OAM 11g R2 Social Lab

Task 1 - Mobile Lab
Task 2 - Configure User Profile Service Provider
Task 3 - Configure Soial Login with Google
Task 4 - Configure OAM Domain to use Mobile and Social Login 
Task 5 - Test Social Login 

Task 1 - Mobile Lab

Go to OAM Console -> System Configuration -> Mobile and Social 
Double Click Mobile Services
Click Create under the Service Providers
"Create User Profile Service Provider"

Name : OUDUserPrfile
Description : OUD User Profile Service Provider
Attributes Section 
add a new attribute 
proxyAuth : value = false
accessControl = false
adminGroup = cn=Administrators,ou=groups,ou=myrealm
selfEdit = true

Under "Identity Directory Service" section 
Select "Create New" Radio button 
Name : OUDDirectoryService 
Description : OUD Directory
Under Repository : Select "Create New" Radio Button 
Name : OUDRepository
Directory Type : Oracle Unified Directory
Host Information 
Host Name : oam.example.com 
Port : 1389 
Bind DN = cn= Directory Manager
Bind Password : password
Base DN = dc=example,dc=com 
Object Classes = inetorgperson 
User Base DN = ou=people,dc=xample,dc=com 
Group Object Classes = groupofuniquenames
Base DN = ou=groups,dc=example,dc=com 
Click Create

Double click "Mobile Services" -> Service Profiles -> Click "Create" -> "Create User Profile Service"

Other options are "Create Authentication Service" and "Create Authorization Service" (not using)

User Profile Service
Name : OUDUserProfile
Description : UD User Profile
Service Type : User Profile Service
Service Endpoint : http(s)://host:port/oic_rest/rest/OUD
Service Provider : OUDUserProfile
Service Enabled : check 

For Users, http(s)://host:port/oic_rest/rest/OUD/people
For Groups, http(s)://host:port/oic_rest/rest/OUD/groups

Now go to , "Internet Identity Services"->"Application Profiles"->OAMApplication

Note: This prebuilt application profile (named OAMApplication) can be used directly, or used as a template to build other application profiles.  
The name of this entry must be the same as the name of the OAM application profile that you wish to enable social login for.  
This is 1-to-1 relationship 
Instead of creating a new entry matching the OAM Application Domain , we will rename the OAM Application Domain to match this default entry 

In "User Profile Service Endpoint" dropdown 
select OUD User Profile Service just created 

OAMApplication
Login Type : 
Local Authentication and Internet Identity Provider Authentication (chceck)
Internet Identity Provider Authentication only (uncheck)

Enable Browser Popup : Yes (check)
User Registration : Enabled (check)
Registration URL : https://oam:14101/oic_rp/register.jsp
UserID Attribute : mail 
User Profile Service Endpoint : /OUDUsrProfile
Authentication Service Endpoint : /oamauthentication 
Application Profile Properties 
colocated.oam = true


Now , Go to Policy Configuration -> Authentication Schemes -> TAPScheme

MatchLDAPAttribute=uid in Challenge Parameters

Task 3 - Configure Soial Login with Google

System Configuration -> OAMApplication -> Shared Secret (password)

Scroll down to bottom 
Application User Attribute Vs Internet Identity Provider User Attributes Mapping 
-> Internet Identity Provider
Facebook (uncheck)
Twitter (uncheck)
LinkedIn (uncheck)
Google (check)
Yahoo (uncheck)

Task 4 - Configure OAM Domain to use Mobile and Social Login

OAM needs to be configured to use M&S Social Authentication

Go to OAM Console _> Application Domains -> webgate11g_1 
Rename the Application Domain name from webgate11g_1 to  "OAMApplication"
Apply

Go to "Authentication Policies"-> Protected Resource Policy 
Change the Authentication Scheme to : OICScheme 

Task 5 - Test Social Login 

Make Sure System Configuration -> Access Manager -> Access Manager Settings 
Host : oam 
Port : 14101
protocol : htps

Try access http://ohs-host:7777/welcome-index.html

You get a login screen 
2 options
1. Sign in With Local Account 
2. Sign in With Other Account : Google 

Choose Google

Provide a valid google id and password 

Next screen will ask you to authorize the release of your email address and locale to OAM 
Uncheck  "Remember this approval"

Click Allow

After successful Social authentication 
you will provide Local Account Registration , carrying forward details from Google to ease registration 

Enter a password and confirm password, This password is independent from Google

Click Register

Email ID : Google's
last Name : Google's
Common Name : Provide
First Name : Google's
Login ID : Google's
Password : Provide
Confirm Password :
Display Name : Provide

You now get access to the protected resource

Next Step , Close browser, Access Again 
This time, sign in with the local account you just created 

User Name : Google's email ID
Password : Password you gave in last screen 

Comments

Popular posts from this blog

OIM 11g R2 PS2 : SOA Approval Workflow Sample

OHS 12c (12.1.3) webgate deployment and configuration

Oracle Identity Manager (OIM) Interview Questions