Types: Client Credentials
Scroll down and click on +Add icon below "Grant the client access to Identity Cloud Service Admin APIs" :
Choose "Identity Domain Administrator" from the list and click on Add:
Skip the next section (Expose APIs to Other Applications):
Skip the next section (Web Tier Policy):
Select "Enforce Grants as Authorization" in the next section and Finish.
Make a NOTE of the "Client ID" and "Client Secret" from the pop window:
Close the pop-up window -> Save
Activate -> Activate application:
Go to Users tab and add users to this application:
If you have a requirement to log in to Weblogic Admin console using IDCS Users, then you need to create a group in IDCS called "Administrators" and assign this user to that group:
Let's configure "Oracle Identity Cloud Integrator provider" in Weblogic Admin console:
Login to Weblogic console -> Security Realms -> myrealm -> Providers -> OracleIdentityCloudIntegrator:
Make sure that the ControlFlag for DefaultAuthenticator is set to either "Sufficient" OR "Optional"
Click on the newly created IDCS provider -> ProviderSpecific tab and update the following:
SSL Enabled: Check
Confirm Client Secret:
Login to IDCS console -> About page to get the above information:
Cloud Account name is of the format: https://xxx.identity.oraclecloud.com:443
Update the Info in IDCS provider accordingly:
Instance GUID is: idcs-xxxx
Update this info in IDCS provider:
You can get the ClientId and ClientSecret from the application that you created in IDCS
Save the changes.
Restart JCS Instance.
Now login to Weblogic Admin console using IDCS user.
NOTE: Unlike other external LDAP configuration you will not be able to see the list of IDCS Users in the Security Realms -> myrealm -> Users and Groups tab.