Pages

Friday, May 27, 2016

ForgeRock OpenAM 13 and Social Login Part 2: Google

How to easily configure Google with OpenAM 13

This is a quick guide to setting up Google as a social authentication module for OpenAM 13. Prerequisites are a working OpenAM13 environments and a google developer account. This will be needed to obtain a client ID and client secret that you will need to use when you configure the authentication module.

Obtaining a Google App ID and App Secret
Go to console.developers.google.com. Login with your google account. On the left frame, under API Manager, click on the Credentials link.



On the APIs Credentials box, click on the ‘Create credentials’ and select 'OAuth client ID’.



Select ‘Web Application’ as the Application type. Give it a name and add the openam service URL under the Authorized Javascript origins. It is also important you add the Authorized redirect URIs for OpenAM. This is http://host:port/openam/oauth2c/OAuthProxy.jsp.



If this is the first application profile you create, you will be prompted to fill in some information related to the consent screen which users will see when they are asked to authenticate using their google account.



Once the profile is complete and you click on save you will receive a pop up with the client ID and secret.



Here you will copy the Client ID as well as the Client Secret. You will need both of these when configuring Google Authentication Module on OpenAM.

Configuring OpenAM 13

Now login to the OpenAM admin console at http://host:port/openam/console
Select the realm you intend on setting up social authentication module on.

Click on Configure Social Authentication:



Click on Configure Google Authentication



Enter the Client ID and Client Secret and click Create to continue. The Redirect URL is automatically populated.



Once created you will get a success message.



Expanding on the Authentication section and clicking on Modules will show a new ‘GoogleSocialAuthentication’. In addition a new chain is also created using this new module named 'GoogleSocialAuthenticationService’.



Click on the module to look at some of the default settings.

Note in particular two settings:




With these two settings, users who successfully authenticate against Google will have a profile dynamically created in your data store. Your Google users will be pre-fixed with identifier “google-“ as shown in the attribute mapper. You can modify that here if you wish to remove or change that.

Testing Google Authentication

Simplest way to validate the Google authentication chain is to update the Authentication settings and make the chain the default Organization Configuration Chain.



Test the authentication by going to http://host:port/openam. This should automatically redirect you to the Google authentication.



Google’s consent screen will appear.



Once you allow and successfully authenticate with Google, you will be redirected back to OpenAM, have your profile dynamically created, and logged into the console where you will see your profile.



Logged in as OpenAM admin user, search under subjects for the new Google created ID, you will see which attributes were shared from Google.



And that competes the setup for the Google Authentication module for use by OpenAM 13. As with any module you don’t need to set it up as the default Authentication chain used by the realm. It can appear as an icon on the login page or you can invoke the authentication chain via REST for complete UI control.



Using REST APIs via postman client



End

24 comments:

  1. This comment has been removed by the author.

    ReplyDelete
  2. I read your blog frequently, and I just thought I’d say keep up the fantastic work! It is one of the most outstanding blogs in my opinion. pizza logo design

    ReplyDelete
  3. Your logo should put over an unmistakable message to potential clients about your business, items and administrations and in doing as such guide their basic leadership with regards to acquiring from you. logo design service

    ReplyDelete
  4. Thank you because you have been willing to share information with us. we will always appreciate all you have done here because I know you are very concerned with our. smm panels list

    ReplyDelete
  5. I personally like your post; you have shared good insights and experiences. Keep it up. social work recruitment agency

    ReplyDelete
  6. If you are looking for more information about flat rate locksmith Las Vegas check that right away. myigfollowers.com

    ReplyDelete
  7. Yes i am totally agreed with this article and i just want say that this article is very nice and very informative article.I will make sure to be reading your blog more. You made a good point but I can't help but wonder, what about the other side? !!!!!!Thanks first reseller panel

    ReplyDelete
  8. Nice to read your article! I am looking forward to sharing your adventures and experiences. ip adresim ne

    ReplyDelete
  9. I was surfing the Internet for information and came across your blog. I am impressed by the information you have on this blog. It shows how well you understand this subject. logo store

    ReplyDelete
  10. It is imperatively significant that you build up a convincing vision, qualities, reason and crucial your business that gives you the lucidity and grit to withstand the good and bad times that any business will unavoidably have.payroll singapore

    ReplyDelete
  11. To think about received on the web log even so placing cure admittedly simply a minor small submits. Gratifying way of probable potential, Were book-marking at a time risk-free versions end soars jointly. online store Australian

    ReplyDelete
  12. Thank you because you have been willing to share information with us. we will always appreciate all you have done here because I know you are very concerned with our. miniature diy doll furniture

    ReplyDelete
  13. Yes i am totally agreed with this article and i just want say that this article is very nice and very informative article.I will make sure to be reading your blog more. You made a good point but I can't help but wonder, what about the other side? !!!!!!THANKS!!!!!! Grow Followers

    ReplyDelete
  14. I was just browsing through the internet looking for some information and came across your blog. I am impressed by the information that you have on this blog. It shows how well you understand this subject. Bookmarked this page, will come back for more. opencart data entry

    ReplyDelete
  15. Took me time to read all the comments, but I really enjoyed the article. It proved to be Very helpful to me and I am sure to all the commenters here! It’s always nice when you can not only be informed, but also entertained! www.seorango.com

    ReplyDelete
  16. Really I enjoy your site with effective and useful information. It is included very nice post with a lot of our resources.thanks for share. i enjoy this post. https://sites.google.com/site/hotmailloginonline/

    ReplyDelete
  17. This is such a great resource that you are providing and you give it away for free. I love seeing blog that understand the value of providing a quality resource for free. Aegean College

    ReplyDelete
  18. Pretty good post. I just stumbled upon your blog and wanted to say that I have really enjoyed reading your blog posts. Any way I'll be subscribing to your feed and I hope you post again soon. Big thanks for the useful info. Jasa Pengiriman dari China yang Murah dan Cepat

    ReplyDelete
  19. Thank you for some other informative website. The place else may just I get that kind of information written in such a perfect method? I have a venture that I am simply now running on, and I’ve been at the glance out for such info. buy instagram likes

    ReplyDelete
  20. Truth be told, making profiles is regularly the 'most effortless' some portion of the procedure. cheapest smm panel

    ReplyDelete
  21. Social media management teams know how to optimise your online presence so breaking news that your business ranks well with search engines like Google, Bing and Yahoo. This means that new customers will be driven to your web site as they will be able to find you.

    ReplyDelete
  22. If you live in Greenville, SC and are looking for a roofing contractor to help you with your roof repair or installation look no further. We are a professional roofing company and can provide you with anything your home might need. roofer

    ReplyDelete
  23. This particular is usually apparently essential and moreover outstanding truth along with for sure fair-minded and moreover admittedly useful My business is looking to find in advance designed for this specific useful stuffs… hotmail login

    ReplyDelete