Thursday, May 26, 2016

ForgeRock OpenAM13 and Social Login Part:1 FaceBook

How to easily configure FaceBook with OpenAM 13

This is a quick guide to setting up FaceBook as social authentication modules for OpenAM 13. Prerequisites are a working OpenAM 13 environment. The other prerequisite is to have a developer account with Facebook.  These will be needed to obtain a clientID and client Secret that you will need to use when you configure the authentication modules.

Obtaining a Facebook ClientID and Secret
Go to You might need to sign up to get access. Once authenticated click on the My Apps button next to your profile picture.

Next click on ‘Add a New App'

Select Website

You will need to enter an App Name as well as the Site URL. Note that an AppID will be assigned as part of the script that is supplied. This AppID will be shows again in next step, so no need to copy it yet. Click Next and continue. Click on the newly created application from the dashboard.

Here you will copy the App ID as well as the App Secret. You will need both of these when configuring FaceBook Authentication Module on OpenAM.

Configuring OpenAM 13

Now login to the OpenAM admin console at http://host:port/openam/console
Select the realm you intend on setting up social authentication module on.

Click on Configure Social Authentication:

Click on Configure FaceBook Authentication

Enter the FaceBook App ID and App Secret and click Create to continue. The Redirect URL is automatically populated.

Once created you will get a success message.

Expanding on the Authentication section and clicking on Modules will show a new ‘FacebookSocialAuthentication’ module. In addition a new Chain is also created using this new module named FaceBookSocialAuthenticationService.

Click on the module to look at some of the default settings.

Note two particular settings:

With these two settings, users who successfully authenticate against FaceBook will have a profile dynamically created in your data store. Your Facebook users will be pre-fixed with the identifier "facebook-“ as shown in the attribute mapper. You can modify it here if you which to remove or change that.

Testing Facebook Authentication

Simplest way to validate the Facebook authentication chain is to update the Authentication settings and make the chain the default Organization Configuration chain.

Test the authentication by going to http://host:port/openam. This should automatically redirect you to the FaceBook authentication.

Facebook will require you to consent to sharing some profile info

Once you are successfully authenticated at FaceBook you will be redirected back to OpenAM, have your profile dynamically created and logged into the console where you see your profile.

Logged in as the OpenAM admin user, if you search under subjects for the new Facebook created ID, you will see which attributes were shared from FaceBook.

And thats pretty much all it takes to setup the FaceBook authentication module for use by OpenAM. Of course you don’t need to set it up as the default Authentication chain used the the realm. It can simply appear as a icon on the login page. You can also access the authentication chain via REST to completely customize your user authentication look and feel.

Via REST using Postman



  1. Besides having opportunity to know a lot of people in a fast and easy way, social media also helped teenagers who have social or physical mobility restrictions to build and maintain relationships with their friends and families. new social media site Obama campaign had made 5 million "friends" on more than 15 social networking sites (3 million friends on Facebook itself) and posted nearly 2,000 YouTube videos which were watched over 80 million times.

  2. In spite of the fact that it appears to be anything but difficult to sit for the tests, considering and planning is serious and capabilities to apply are stringent.ExcelR PMP Certification

  3. Wow! Such an amazing and helpful post this is. I really really love it. It's so good and so awesome. I am just amazed. I hope that you continue to do your work like this in the future also first reseller panel

  4. I think this is an informative post and it is very useful and knowledgeable. therefore, I would like to thank you for the efforts you have made in writing this article. piknow