Adding IDCS as external authorization server for wM API gate way

I am trying to configure IDCS (Oracle Identity Cloud Service) as external authrization server in api gateway 10.7
I followed steps provided in the below link :

I provided Remote introspection details, Metadata and scope.
When I test the external auth server, I do not see any success/ failure message.
But when I make a request from postman, I am getting unauthorized error.
Where to see and understand the error - api gateway not able to connect to IDCS server for authentication but what is causing error?

Hi team,
I understand IDCS as Authentication Service implements standard OpenID Connect (OIDC) 3-legged User Authentication flows on top of the standard OAuth2 protocol.
below are the options needed in api gatewate for adding external authorization server .
image

In Introspection local is used for Open id and for any type that supports JWKS.
Remote Introspection is to validate token at auth 2.0 server end.
Now how to configure IDCS which supports Open id on top of oauth.
Kindly help step by step process to configure IDCS in api gateway.

Typically, Open ID Connect comes with a discovery URL. Find out the discovery URL for IDCS (Oracle Identity Cloud Service)

hi @srikanth.prathipati1803 , Yes I have discovery url , I see below when I click discover.


This metadata url has all configuration details.

API GW not able to fetch details. When I try to add I see below.

Then I started entering details manually, IDCS has oauth 2.0 on top of the open ID connect.
I gave below details for now along with scope. I do not see any error but when I test the connection, nothing pops up (success, error etc.)

The given meta data url has many details and where to fill these details. It says local or remote introspection but meta data url has details issuer and jwks_uri for local and introspection_endpoint for remote.

I have a change to provide all these details under provider section and this provider can be enabled only for dynamic client registration and oracle says we do not need it and gave us client id and client secret
image

Kindly suggest.

Thanks & Regards,
Vaishnavi. S
Senior webMethods Developer.

This should not happen. Is this cloud or on-premises?
If its on-premises, please do check the proxy server.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.